xorriso cd/dvd/bd iso 9660 manipulation and disc burner.
libburnia is a project for reading, mastering and writing
optical discs. Currently it is comprised of libraries named
libisofs, libburn, libisoburn, a cdrecord emulator named cdrskin,
and an integrated multi-session tool named xorriso.
The software runs on GNU/Linux, FreeBSD, Solaris, NetBSD.
It is base of the GNU xorriso package and is actively maintained.
[Thomas:
- Rewrap Config.in help text
- Add optional dependencies on libcdio, readline, acl, attr, zlib,
bzip2.
- Handle thread support.
- Add hash file.]
Signed-off-by Stephen M. Kenton <skenton@ou.edu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Having 'else' clauses handling the absence of mysql and postgresql
support to explicitly disable such features helps to avoid
misdetection of system-installed packages.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Instead of using --enable-<foo>={yes,no}, use
--{enable,disable}-<foo>, like we do in most other packages.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Enable support for mysql and pgsql.
Patches sent upstream (pull request on github).
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
DVDAuthor is a set of tools to help you author the file and directory
structure of a DVD-Video disc, including programmatic commands for
implementing interactive behaviour. It is driven by command lines and
XML control files, though there are other programs that provide
GUI-based front ends if you prefer
[Thomas:
- Make the libdvdread dependency optional: it is only needed for the
dvdunauthor program, which can be disabled using a configure
option. So a separate Config.in option was added for dvdunauthor.
- Adjust license to GPLv2+, as can be seen in the source code itself.
- Add optional dependency on fontconfig and imagemagick. Make sure we
don't pick up a host installed GraphicsMagick (which is different
from ImageMagick!)
- Add a hash file.]
Signed-off-by Stephen M. Kenton <skenton@ou.edu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add SysV-style initscript, complete rewrite from
http://patchwork.ozlabs.org/patch/412057/
'stop' is handled by squid itself to gracefully (as possible) close
every pending connection and commit changes to disk. By default this is
configured for 30 seconds and can be configured via shutdown_lifetime in
/etc/squid.conf if someone is too anxious.
The script won't block until squid is properly shutdown - but people
should _REALLY_ use restart or reload if that's what they want, instead
of stop+start.
'restart' is handled by squid itself, since if we do a stop/start cycle
we must wait for a clean shutdown cycle (takes time).
'reload' is also handled by squid itself and it's not the same as
restart, it will just trigger a configuration reload without purging
runtime cache (RAM) contents.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This fix the error:
fatal: unable to connect to git.jdl.com:
git.jdl.com[0: 208.123.73.151]: errno=Connection refused
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Libcli provides a shared library for including a Cisco-like command-
line interface into other software. It's a telnet interface which
supports command-line editing, history, authentication and callbacks
for a user-definable function tree.
[Thomas: rewrap Config.in help text.]
Signed-off-by: Steve James <ste@junkomatic.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Even though squid uses nobody/nogroup it ain't good for security if
every daemon around uses it, specially since squid is used as a caching
proxy most of the time and that would mean other daemons/scripts run as
nobody would have access to potentially sensitive information.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Enable all of the basic modules that don't require any dependencies.
Reasoning is simple, if someone wants rsyslog over a smaller busybox
logger or sysklogd it's probably looking for features.
[Thomas: fix indentation.]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This was added in 9b4696a4 but only partially removed in d89a2610
leading to a comment and the rsyslog option both being present in the
config menu if we're using a non-LFS toolchain.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Do it to avoid having duplicate and conflicting functionality with
busybox's S01logging.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also add hash file and drop upstream patch.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also drop PAN profile comment since it now supports GN and PANU profiles
as well to avoid overcrowding.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2015-0219 - incorrectly handled underscores in WSGI headers. A
remote attacker could possibly use this issue to spoof headers in
certain environments.
CVE-2015-0220 - incorrectly handled user-supplied redirect URLs. A
remote attacker could possibly use this issue to perform a cross-site
scripting attack.
CVE-2015-0221 - incorrectly handled reading files in
django.views.static.serve(). A remote attacker could possibly use this
issue to cause Django to consume resources, resulting in a denial of
service.
CVE-2015-0222 - incorrectly handled forms with ModelMultipleChoiceField.
A remote attacker could possibly use this issue to cause a large number
of SQL queries, resulting in a database denial of service.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It has a hardcoded -ldl link invocation, so drop it. Fixes:
http://autobuild.buildroot.net/results/66ba5f76694d0738b113463579ce6b2fa49a89d6/
Also add hash file and rename uclinux patch to new naming convention.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It is only the get-edid tool that is x86 specific, parse-edid builds and
works fine on other architectures so make it available everywhere.
Also drop the custom install step as 'make install' does the right thing.
This does cause us to install into /usr/sbin instead of /sbin, but as that
is what upstream wants we can consider that a bugfix.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We don't use the 1.17.x series because it has issues when
cross-compiling.
[Thomas:
- change license to GPLv2+, and the license file to COPYING. While
start-stop-daemon.c itself is under the Public Domain, the compat
library against which it is linked is GPLv2+.]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Tested-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Karoly Kasza <kaszak@gmail.com>
Reviewed-by: Karoly Kasza <kaszak@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The unit file is taken from debian, but tested working.
We'll call it named.service to match the sysV initscript.
Signed-off-by: Nathaniel Roach <nroach44@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Compilation fails with this defconfig, provided by Thomas
BR2_arm=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_CUSTOM=y
BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y
BR2_TOOLCHAIN_EXTERNAL_URL="http://autobuild.buildroot.org/toolchains/tarballs/br-arm-full-2014.11.tar.bz2"
BR2_TOOLCHAIN_EXTERNAL_HEADERS_3_17=y
BR2_TOOLCHAIN_EXTERNAL_LARGEFILE=y
BR2_TOOLCHAIN_EXTERNAL_INET_IPV6=y
BR2_TOOLCHAIN_EXTERNAL_LOCALE=y
BR2_TOOLCHAIN_EXTERNAL_INET_RPC=y
BR2_TOOLCHAIN_EXTERNAL_CXX=y
BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV=y
BR2_PACKAGE_GLMARK2=y
BR2_PACKAGE_MESA3D=y
BR2_PACKAGE_RPI_USERLAND=y
because rpi-userland is used a provider for libegl/gles.
Fix this by depending on the corresponding mesa3d suboptions.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add support for building nodejs with hard floating ABI if supported by the
target and remove bogus comment. Buildroot does propose this tuning.
Basically, you have three cases of floating point strategies:
* soft float, i.e 'soft' in nodejs speak. This is enabled in Buildroot
when BR2_ARM_EABI=y and BR2_SOFT_FLOAT=y.
* hard float using integer registers to pass floating point arguments,
i.e 'softfp' in nodejs speak. This is enabled in Buildroot when
BR2_ARM_EABI=y and BR2_SOFT_FLOAT is disabled.
* hard float using floating pointer registers to pass floating point
arguments, i.e 'hard' in nodejs speak. This is enabled in Buildroot
when BR2_ARM_EABIHF=y.
This patch fixes "[Buildroot] Float error on SAMA5D3 Xplained using nodejs":
http://lists.busybox.net/pipermail/buildroot/2014-December/114254.html
Tested at run-time by me on a TI Beaglebone Black.
[Thomas: add qstrip call when using the BR2_GCC_TARGET_FLOAT_ABI
variable.]
Signed-off-by: Jörg Krause <jkrause@posteo.de>
Reported-by: Cédric Heyman <c.heyman@til-technologies.fr>
Suggested-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Squid bundles a copy of libltdl (from libtool) which autoreconfigures on
its own.
For some odd reason when automake was bumped to version 1.15 and if the host
system has another automake version, for example 1.14, the ACLOCAL and
AUTOMAKE variables don't expand properly when the internal autoreconf is
triggered hence calling the missing handler which in turn tries to use
an incorrect automake version.
The solution is to pass unexpanded ACLOCAL and AUTOMAKE variables that
defer the evaluation to a later moment and avoid the issue.
Fixes:
http://autobuild.buildroot.net/results/73f/73fcffafbea320f8c64378bbe8a96922b5e7c6b5/
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The geoip "helpers" are basically scripts that download and reformat
the geoip database in a form usable by xt_geoip.
The netfilter (kernel & userland) sides of it are built and installed.
Since there are many considerations to geoip databases (free,
commercial and variants for each) it's left to the user to deal with
that if they plan to use the extension which is only one among many.
[Thomas:
- Take into account the rename of BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS
- Remove "depends on BR2_LINUX_KERNEL" as suggested by Arnout.
- Move XTABLES_ADDONS_CONF_OPTS a bit further down, with newlines
around it, and adjust the indentation of the first line. Just to
make it slightly more readable.]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently in Buildroot we have a BR2_PACKAGE_QT_ARCH_SUPPORTS_WEBKIT
variable indicating which architectures support Qt Webkit. We also make
Qt Script depending on that variable, so we are assuming that Qt Script
is supported for exactly the same architectures which support Qt Webkit,
and that's not true.
For instance, Qt Webkit is not supported for MIPS64 when
using the n32 ABI, but Qt Script is actually supported. So, if we make
BR2_PACKAGE_QT_ARCH_SUPPORTS_WEBKIT depending on !BR2_MIPS_NABI32 we
will also disable Qt Script, because as I said before, Qt Script depends
on BR2_PACKAGE_QT_ARCH_SUPPORTS_WEBKIT, and we don't want that because
Qt Script works.
We fix this by creating another variable called
BR2_PACKAGE_QT_ARCH_SUPPORTS_SCRIPT to state which architectures support
Qt Script, so now we can differentiate them from the ones supporting Qt
Webkit.
Related:
http://lists.busybox.net/pipermail/buildroot/2014-November/112605.html
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The build of host-lzma is broken since commit 97703978ac
("support/libtool: make -static behave like -all-static").
Lzma forces '-static' in its LDFLAGS, which contradicts what buildroot tries to
achieve by patching libtool scripts and configuring host packages with
'--disable-static'.
We add a patch to remove lzma's hardcoded LDFLAGS, to fix the build.
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This lets you (by default enabled) compile out its readline
dependency.
[Thomas:
- remove the patch, which is now unneeded, since we've bumped to
nftables 0.4, which as the patch to make readline optional.
- remove the new Config.in option, just enable the interactive
console when the readline package is enabled.]
Signed-off-by: Alexander Clouter <alex+buildroot@digriz.org.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Like was done for the 'python' package, also make the ossaudiodev
module optional for 'python3'. ossaudiodev is always disabled for
host-python3, and a new option is added to enable it for the target
python3.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Now that we have a configure option in Python to enable/disable the
ossaudiodev module, this commit adds a configuration option to the
target Python to explicitly enable/disable this module.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This module is not needed to build the target Python, and can cause
some build issues on certain systems (when <linux/soundcard.h> does
not contain the OSS related definitions).
Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This module causes some build failures in certain setups and is not
very useful.
Signed-off-by: Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas:
- Rename the VNSTAT_INSTALL_VNSTATI to VNSTAT_INSTALL_VNSTATI_CMDS,
and use 'define ... endef'.
- Use full paths for the destinations when using $(INSTALL)]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tested with RaspberryPi B+ and PiTFT Mini Kit - 320x240 2.8" TFT
(see [1] and [2]) and the following target configuration changes:
- cmdline.txt: add 'fbcon=map:10 fbcon=font:VGA8x8'
- add /etc/modules-load.d/fbtft.conf with 'fbtft_device'
- add /etc/modprobe.d/00-fbtft.conf with 'options fbtft_device name=adafruit28 rotate=90 gpios=dc:25'
[1] http://h65951.serverkompetenz.net/PeterSeiderer/upload/PiTFT_2_8_ct/Image9893.jpg
[2] http://h65951.serverkompetenz.net/PeterSeiderer/upload/PiTFT_2_8_ct/Image9897.jpg
[Thomas:
- Rename prompt of the Linux extension to "FB TFT drivers"
- Remove the full name of the kernel config options in the help
text. Giving their CONFIG_<foo> name is enough.
- Remove the mention of CONFIG_SPI_BCM2708, since this makes the
description RaspberryPi specific, while these drivers can work
with any SPI controller.
- Refactor the code in linux-ext-fbtft.mk to avoid duplication
between the < 3.15 and >= 3.15 cases.
- Make the fbtft package a promptless package, since there is no
point in selecting only this package, without the kernel
extension.
- Change the license to GPLv2, since it's kernel code.]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: remove empty new line at end of .mk file.]
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also:
* Add hash file
* Tweak the initscript to use a pidfile to avoid nasty warnings
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As source url use the git repository instead of the unavaiable svn
repository.
Also because the git repository does not include the netsurf core
buildsystem source that are needed to build this package add as
dependency the netsurf-buildsystem package and use those files through a
symbolink link.
This fix the following error:
svn: E670002: Unable to connect to a repository at URL 'svn://svn.netsurf-browser.org/trunk/libsvgtiny'
svn: E670002: Unknown hostname 'svn.netsurf-browser.org'
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This is the NetSurf project shared build system, used by various NetSurf
sub-projects like the libsvgtiny project.
[Thomas: use cp -dpfr instead of just cp -r, to match what we do in
other Buildroot packages.]
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add an option to install all the DTBs:
- standard DTBs for standalon A/B and A+/B+ models;
- overlay DTBs for the 'hats' addon boards.
Install the DTBs as per the traditional layout expected by all RPi
users, that is:
- base DTBs alongside the other boot files;
- overlay DTBs in a sub-directory.
This requires the user provide a specially configured Linux defconfig
file, as the default ones do not enable USE_OF.
[Thomas: adjust comment explaining why we use a different version when
installing the DTBs is selected.]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The Raspberry Pi can boot a kernel with device tree support. But at the
same time, the RPi folks wante to keep the old-fashioned, ATAG-based way
of booting (don't ask...).
So, the bootloader needs to know whether the kernel it is loading has DT
support or not. For that, it looks at the end of the kernel image for a
magic footer. If found, it loads a device tree and sets the registers
appropriately so that the kernel finds the DTB. If not found, it loads
the kernel with the traditional ATAGS.
Where it becomes a bit tricky, is that the DTB is different for models
A/B and A+/B+ (that is A and B use the same DTB, while the A+ and B+ use
a second DTB). The bootloader is capable to load the correct DTB from a
specially named file. That is:
- on A/B, it loads bcm2708-rpi-b.dtb
- on A+/B+, it loads bcm2708-rpi-b-plus.dtb
If the DTB is differently named, the bootloader won't find it, will not
load any DTB at all, and revert to booting with ATAGS.
It is possible to specify what DTB to load, by adding an new config
option 'device_tree=file.dtb' in config.txt, but then the firmware on
the SDcard is no longer bootable on both the original models and the
Plus models.
So, add a script that appends the appropriate footer to the kernel
image. The script is vampirised from the RPi's tools repository, but a
new package is *not* added just for that script: the whole repository is
300+ MiB, and a checkout is 600+ MiB; it is not pertinent to add this as
a new package for a script that weights a few KiB...
Install that script as a host utility, too.
Notes: lots of information is available in this thread on the RPi forums:
http://www.raspberrypi.org/forums/viewtopic.php?f=29&t=93015
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: add 'cp -dpfr' instead of a convuluted use of 'tar c' + 'tar
x' do not a copy.]
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit slightly cleans up the newt patches: use Git formatted
patches, improve title and description. This was done in preparation
for the upstream submission of those patches.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: fix minor typo in commit title.]
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Commit 799c12e (xz-utils: needs threads) tried to fix an autobuild
failure by requiring threads. But xz-utils can be configured without
thread support (even though it is one of the most prominent
selling-points of the latest release!).
[Thomas: use --{enable,disable}-threads instead of
--enable-threads={yes,no}, to match what we generally do in most
autotools packages.]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2014-9402 - denial of service in getnetbyname function.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas:
- Indicate in the Config.in help text that this policy compiler is
SELinux related.
- Rewrap Config.in help text and remove trailing white space.
- Add a comment in the .mk file to indicate why we're passing
DESTDIR= at build time.]
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Clayton Shotwell <clshotwe@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Irqbalance is a daemon to help balance the cpu load generated by
interrupts across all of a systems cpus.
[Thomas:
- Add upstream URL in Config.in help text.
- Fix indentation of init script.]
Signed-off-by: Karoly Kasza <kaszak@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
For portability. All other Buildroot scripts (i.e. scripts that run on
host) already use the "/usr/bin/env bash" shebang.
This change is needed for NixOS, which lacks a global /bin/bash.
Signed-off-by: Bjørn Forsman <bjorn.forsman@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The libiio library will compile fine with a toolchain that doesn't
support threads (tested with br-arm-full-nothread.config).
Only the IIOD program requires support for threading.
Signed-off-by: Paul Cercueil <paul.cercueil@analog.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2015-0559, CVE-2015-0560 - The WCCP dissector could crash.
CVE-2015-0561 - The LPP dissector could crash.
CVE-2015-0562 - The DEC DNA Routing Protocol dissector could crash.
CVE-2015-0563 - The SMTP dissector could crash.
CVE-2015-0564 - Wireshark could crash while decypting TLS/SSL sessions.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2014-8150 - When libcurl sends a request to a server via a HTTP
proxy, it copies the entire URL into the request and sends if off.
If the given URL contains line feeds and carriage returns those will be
sent along to the proxy too, which allows the program to for example
send a separate HTTP request injected embedded in the URL.
CVE-2014-8151 - libcurl stores TLS Session IDs in its associated Session
ID cache when it connects to TLS servers. In subsequent connects it
re-uses the entry in the cache to resume the TLS connection faster than
when doing a full TLS handshake. The actual implementation for the
Session ID caching varies depending on the underlying TLS backend.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Alex Suykov <alex.suykov@gmail.com>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Our curl package is really named libcurl.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-Bump version to 1.15
-Add a hash file
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Thanks to Baruch Siach for the suggestion.
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add a patch to install headers and static library separately.
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also remove tests since they require static libraries.
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas:
- Change the dependency logic in the Config.in file. We don't want to
have a 'depends on BR2_PACKAGE_QT5GRAPHICALEFFECTS': it should be
selected automatically. Instead, let's have a dependency on Qt5 and
OpenGL, and select everything else automatically. A comment is
added, shown only when Qt5 is available, on the right platforms
(which have JSCore support), to explain that we need an OpenGL
backend.
- Change the prompt of the package to be qt5cinex, to match the
package name.
- Replace "High-definition support" by "High-definition version".
- Fix a typo in the Config.in help text: definifition -> definition.
- Add a comment in the .mk file explaining why we install a wrapper
shell script (explanation taken from Pierre's e-mail).
- Fix indentation in the install target commands.
- Keep only sha256 hashes, those are sufficient. Replace the comment
in the hash file by the more traditional "Locally computed".]
Signed-off-by: Pierre Le Magourou <pierre.lemagourou@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2014-6272 - integer overflow bugs in evbuffer_add() and
related functions.
Also file hash file (was stale) and switch to sourceforge for a
stable/proper hash.
Patch 0002-Avoid-using-top_srcdir-in-TESTS.patch is upstream so remove.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Quite a number of scripts use xxd, so install it as well.
Install it unconditionally as the size is trivial compared to vim (~10kb vs
~1.5MB).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On machines where xzcat/unxz is not available, we build host-xz. So if
host-xz is itself downloaded as a xz-compressed archive, it doesn't
work. Revert back to a .bz2 archive.
Fixes:
http://autobuild.buildroot.org/results/79e/79ecba46f353546ba60ae86dd3898b4d86c056a0/
(and many similar failures)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
- Bump version to 1.3.6
- Update the hash value
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
There is no need to have "AUTORECONF = YES" since the patch which
modified the "configure.in" file was removed in the last version bump.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
- Bump version to 0.161
- Remove the portability patch. We don't need to have it in Buildroot
since it includes the version number so we can download it safely
without having collisions between versions.
- Adapt the patches that need to be adapted.
- Rename patches to start from 0001.
- Update the hash value and add a new value for the portability patch.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-Bump version to 4.6.1
-Add a hash file
-Use xz tarball to save space and bandwidth
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-Bump version to 5.2.0
-Update hash file
-Use xz tarball instead of bz2 to save space and bandwidth
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2014-9221 - denial-of-service vulnerability triggered by an
IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025.
Also add hash file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Make gzip install binaries to / rather than /usr to fix bug #7766, it's
the FHS mandated target.
This also avoids duplicating binaries with busybox when both are
installed.
Also make gzip install after busybox if both are enabled to make the
proper gzip package override any busybox version since it's usually more
lightweight in functionality and slower.
And add a hash file while at it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Adding a patch to move AC_CONFIG_AUX_DIR up a few lines so the autotools
can find it.
This patch is based on the same solution adopted by Debian:
https://lists.debian.org/debian-release/2014/11/msg01231.html
This will prevent a build failure like this one caused by a version bump
of the automake package:
configure: error: cannot find install-sh, install.sh, or shtool in "."
"./.." "./../.."
Related:
http://lists.busybox.net/pipermail/buildroot/2015-January/116604.html
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2014-8148 - If a system service installs unsafe security
policy rules that allow arbitrary method calls then this prevents memory
consumption and possible privilege escalation via
UpdateActivationEnvironment.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2013-7296 - JBIG2Stream::readSegments()" Denial of Service
Vulnerability.
Also add hash file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes many of the reported security audit vulnerabilities:
http://www.openwall.com/lists/oss-security/2014/12/24/1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
http://autobuild.buildroot.org/results/3f0/3f07574e6e4edda9e31fcb0de520a4dbabe6b94a/
[Thomas:
- Improved configure.ac logic, as suggested by Yann E. Morin.
- Added a comment in the .mk file to indicate why we're using
AUTORECONF = YES. Suggested by Yann as well.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The license is really a 3 clauses BSD license, so let's specify this
in python-django.mk.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas:
- Bump to Django 1.7.2, the latest available version;
- Support Python 3 in addition to Python 2.
- Use a download location from pypi.python.org since the download
location from djangoproject.com didn't work as is and is
impractical to use with Buildroot: the full URL of the tarball is
https://www.djangoproject.com/download/1.7.2/tarball/. I.e, it does
not end with the tarball file name.]
Signed-off-by: oli vogt <oli.vogt.pub01@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Should hopefully fix:
http://autobuild.buildroot.net/results/2cc40ae3fc8b7a287c43528b3e4ffdbcd5033c09/
[Thomas:
- Rename patch to the new naming convention.
- Add SoB line from Alex inside the patch itself.
- Adjust the commit log to contain the reference to the autobuilder
failure.]
Signed-off-by: Alex Suykov <alex.suykov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The comment was missing the dependency on BR2_USE_MMU, and was using
'depends on !BR2_TOOLCHAIN_HAS_THREADS && BR2_STATIC_LIBS' while it
should in fact be '!BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS',
since we want show the comment *either* when we don't have threads
*or* when we are building a purely static lib system.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
For some platforms, hardware-assisted compare-and-swap may not be
available, so libatomic_ops will not provide it.
However, libatomic_ops can provide a purely software CAS emulation, but
must be instructed to do so. erlang just forgot to tell libatomic_ops
that it does require CAS.
Fix that by defining AO_REQUIRE_CAS before including atmoic_ops.h, like
is done in libunwind, as pointed out by Thomas.
Also, erlang has a convoluted, mind-alterating set on aclocal.m4 macros,
that just forgets to link against -latomic_ops when checking CAS is
available, so that even if CAS is available, configure chokes.
Since I would like to keep the little sanity I still have, just force
linking with -latomic_ops. This is useless when the check is natrally
sucessful (i.e. on platforms where CAS is available in HW), but we
would eventually link with -latomic_ops there, too; it's just redundant.
Overall, just consider that erlang requires libatomic_ops, so forcibly
depend on it, it is easier than trying to disable it. We can revisit
that whenever someone wants to run erlang on a platform for which there
is no libatomic_ops support.
Fixes a slew of autobuild ARM failures:
http://autobuild.buildroot.org/results/e7b/e7bfc4893dea6b133f0794ef44d50ad89bcb6662/http://autobuild.buildroot.org/results/3e9/3e9c307f1ec6536482641019dcaa94677f7267a3/http://autobuild.buildroot.org/results/a85/a85ca414e5b67af46510abd7b610eb5ae8661de4/
[...]
[Thomas: fix minor typos in commit log, add dependency on
BR2_PACKAGE_LIBATOMIC_ARCH_SUPPORTS to the Erlang comment about thread
and shared library dependency.]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Do not hard-code QUIET in our download commands, since it is handled in
the backends.
Suggested by Fabio.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
If doing a silent build (make -s -> QUIET=-q), silence all downloads,
by passing the -q flag downward to backends as well as to check-hash.
Change a printf to use the trace functions.
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In addition to bumping the version:
- drop license comment from help, we have PKG_LICENSE* for that.
- add optional dependency on libsecret
- remove --without-gnome-keyring option
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes build issues like, observed on a stripped-down build system:
compress.cpp:32:18: fatal error: zlib.h: No such file or directory
#include <zlib.h>
^
compilation terminated.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
