github archives should be stable now.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Drop upstreamed patches.
Drop autoreconf since it's no longer required.
Patch 0002-no-zlib.patch is no longer required, and is in fact harmful.
Update homepage URL.
Fixes:
CVE-2015-8874 - #215 Stack overflow with gdImageFillToBorder
CVE-2016-3074 - gd2: handle corrupt images better
CVE-2016-5767 - Integer Overflow in gdImagePaletteToTrueColor()
resulting in heap overflow
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
lirc-tools has optional support for portaudio, see configure.ac,
line 218+.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
lirc-tools has optional support for alsa-lib, see configure.ac,
line 230+.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
lirc-tools has optional support for udev, see configure.ac, line 303+.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
lirc-tools has optional support for libusb-compat, see configure.ac,
line 199+.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: update comment in the .mk file about autoreconf.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Drop upstreamed patch and related autoreconf.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fix qt5enginio version, is 1.6.1 for qt5.6.1-1 (hash
is already updated by previous qt5 bump version patch).
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
gpl3 option removed so drop it otherwise it results in build failure.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since the shut down of www.lm-sensors.org we do not have a package
download location anymore, so we update the i2c-tools package to use
the git repository hosted at kernel.org.
Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
There is no elementary 1.17.2 release since there was no patch to
backport from upstream.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In efl 1.15.x, Lua "old" support is broken with Lua 5.2+ [1].
With the patch added in efl 1.16 to fixes this issue, libevas fail to link with
the following error:
CCLD bin/ecore_evas/ecore_evas_convert
host-efl-1.16.1/src/lib/evas/.libs/libevas.so: undefined reference to `luaL_openlib'
collect2: error: ld returned 1 exit status
Makefile:19021: recipe for target 'bin/ecore_evas/ecore_evas_convert' failed
Since 9ba8d1cce4, the luajit support can be
enabled in efl package.
In order to update the efl stack to 1.17, switch to luajit support and remove
Lua "old" support since it's not fixed upstream yet. But the drawback is the
efl stack depends implicitely on BR2_PACKAGE_LUAJIT_ARCH_SUPPORTS.
[1] https://phab.enlightenment.org/T2728
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Move TAR_OPTS so that long options (or any option with an initial '-')
may be passed to tar. Since TAR_OPTS is at the front of the list, single
letter options still work.
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The efivar build process starts by building one tool for the host,
which is needed for the rest of the build. This tool currently fails
to build with old gcc versions because the gcc.specs used by efivar
specifies -std=gnu11. To address this, this patch:
- passes 'gcc_flags=' to the host build, so that the custom gcc specs
are not passed. They are in practice not needed for the build of
the simple makeguids host utility.
- passes -std=gnu99 instead of -std=c99 in the build of host
makeguids, because the source code uses anonymous structs and
unions, which requires std=gnu99 and not just std=c99
In addition, the build by default assumes that the target toolchain is
LTO capable, and that therefore you can call gcc-ar, gcc-nm and
gcc-ranlib. This fails short when the target toolchain is for example
gcc 4.7. To address this, we explicitly specify AR, NM and RANLIB to
be used, but pass them as make options instead of in the environment,
in order to override the values specified in the package Makefile.
Fixes:
http://autobuild.buildroot.net/results/fe40c1d139ba8ddeef3dafd5c1818a946f014d7c/
Cc: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Remove non-existing options:
* --disable-wsap
* --disable-direct3d
* --disable-gsettings
Remove options that are already handled later in the .mk file, using
optional dependencies:
* --disable-rtmp
* --disable-hls
* --disable-dash
Rename disable->strp to disable-srtp, which essentially fixes a typo.
Remove liveadder plugin - no longer a separate built option, it's been
merged into audiomixer. Config.in.legacy handling is added for the
removed option.
Signed-off-by: Marcin Nowakowski <marcin.nowakowski@imgtec.com>
[Thomas: add Config.in.legacy handling for the liveaddr plugin option,
tweaks to the commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Qt5 can optionally enable udev support, especially to enumerate input
devices dynamically. Without udev, devices are not properly enumerated,
and any device that is not present at launch time is never seen (there
is no support for hotplug, that is).
Currently, Qt5base has no explicit dependency on udev, so it will all
depend on the build order. Sometimes, a package that requires udev will
be built before qt5base and Qt5 will have support for udev, sometime no
such package is built before qt5base and Qt5 will not have support for
udev.
Add an explicit dependency on udev, but only if it is enabled.
Note: this only really requires libudev, but we do not yet have a
separate libudev; we still only have a udev provider (be it eudev or
systemd).
Signed-off-by: "Yann E. MORIN" <yann.morin@orange.com>
Cc: Cedric Chedaleux <cedric.chedaleux@orange.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas: drop comment, as suggested by Arnout.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Almost all packages which are saved for legal-info have their source
archives downloaded as part of 'make source', which makes an off-line
build completely possible [0].
However, for the pre-configured external toolchains, the source tarball
is different, as the main tarball is a binary package. And that source
tarball is only downloaded during the legal-info phase, which makes it
inconvenient for full off-line builds.
We fix that by adding a new rule, $(1)-legal-source which only
$(1)-all-source depends on, so that we only download it for a top-level
'make source', not as part of the standard download mechanism (i.e. only
what is really needed to build).
This new rule depends, like the normal download mechanism, on a stamp
file, so that we do not emit a spurious hash-check message on successive
runs of 'make source'.
This way, we can do a complete [0] off-line build and are still able to
generate legal-info, while at the same time we do not incur any download
overhead during a simple build.
Also, we previously downloaded the _ACTUAL_SOURCE_TARBALL when it was
not empty. However, since _ACTUAL_SOURCE_TARBALL defaults to the value
of _SOURCE, it can not be empty when _SOURCE is not. Thus, we'd get a
spurious report of a missing hash for the tarball, since it was not in
a standard package rule (configure, build, install..) and thus would
miss the PKG and PKGDIR variables to find the .hash file.
We fix that in this commit as well, by:
- setting PKG and PKGDIR just for the -legal-source rule;
- only downloading _ACTUAL_SOURCE_TARBALL if it is not empty *and* not
the same as _SOURCE (to avoid a second report about the hash).
[0] Save for nodejs which invarriably wants to download stuff at build
time. Sigh... :-( Fixing that is work for another time...
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Peter Korsgaard <jacmet@uclibc.org>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Move the declarations of _ACTUAL_SOURCE and _ACTUAL_SITE earlier, so
that they are close to where _SOURCE and _SITE are handled.
This looks so far like a purely cosmetic change, but makes more sense
with the follow-up patch, where we'll need them earlier in the file.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Having a hash of the saved files can be interesting for the recipient to
verify the integrity of the files.
We remove the warning file earlier, to exclude it from the hash
list.
We generate the hash list in a temporary file that will not be matched
by the "find" expression, and once the file is generated, we remain it
to its final name.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Acked-by: Luca Ceresoli <luca@lucaceresoli.net>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
Acked-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: adjust indentation, improve commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Some packages, like perl, download extra files that end up as part of
the source that Buildroot builds. Up until now, those files were not
saved in the legal-info output.
Add those files to the legal-info output.
The unfortunate side-effect is that we will also save the secondary
archive for the external blackfin toolchains; however, we already do
save the binary release of some external toolchains when they do not
provide actual source archives.
This is inherently bad, as those are not source archives, but solving
this is a bigger concern, for another series...
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently, the legal-info infra only saves the source archive of a
package. However, that's not enough as we may apply some patches on
packages sources.
We do suggest users to also redistribute the Buildroot sources as part
of their compliance distribution, so the patches bundled in Buildroot
would indeed be included in the compliance distribution.
However, that's still not enough, since we may download some patches, or
the user may use a global patch directory. Patches in there might not
end up in the compliance distribution, and there are risks of
non-conformity.
So, always include patches alongside the source archive.
To ensure reproducibility, we also generate a series file, so patches
can be re-applied in the correct order.
We get the list of patches to include from the list of patches that were
applied by the package infrastructure (via the apply-patches support
script). So, we need to get packages properly extracted and patched
before we can save their legal-info, not just in the case they define
_LICENSE_FILES.
Update the legal-info header accordingly.
Note: this means that, when a package is not patched and defines no
LICENSE_FILES, we will extract and patch it for nothing. There is no
easy way to know whether we have to patch a package or not. We can only
either duplicate the logic to detect patches (bad) or rely on the infra
actually patching the package. Also, a vast majority of packages are
either patched, or define _LICENSE_FILES, so it is best and easiest to
always extract and patch them prior to legal-info.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>