The patch description was missing Upstream-Status tag. It was given in the
commit which added this patch but not in the patch itself as should be.
Signed-off-by tag accidentally didn't follow the usual format.
Signed-off-by: Timo Ketola <timo.ketola@exertus.fi>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
systemd meson.build uses values from host /etc/login.defs if
system-uid-max and system-gid-max build options are not explicitly
specified.
Avoid that by setting system-uid-max and system-gid-max to 999 which is
the systemd default if SYSTEM_UID_MAX and SYSTEM_GID_MAX are not set in
/etc/login.defs.
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable libzstd support explicitly to avoid configure failure. The
Buildroot zstd package does not currently install its library.
Drop upstream patch.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OSS implementation of the TCG TPM2 Software Stack (TSS2). This stack
consists of the following layers from top to bottom:
* System API (SAPI) as described in the system level API and TPM command
transmission interface specification. This API is a 1-to-1 mapping of
the TPM2 commands documented in Part 3 of the TPM2 specification.
Additionally there are asynchronous versions of each command. These
asynchronous variants may be useful for integration into event-driven
programming environments. Both the synchronous and asynchronous API
are exposed through a single library: libsapi.
* TPM Command Transmission Interface (TCTI) that is described in the
same specification. This API provides a standard interface to transmit
/ receive TPM command / response buffers. It is expected that any
number of libraries implementing the TCTI API will be implemented as a
way to abstract various platform specific IPC mechanisms. Currently
this repository provides two TCTI implementations: libtcti-device and
libtcti-socket. The prior should be used for direct access to the TPM
through the Linux kernel driver. The later implements the protocol
exposed by the Microsoft software TPM2 simulator.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
v2.0.0 has been released after commit
1d949e4bf79b694ea883c325f5813e87ddc2a687, which we currently use, and
it has the advantage of fixing the build with recent versions of czmq.
Fixes:
http://autobuild.buildroot.net/results/f5804474033d5ff781af2bf195de2b81362f7be2/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When verbosive, fbgrab reports pixel format. Green and blue offset and
msb_right fields are accidentally swapped there. This commit adds a patch
which straightens them up.
Upstream-Status: Submitted [Gunnar Monell <gmo@linux.nu>]
Signed-off-by: Timo Ketola <timo.ketola@exertus.fi>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since version 0.29 MPDs mpc only supports the meson build. Therefore,
adapt the package infrastructure according to the user manual.
Also add a hash for the license file.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since version 2.13 libmpdclient only supports the meson build.
Therefore, adapt to package infrastructure according to the user manual.
Also add a hash for the license file.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some packages (mostly, out-of-tree) may want to install binary blobs for
another architecture, outside the locations we currently exclude, like
in /opt or whatever...
Add support in check-bin-arch to accept any arbitrary location, that
individual package can each request to excude from the check, when they
are installed.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, static libray is always built as BUILD_STATIC_LIBS is ON by
default so correctly set BUILD_STATIC_LIBS depending on BR2_SHARED_LIBS
variable
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The GitHub tag is really "libusbgx-0.2.0" so we end up with a slightly
strange looking version and archive name, but this is correct given the
tag.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add license hash and fix LICENSE: since November 2016 (release 0.15.2),
libupnpp is licensed under LGPL-2.1+ and not GPL-2.0+
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Package to create and handle json structures in Python,
with very easy and convenient API.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixed or improved security issues:
CVE-2016-1549 (fixed in 4.2.8p7; this release adds protection): A
malicious authenticated peer can create arbitrarily-many ephemeral
associations in order to win the clock selection algorithm
CVE-2018-7182: Buffer read overrun leads to undefined behavior and
information leak
CVE-2018-7170: Multiple authenticated ephemeral associations
CVE-2018-7184: Interleaved symmetric mode cannot recover from bad
state
CVE-2018-7185: Unauthenticated packet can reset authenticated
interleaved association
CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit
Drop patch #3. libntpq_a_CFLAGS now includes NTP_HARD_CFLAGS via
AM_CFLAGS.
Add license file hash.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable man pages and pdf build to avoid dependency on docbook and
dblatex.
Drop upstream patch.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove also a redundant dot from description text.
Add upstream hashes, and a license file hash.
Cc: Francisco Gonzalez <gzmorell@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 1296d57918 (musl: bump to version 1.1.19) forgot to remove an
upstream patch. Do that now.
Fixes:
http://autobuild.buildroot.net/results/3ea/3ea23854c501d12aa69012df9d38d33cd10ac83c/
Cc: Jörg Krause <joerg.krause@embedded.rocks>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, we handle the factory by redirectoring /var with a symlink at
build time, and with some trickery during the filesystem generation,
depending on whether we need to remount the filesystem read-write or
not.
However, this is causing quite some pain with the latest systemd, now that
they have moved their dbus socket to /run instead of /var/run.
As such, trying to play tricks with /var/run as a symlink is difficult,
because at times it is in .usr/share/factory/var/run (during build) and
then it is in /var/run (at runtime). So a relative symlink is not
possible. But an absolute symlink is not possible either, because we are
installing out-of-tree.
Oh the joys of cross-compilation... :-)
We fix all this mess by making /var a real directory from the onset, so
that we can use the runtime-expected layout even during the build.
Then, during filesystem generation, we move /var away to the factory,
and populate it as we used to do. This still requires a post-fs hook to
restore /var after the filesystem generation.
This leaves a situation that, should the filesystem generation fails,
/var will be left in an inconsistent state. But that is not worse than
what we already had anyway.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Trent Piepho <tpiepho@impinj.com>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When using a RO root with systemd, it is intended that /var/lib should be
populated at boot time by tmpfiles system mirroring it from
/usr/share/factory/var/lib.
However, this will only happen if /var/lib does not already exist at the
time systemd-tmpfiles runs. If it does exist, then tmpfiles will
(silently) skip it and do nothing.
It turns out /var/lib will exist, because some part of systemd creates
/var/lib/systemd/catalog on boot before tmpfiles runs.
The fix used here is to also create tmpfiles entries for the contents of
/var/lib/* and /var/lib/systemd/*. This way, when those directories
already exist, the entire tree is not skipped and instead the
not-yet-existing contents of /var/lib and /var/lib/systemd will be still
be mirrored from the factory dir.
And if /var/lib/systemd, or a prefix of that, stops getting created and
does not exist, it'll still mirror properly.
It does cause some warnings from systemd:
systemd[1]: Starting Create Volatile Files and Directories...
systemd-tmpfiles[148]: [/etc/tmpfiles.d/var-factory.conf:7] Duplicate line for path "/var/lib/systemd", ignoring.
systemd-tmpfiles[148]: [/etc/tmpfiles.d/var-factory.conf:8] Duplicate line for path "/var/lib/systemd/coredump", ignoring.
But they can be ignored.
IMHO, I think a better solution would be for systemd-tmpfiles to gain a
"merge tree" operation that is like "C" but doesn't abort if the
destination exists, but rather merges the source into it.
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
[yann.morin.1998@free.fr: slight rework of commit title]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Not all distributions have the language-agnostic C.UTF-8 locale (Gentoo,
I'm frowning at you!).
Instead, use any UTF-8 locale provided by the system.
Reported-by: Christian Stewart <kidovate@gmail.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Julius Kriukas <julius@kriukas.lt>
Cc: Christian Stewart <kidovate@gmail.com>
Cc: Trent Piepho <tpiepho@impinj.com>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
udevd needs extra groups for its bundled rules:
Mar 03 12:21:30 buildroot systemd-udevd[732]: Specified group 'render' unknown
Mar 03 12:21:30 buildroot systemd-udevd[732]: Specified group 'kvm' unknown
Add those missing groups.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Julius Kriukas <julius@kriukas.lt>
Cc: Trent Piepho <tpiepho@impinj.com>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2018-5732: The DHCP client incorrectly handled certain malformed
responses. A remote attacker could use this issue to cause the DHCP
client to crash, resulting in a denial of service, or possibly execute
arbitrary code. In the default installation, attackers would be isolated
by the dhclient AppArmor profile.
CVE-2018-5733: The DHCP server incorrectly handled reference counting. A
remote attacker could possibly use this issue to cause the DHCP server
to crash, resulting in a denial of service.
Both issues are fixed in version 4.4.1. But we are close to release, so
backport the fixes instead of bumping version.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
