Before this commit, lxc-user-nic could potentially have been tricked into
operating on a network namespace over which the caller did not hold
privilege.
This commit ensures that the caller is privileged over the network namespace
by temporarily dropping privilege.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The old link is broken. Use the github repo instead.
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This new package provides s6-portable-utils, a set of tiny general Unix
utilities, often performing well-known tasks such as cut and grep, but
optimized for simplicity and small size.
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This new package provides s6-rc, a service manager for s6-based systems,
i.e. a suite of programs that can start and stop services, both
long-running daemons and one-time initialization scripts, in the proper
order according to a dependency tree.
The host variant is provided so s6-rc-compile is available and can
be used to build the services database offline, either in a package
Makefile or a post-build script.
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This new package provides s6-networking, a suite of small networking
utilities for Unix systems.
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This new package provides s6-dns, a suite of DNS client programs and
libraries for Unix systems, as an alternative to the BIND, djbdns or
other DNS clients.
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This new package provides s6, a small suite of programs for UNIX,
designed to allow process supervision (a.k.a service supervision), in
the line of daemontools and runit.
The host variant is provided as it is required to build the host
variant of s6-rc. Only the libraries and headers are installed.
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The BR2_PACKAGE_PYTHON3_{READLINE,ZLIB,BZIP2,XZ} options were so far
only bringing in the necessary dependencies, relying on the Python
build system to automatically detect them.
However, this means that even if one of those option was disabled, if
their dependency was found, Python would build the corresponding module,
which is really not what the user would expect.
For example, if you have:
BR2_PACKAGE_READLINE=y
# BR2_PACKAGE_PYTHON3_READLINE is not set
Then you would still get the readline Python module built and installed.
This commit fixes that by adding new --{enable,disable} options, and use
them in python3.mk.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Commit fa62773826 ("python3: do not use the system OpenSSL in the host
variant") added a patch that allows to disable building the OpenSSL
related modules in Python, even if OpenSSL is found.
But in this commit, it was only used to unconditionally disable OpenSSL
support for the host python3.
This commit extends that to use the --disable-openssl option also for
the target python3, when BR2_PACKAGE_PYTHON3_SSL. This ensures that if
BR2_PACKAGE_PYTHON3_SSL is disabled, but BR2_PACKAGE_OPENSSL is enabled,
we still don't get the OpenSSL modules built, as the user would expect.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This refreshes the set of python3 patches so they apply cleanly on the
v3.5.2 tag of cpython Github repository.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The Python extension is _ssl, not ssl. Due to this mistake in the patch,
even with --disable-ssl passed on the command line, the _ssl.so Python
extension would still be built.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The BR2_PACKAGE_PYTHON_{READLINE,HASHLIB} options were so far only
bringing in the necessary dependencies, relying on the Python build
system to automatically detect them.
However, this means that even if one of those option was disabled, if
their dependency was found, Python would build the corresponding module,
which is really not what the user would expect.
For example, if you have:
BR2_PACKAGE_READLINE=y
# BR2_PACKAGE_PYTHON_READLINE is not set
Then you would still get the readline Python module built and installed.
This commit fixes that by adding new --{enable,disable} options, and use
them in python.mk.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Now that the cpython project has a nice Github repository, with tags,
it's much nicer to handle the stack of Python patches with Git. The
python3 package patches had already been converted, but not the python
package patches. Therefore, this commit does the move.
There is no functional change, only reformatting of the patches.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This package has been marked as broken since 2015.02. Since this was
already unavailable without mention in Config.in.legacy for 9 Buildroot
releases, legacy handling isn't very useful.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This option has been marked as broken since 2011. No need for legacy
handling.
And anyway, nowadays we use automatic dependencies for bindings.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This option has been marked as broken since 2010. No need for legacy
handling.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas: remove dead code in qt.mk, as pointed out by Peter Seiderer.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This package has been marked as broken since 2010. No need for legacy
handling.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This package has been marked as broken since 2010. No need for legacy
handling.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This option has been marked as broken since 2016.08. Since nobody
repaired it, we'll just remove it.
Since technically it was already removed in 2016.08, it's added to the
2016.08 section of the legacy menu.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Gustavo Sverzut Barbieri <barbieri@profusion.mobi>
Reviewed-By: Gustavo Sverzut Barbieri <barbieri@profusion.mobi>
Acked-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
libaio has support for powerpc64(le), so enable the corresponding
package on those architectures.
Signed-off-by: Daniel Black <daniel.black@au.ibm.com>
Acked-by: Cyril Bur <cyrilbur@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Like ARM, BR2_ARCH doesn't correspond to the uname -m. With cmake
CMAKE_SYSTEM_PROCESSOR is expected to contain the uname -m value.
So we change CMAKE_SYSTEM_PROCESSOR from powerpc64 -> ppc64 (big endian)
and powerpc64le -> ppc64le (little endian).
This corrects the cross compile to the powerpc64{,le} target
architecture for the mariadb (and possibly others) packages that
use the CMAKE_SYSTEM_PROCESSOR variable and compare it against
Power64 based architectures.
Signed-off-by: Daniel Black <daniel.black@au.ibm.com>
Acked-by: Cyril Bur <cyrilbur@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
lighttpd server runs cgi application that has no way to get environment
variables that are set up for it.
S50lighttpd is changed to source /etc/default/lighttpd file where these
environment variables can be set up.
Signed-off-by: Philipp Skadorov <philipp.skadorov@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
S50lighttpd contains repeating keywords that are worth carrying out as
variables: pid file name, daemon name, config file name.
Signed-off-by: Philipp Skadorov <philipp.skadorov@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
firejail depends on !uClibc, so the "firejail needs !uClibc" comment
should be displayed when we do have uClibc. Right now the logic is just
the other way around, so flip it.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Firejail Security Sandbox
https://firejail.wordpress.com/
Lightweight application sandboxing system using seccomp and kernel
namespaces.
Signed-off-by: Chris Frederick <cdf123@cdf123.net>
[Thomas:
- Fix DEVELOPERS entry: use <> around the e-mail address instead of ()
- firejail builds fine with musl, so only exclude uclibc, which fails
to build with EM_ARM undeclared
- Update to upstream version 0.9.44.8.
- Remove FIREJAIL_MAKE_OPTS, as suggested by Romain Naour.
- Pass --enable-busybox-workaround only if Busybox is enabled, as
suggested by Romain Naour.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As announced by Rob Clark at:
https://lists.freedesktop.org/archives/mesa-dev/2017-February/145745.html
, the kmscube repository has been moved from github to freedesktop.org,
so change it to the new location.
With the newest code the local patch for adding imx-drm support
is no longer needed.
Also, on imx6q we need to explicitily pass the card device now:
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We have decided that lua packages should have a name that starts with
lua (like is the case for python and perl). However, we're not going to
rename all the existing lua packages that don't start with lua. This
makes it unclear for people adding packages how they should name the
package, so add a comment to package/Config.in to explain it.
It's rather terse but it gets the message across.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The location at ftp.csx.cam.ac.uk only stores 2 latest versions of PCRE.
This results in old (2015.11 and older currently) buildroot versions
timing out on wget several times and having to retrieve the package
from sources.buildroot.org afterwards.
Signed-off-by: Oleg Kitain <okitain@ya.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This reverts commit bf1c9828f2.
This commit was part of the Kodi 17 series and was committed too early,
current Kodi 16 is incompatible with this bump and needs to be
reverted, fixes https://bugs.busybox.net/show_bug.cgi?id=9711
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This reverts commit 2ac3045453.
This commit was part of the Kodi 17 series and was committed too early,
current Kodi 16 is incompatible with this bump and needs to be
reverted, fixes https://bugs.busybox.net/show_bug.cgi?id=9711
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Update test-disabling patch for new version, and git format it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
GNUTLS-SA-2017-3A - Addressed integer overflow resulting to invalid
memory write in OpenPGP certificate parsing.
GNUTLS-SA-2017-3B - Addressed crashes in OpenPGP certificate parsing,
related to private key parser. No longer allow OpenPGP certificates
(public keys) to contain private key sub-packets.
GNUTLS-SA-2017-3C - Addressed large allocation in OpenPGP certificate
parsing, that could lead in out-of-memory condition.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
