The latest officially released version of SDL_image is 1.2.12, released
in 2012. Since then, there have been many bugfixes, including security
fixes.
SDL's canonical source is now on GitHub. This commit points to the
SDL-1.2 branch from 15 Mar 2021.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[yann.morin.1998@free.fr: use full-length commit hash]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The latest officially released version of SDL_mixer is 1.2.12, released
in 2012. Since then, there have been many bugfixes on master.
SDL's canonical source is now on GitHub. This commit points to the
SDL-1.2 branch from 15 Mar 2021.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[yann.morin.1998@free.fr:
- use full-length commit hash
- two spaces in hash file
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
SDL's canonical source is now on GitHub. The git commit that matches
the Hg commit we used so far is b13aa509166e, but we switch to the
HEAD of the SDL-1.2 branch, which just has two additional commits
touching the autotools files.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[yann.morin.1998@free.fr:
- explain why we don;t use the exactly-maching commit
- use full-length commit hash
- drop the comment: it did not point to the commit we used
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Enable the OpenSSL library to enable some OP-TEE tests that relies on
it.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Bump TF-A to version 2.4.
- Bump u-boot to version 2021.01.
- Bump kernel to version 5.11.3.
We switch TF-A to a single FIP image. Thanks to this, TF-A does not need to
use semihosting to load the various BL* anymore (but U-Boot still does).
Update the readme.txt accordingly.
We switch to a u-boot image for the ramdisk. This removes the need to
update the fdt chosen node manually in the bootcmd.
While at it, we drop the generation of the kernel dtb, which we do not use.
In this config, we are indeed using the dtb generated on-the-fly by qemu
and amended by TF-A.
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Gerome Burlats <gerome.burlats@smile.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Tested-by: Romain Naour <romain.naour@gmail.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop patch that is now upstream.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Board used custom Kernel but did not specify
custom headers. This broke the build when
Linux 5.11 was added in d2fe9c6.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1089053980
Signed-off-by: Filip Skoneczny <fskoneczny@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When enabling BR2_PACKAGE_LIBTOOL it depended on the build order if
squid used the external libltdl or built it from its internal copy. That
broke the build in fli4l where we have additional post build checks
analyzing runtime dependencies and a separate step for copying build
artefacts to target packages.
Depend on the external libltdl unconditionally like done with commit
3efc5a250c ("package/siproxd: new package") for package siproxd
recently as well. For reproducibility, size, and security.
Link: https://web.nettworks.org/ci/job/fli4l/job/buildroot/job/4.0/job/trunk-sunxi/672/
Suggested-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The dates in the copyright file have changed; update the hash accordingly.
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changes:
* Check for an image containing no samples in the PGX
decoder. (#271, #272, #273, #274, #275, #276, #281)
* Check for dimensions of zero in the JPC and JPEG decoders.
* Fix an arguably incorrect type for an integer literal
in the PGX decoder. (#270)
* Check for an invalid component reference in the
JP2 decoder. (#269)
* Check on integer size in JP2 decoder. (#278)
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix CVE-2021-21300:
On case-insensitive file systems with support for symbolic links,
if Git is configured globally to apply delay-capable clean/smudge
filters (such as Git LFS), Git could be fooled into running
remote code during a clone.
For details see [1] and [2].
[1] http://lkml.iu.edu/hypermail/linux/kernel/2102.1/01858.html
[2] http://lkml.iu.edu/hypermail/linux/kernel/2103.1/02533.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
kismets fails to build statically with libwebsockets since commit
14522a8f9d because libwebsockets does not
specify any Libs.Private field in its pkg-config file resulting in the
following failure:
configure:10659: checking for lws_client_connect_via_info in -lwebsockets
configure:10684: /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output-1/host/bin/arm-linux-g++ -std=gnu++17 -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -static -static -O3 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 conftest.cpp -lwebsockets -latomic -lz >&5
/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/9.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libwebsockets.a(tls.c.o): in function `alpn_cb':
tls.c:(.text+0x24): undefined reference to `SSL_select_next_proto'
As it is not trivial to specify Libs.Private with cmake buildsystem
(i.e. LIB_LIST contains the list of libraries but in the "cmake format"
with full paths and ';'), just disable static build with libwebsockets.
Fixes:
- http://autobuild.buildroot.org/results/9fc7891b61b1c487b95f07c59b802dd98ef71e3a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
commit 8efc5dce98 added an overlay but
forgot to add it to the related defconfig.
Fixes: missing overlay data in image
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When a --transform expression is provided, it is by default also applied
to the target of a symlink.
When we create tarballs (from git or svn checkouts), we use a --transform
expression to replace the leading ./ with the package name and version.
This causes issues when a package contains symlinks that points to
./something, as the leading './' is also replaced.
Fix that by using the 'S' transformation scope flag, as described in the
tar manual:
https://www.gnu.org/software/tar/manual/html_node/transform.html#transform
In addition, several transformation scope flags are supported, that
control to what files transformations apply. These are:
‘r’ Apply transformation to regular archive members.
‘R’ Do not apply transformation to regular archive members.
‘s’ Apply transformation to symbolic link targets.
‘S’ Do not apply transformation to symbolic link targets.
‘h’ Apply transformation to hard link targets.
‘H’ Do not apply transformation to hard link targets.
Default is ‘rsh’ [...].
Fixes: #13616
This has been checked to not change any of the existing hash for any of
our git-downloaded package (some are host-only, hence the few fixups):
---8<---
$ m="$( git grep -l -E -- -br[[:digit:]]+.tar.gz boot package/ \
|awk -F/ '{print $(NF-1)}' \
|sed -r -e 's/(imx-mkimage|netsurf-buildsystem|prelink-cross|qoriq-rcw|vboot-utils)/host-\1/g' \
-e 's/$/-source/'
)"
$ make defconfig; make clean; BR2_DL_DIR=$(pwd)/trash-me make ${m}
---8<---
Note: it is unclear what the 'H' flag does nor how it works, because the
concept of "target of a hardlink" is not obvious; probably it has to do
with how tar internally detects and stores hardlinks. Since we do not
yet have any issue with hardlinks, just ignore the problem for now, and
postpone until we have an actual issue with a real test-case.
Signed-off-by: Jean-pierre Cartal <jpcartal@free.fr>
Cc: Vincent Fazio <vfazio@xes-inc.com>
[yann.morin.1998@free.fr:
- re-indent commit log
- add scriptlet to test existing hashes
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2021-24032: Beginning in v1.4.1 and prior to v1.4.9, due to an
incomplete fix for CVE-2021-24031, the Zstandard command-line utility
created output files with default permissions and restricted those
permissions immediately afterwards. Output files could therefore
momentarily be readable or writable to unintended parties.
https://github.com/facebook/zstd/releases/tag/v1.4.9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>