Barebox starting from 2019.02 no longer ships flex/bison generated
parser. Add conditional kconfig dependencies, same as we did for kernel
and uboot.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security vulnerability:
CVE-2019-13045: Use after free when sending SASL login to the server found
by ilbelkyr
For more details, see the advisory:
https://irssi.org/security/html/irssi_sa_2019_06/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Currently, foo-depends only builds build dependencies. This means that
download and extract dependencies are not built.
First, but a minor point, this is inconsistent with foo-show-depends,
which does display all dependencies:
$ make host-gzip-show-depends
host-skeleton host-tar
$ make host-gzip-depends
# Only host-skeleton is built and installed
Second, and more important, it makes it more difficult to preapre a
debug build, like so:
$ make foo-depends
$ tar cf output.tar output
$ make foo
# bummer, broken
# edit foo.mk to try and fix it
$ rm -rf output; tar xf output.tar
# rince and repeat
Change foo-depends so that it really builds all the dependencies for
foo, bringing it on-par with foo-show-depends.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Commit 4102db0f7 (package/libglib2: bump to version 2.60.3) did convert
libglib2 over to meson. In doing so, it left a very corner-case along.
When the target is an ARM CPU and the build is in thumb mode, then we
want to ensure that libglib2 is still built in arm mode (because of
inline asm).
But with meson, CFLAGS from the environment are passed to the host
compiler, so the build breaks, and the meson log contains:
Appending CFLAGS from environment: '-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -marm'
No LDFLAGS in the environment, not changing global flags.
No CPPFLAGS in the environment, not changing global flags.
Sanity testing C compiler: cc
Is cross compiler: False.
Sanity check compiler command line: cc -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -marm [...]/build/libglib2-2.60.4/build/meson-private/sanitycheckc.c -o [...]/build/libglib2-2.60.4/build/meson-private/sanitycheckc.exe
Sanity check compile stdout:
-----
Sanity check compile stderr:
cc: error: unrecognized command line option ‘-marm’; did you mean ‘-mabm’?
-----
meson.build:1:0: ERROR: Compiler cc can not compile programs.
Fix that by using the new per-package CFLAGS feature of the meson infra.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
libglib2 uses a very crude and error-prone way to detect the intl
functions, which basically fails when the C library is not glibc.
There is a bug report about this in upstream meson [1], but it doesn't
seem to get any progress. Fixing that properly in Buildroot looks
complicated.
Now that a meson package can specify its LDFLAGS, use that to pass the
infrastructure-provided TARGET_NLS_LIBS to link with.
Fixes:
http://autobuild.buildroot.org/results/f0d/f0d85d76786343d767fba9c7c5c01f042ecfc018/
[...]
[1] https://github.com/mesonbuild/meson/issues/3740
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Meson does not allow to pass CFLAGS/LDFLAGS/CXXFLAGS via the environment
or via command-line arguments or options (instead, those flags from the
environment are passed to the host compiler, which is seldom what we
need). The only way to pas those flags is via the cross-compilation.conf
file.
Add LIBFOO_CFLAGS, LIBFOO_LDFLAGS and LIBFOO_CXXFLAGS variables to allow
packages to provide their own flags, possibly overriding the generic
ones entirely, as we allow for other infras. Those per-package flags will
then be used to generate the per-package cross-compilation.conf.
This means that the meson infra is the first and only infra for which
FOO_CFLAGS, FOO_LDFLAGS, and FOO_CXXFLAGS are meaningful, while for the
other infras, they are just variables private to the package itself.
Instead of naming those variables after the meson infra (e.g.
FOO_MESON_CFLAGS), we name them with a generic name, as maybe, just
maybe, we could also change the other infras to also recognise those
variables.
Just like for the HOST_MESON_SED_CFLAGS etc., we need to add auxiliary
variables to do convert the shell-formatted argument list into the
JSON-formatted list that meson expects. We can't use a pure-make
construct because the CFLAGS can contain quoting that needs to be
expanded by the shell. Similarly, we need a condition on the strip'ed
variable to avoid passing empty arguments.
To mimic this feature for packages that are built from the SDK, we also
install a templatised version of cross-compilation.conf, with three new
placeholders for custom flags. If a user wants to build a package that
needs custom flags, they can use that template to generate a per-package
cross-compilation.conf.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When TARGET_CFLAGS (or _LDFLAGS or _CXXFLAGS) are empty, but were
constructed by appending other variables, like:
TARGET_CFLAGS = $(SOMETHING) $(SOMETHING_ELSE)
and both variables are empty, then $(TARGET_CFLAGS) is _not_ the
null-string; it's value is a string made of a single space.
This means that the construct:
$(if $(TARGET_CFLAGS),true,false)
will in fact return 'true'.
In our case, it means that we will call:
`printf '"%s", ' `
which expands to just:
"",
which we are then happy to insert as-is in the generated
cross-compilation.conf.
Then meson, will happily call the compiler with an empty argument.
The compiler is less happy, though:
arm-none-linux-gnueabi-gcc: error: : No such file or directory
And this is not even trivial to debug either... The only clue being that
there seems to be something missing between ': :'
We fix that testing the $(strip)ed value. We can still pass the
non-$(strip) expansion, because the shell will just do it for us, and we
are then sure there is at least one non-blank word in there.
Thanks a lot to Adam for his invaluable help debugging this!
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This test case builds a native library and ensures a Java class can load
and interact with the native library. The test also verifies Java code
can make system calls via the native library.
Signed-off-by: Daniel J. Leach <dleach@belcan.com>
Acked-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Tested-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[Arnout: rebase after change of version formatting]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
A string transformation library that singularizes and pluralizes English
words, and transforms strings from CamelCase to underscored string.
Inflection is a port of Ruby on Rails' inflector to Python.
https://github.com/jpvanhal/inflection
Signed-off-by: John Faith <jfaith@impinj.com>
[Arnout: select unicodedata, add hash for license file]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security vulnerabilites:
CVE-2018-20843: In libexpat in Expat before 2.2.7, XML input including XML
names that contain a large number of colons could make the XML parser
consume a high amount of RAM and CPU resources while processing (enough to
be usable for denial-of-service attacks).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes CVE-2018-15664: API endpoints behind the 'docker cp' command are
vulnerable to a symlink-exchange attack with Directory Traversal, giving
attackers arbitrary read-write access to the host filesystem with root
privileges, because daemon/archive.go does not do archive operations on a
frozen filesystem (or from within a chroot).
And includes additional post-18.09.6 fixes:
Builder
- Fixed a panic error when building dockerfiles that contain only comments.
moby/moby#38487
- Added a workaround for GCR authentication issue. moby/moby#38246
- Builder-next: Fixed a bug in the GCR token cache implementation
workaround. moby/moby#39183
Runtime
- Added performance optimizations in aufs and layer store that helps in
massively parallel container creation and removal. moby/moby#39107,
moby/moby#39135
- daemon: fixed a mirrors validation issue. moby/moby#38991
- Docker no longer supports sorting UID and GID ranges in ID maps.
moby/moby#39288
Logging
- Added a fix that now allows large log lines for logger plugins.
moby/moby#39038
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes CVE-2018-15664: API endpoints behind the 'docker cp' command are
vulnerable to a symlink-exchange attack with Directory Traversal, giving
attackers arbitrary read-write access to the host filesystem with root
privileges, because daemon/archive.go does not do archive operations on a
frozen filesystem (or from within a chroot).
And includes additional post-18.09.6 fixes:
Builder
- Fixed a panic error when building dockerfiles that contain only comments.
moby/moby#38487
- Added a workaround for GCR authentication issue. moby/moby#38246
- Builder-next: Fixed a bug in the GCR token cache implementation
workaround. moby/moby#39183
Runtime
- Added performance optimizations in aufs and layer store that helps in
massively parallel container creation and removal. moby/moby#39107,
moby/moby#39135
- daemon: fixed a mirrors validation issue. moby/moby#38991
- Docker no longer supports sorting UID and GID ranges in ID maps.
moby/moby#39288
Logging
- Added a fix that now allows large log lines for logger plugins.
moby/moby#39038
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Buildroots autobuild identified a failure on GCC v6.2 and GCC v6.3,
producing the following warning (reported as error due to -Werror):
event_dispatcher_poll.cpp:231:13: error: types may not be defined
in a for-range-declaration [-Werror]
for (const struct pollfd &pfd : pollfds) {
^~~~~~
cc1plus: all warnings being treated as errors
A fix has been integrated upstream, bump the package to incorporate it.
Fixes: http://autobuild.buildroot.net/results/f6dd4c60c04892c8b1669e6000fce7edb2b6349e/
Signed-off-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patch to resolve cve-2019-12900 which affects bzip2 versions 1.0.6 and older
More information can be found at
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On my machine, it happens once in a while that the virtualised machine
boots too fast for the rootfs to be available at the time the kernel
tries to mount it.
For example, board/qemu/arm-vexpress/readme.txt suggested changing
"-smp 1" up to "-smp 4". But doing so here causes a kernel panic:
VFS: Cannot open root device "mmcblk0" or unknown-block(0,0): error -6
Please append a correct "root=" boot option; here are the available partitions:
1f00 131072 mtdblock0
(driver?)
1f01 32768 mtdblock1
(driver?)
Kernel panic - not syncing: VFS: Unable to mount root fs on
unknown-block(0,0)
So, add the oh-so-useful 'rootwait' option to all kernel command lines
for qemu defconfigs.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Joel Stanley <joel@jms.id.au>
Cc: Mark Corbin <mark.corbin@embecosm.com>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The icu upstream developers have a strange way of labelling their versions:
- The Github tags are named release-XX-Y, and therefore the versions
referenced by by Release Monitoring look like 60-2 or 64-1.
- The tarballs contain the version with an underscore separator, i.e
60_2 or 64_1.
- The directories on http://download.icu-project.org/files/icu4c/
contain the version with a dot separator, i.e 60.2 or 64.1.
In order to have our <pkg>_VERSION match the one on Release
Monitoring, we adjust it to use the underscore separator, and then
further tweak the ICU_SOURCE and ICU_SITE definitions to keep
everything working.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Removed patch which has now been committed upstream.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.org/results/f6c0b85fa476e0f52cc06f0133d2e4f9920f7556
test-ot-color.cc:40:10: fatal error: cairo-svg.h: No such file or directory
40 | #include <cairo-svg.h>
| ^~~~~~~~~~~~~
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When the target toolchain does not support C++, the provided
libcdaudio configure script tries to run a check with the C++
pre-processor provided by the host (/lib/cpp) which may not exist on
some systems.
This issue is fixed by autoreconfiguring the package, as newly
generated configure scripts do not have this issue.
Fixes:
http://autobuild.buildroot.net/results/f725a41ef992c42ceef7514d1a8dcac99e6b9114/
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
test-pkg will use gigabytes of space when testing all toolchains.
Nevertheless, you are normally only interested in the actual build / host
tree when there is a build failure.
Do a 'make clean' for successful builds to save disk space, unless the new
option '-k/--keep' is set.
Note that the logfile and configuration is always retained for inspection.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The long option parsing of test-pkg is broken because:
- some long options are not declared
- there should be a comma between long options, the colon does not replace
it.
This change also revealed that the declaration of 'toolchains-dir' should
have been 'toolchains-csv', originally introduced in commit ed59f81a3c.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add options to install the MT7650 bluetooth firmware and the MT76x2e
wifi firmware.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
To use a private key stored on a hardware crypto module, such as an HSM
or smart card, rauc needs OpenSSL to have support for pkcs11 modules.
OpenSSL achieves this through the libp11 library.
The libp11 engine for OpenSSL is a dynamic module, so the dependency is
at rauc's runtime, rather than openssl's or rauc's build time. However,
it still needs to be added as a dependency, so that anything that uses
host-rauc when building can be assured that host-rauc is fully
functional.
As this is a runtime dependency, there's no need for a target
dependency. And it's only used for signing updates, which isn't done on
the target anyway.
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
SVG can be regarded as the "source code" for assets, like logos or other
graphical elements.
However, SVG needs to be rendered, which requires an XML parser and an
SVG "parser/rendered". As such, it has various runtime impacts, like
bad performance or security. As such, SVG are often pre-rendered to the
required sizes/depths/resolutions into other format, such as PNG, at
build time.
While rsvg-convert (from host-librsvg) would allow the rendering, it
does not allow more complex tasks taht ImageMagick allows for:
compositing more than one image, 2D transforamtions (rotation, skew...).
Yet, SVG support in ImageMagick relies on librsvg, which adds quite a
few dependencies, and thus has a noticeable impact on the build time.
Add an option to allow concerned users to enable/disable SVG support
in ImageMagick.
Enabling SVG support relies on librsvg, which in turns relies on a few
additional packages that ImageMagick can also optionally use. So,
automatically enable the corresponding support as well.
Signed-off-by: "Yann E. MORIN" <yann.morin@orange.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sometimes, it is required to call imagemagick from a post-build script
or the likes, so we have to allow the user to enable the host variant
for imagemagick.
Update the linux package to select the host variant now.
Signed-off-by: "Yann E. MORIN" <yann.morin@orange.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump Linux and U-Boot versions.
The Linux configuration file and patches are no longer needed.
Signed-off-by: Oleksandr Zhadan <oleks@arcturusnetworks.com>
Signed-off-by: Michael Durrant <mdurrant@arcturusnetworks.com>
[Thomas: also use a tarball for U-Boot.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Removed patch which was applied upstream:
5b403d124c
Added all hashes provided by upstream, added license hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>