erlang-p1-iconv does not exist as a package in buildroot and cause warning
with get-developers :
./utils/get-developers -p erlang-p1-iconv
WARNING: 'package/erlang-p1-iconv/' doesn't match any file
Signed-off-by: Joris Offouga <offougajoris@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Many tools use __FILE__ or __BASE_FILE__ for debugging and both
capture the build path. This results in non-reproducible images when
building in different directories.
If the config uses GCC 8 or above, we use -ffile-prefix-map=old=new
and let gcc take care of the path remapping in __FILE__. Since GCC
versions before v8 did not have this feature, we use an empty string
in that case, and disable the builtin-macro-redefined warning which
would otherwise trigger and cause build issues with -Werror.
Signed-off-by: Atharva Lele <itsatharva@gmail.com>
[Thomas:
- as suggested by Arnout, use the empty string for the __FILE__ and
__BASE_FILE__ value
- as suggested by Romain, also handle __BASE_FILE__ in addition to
__FILE__
- pass -Wno-builtin-macro-redefined to avoid build errors when
-Werror is passed]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
mender-grubenv currently has 3 problems that prevent an x86_64-efi image from
successfully being made with the genimage.sh script.
- mender-grubenv does not currently depend on Grub2.
While Grub2 is not needed to build the mender-grubenv package, Grub2 needs
to be built first for mender-grubenv to overwrite the default Grub2 files
reliably.
- The MENDER_GRUBENV_ENV_DIR variable points to /boot/efi/EFI/BOOT instead of
/boot/EFI/BOOT, which is where the Grub2 package installs the default files.
This variable now points to the correct location.
- The Grub2 package installs images to $(BINARIES_DIR)/efi-part, which the
mender-grubenv package currently does not do. As such; the default Grub2
configuration file is used instead of the one provided by mender-grubenv.
Adding a MENDER_GRUBENV_INSTALL_IMAGES_CMDS define in mender-grubenv.mk which
copies the installed files from $(TARGET_DIR)/boot/EFI to
$(BINARIES_DIR)/efi-part fixes this issue.
Signed-off-by: Adam Duskett <aduskett@greenlots.com>
[Thomas:
- drop "runtime" on the depends on BR2_TARGET_GRUB2 since we now have
a build-time dependency on it
- explicitly copy the files installed by mender-grubenv in
MENDER_GRUBENV_INSTALL_IMAGES_CMDS instead of blindly copying
everything that is in $(TARGET_DIR)/boot/EFI]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
More and more packages are now depending on ln --relative, some require
realpath, both of which only got introduced in "recent" versions of
coreutils; older distros had a separate realpath, though, but that is
not in the list of our required dependencies, and was not installed by
default.
So, we introduce a minimal host variant of coreutils to provide those
programs.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package was a dependency to ejabberd-18.09. It is not anymore
use by any package nor maintain upstream, so remove it.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There are two remainning patches to:
- change the Makefile rules so dependencies are not downloaded/compiled;
- fix ejabberd user in ejabberdctl script.
The erlang-p1-iconv package is not anymore a dependency for ejabberd.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
While at it, add the hash file which was missing.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit ada40afb32 updated the raspberrypi*defconfigs to use
-add-miniuart-bt-overlay instead of -add-pi3-miniuart-bt-overlay.
Update raspberrypi0w_defconfig also.
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Remove patch (already in version) and so drop autoreconf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove the patch that's now upstream.
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
[Peter: drop _AUTORECONF]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove the patch that's now upstream.
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2019-14271: In Docker 19.03.x before 19.03.1 linked against the GNU C
Library (aka glibc), code injection can occur when the nsswitch facility
dynamically loads a library inside a chroot that contains the contents of
the container
Signed-off-by: Christian Stewart <christian@paral.in>
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2019-14271: In Docker 19.03.x before 19.03.1 linked against the GNU C
Library (aka glibc), code injection can occur when the nsswitch facility
dynamically loads a library inside a chroot that contains the contents of
the container
Signed-off-by: Christian Stewart <christian@paral.in>
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
containerd 1.2.9/gRPC:
- CVE-2019-9512: Some HTTP/2 implementations are vulnerable to ping floods,
potentially leading to a denial of service. The attacker sends continual
pings to an HTTP/2 peer, causing the peer to build an internal queue of
responses. Depending on how efficiently this data is queued, this can
consume excess CPU, memory, or both
- CVE-2019-9514: Some HTTP/2 implementations are vulnerable to a reset
flood, potentially leading to a denial of service. The attacker opens a
number of streams and sends an invalid request over each stream that
should solicit a stream of RST_STREAM frames from the peer. Depending on
how the peer queues the RST_STREAM frames, this can consume excess memory,
CPU, or both
- CVE-2019-9515: Some HTTP/2 implementations are vulnerable to a settings
flood, potentially leading to a denial of service. The attacker sends a
stream of SETTINGS frames to the peer. Since the RFC requires that the
peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS
frame is almost equivalent in behavior to a ping. Depending on how
efficiently this data is queued, this can consume excess CPU, memory, or
both
containerd 1.2.10/runc:
- CVE-2019-16884: runc through 1.0.0-rc8, as used in Docker through
19.03.2-ce and other products, allows AppArmor restriction bypass because
libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a
malicious Docker image can mount over a /proc director
Signed-off-by: Christian Stewart <christian@paral.in>
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerability:
- CVE-2019-16884: runc through 1.0.0-rc8, as used in Docker through
19.03.2-ce and other products, allows AppArmor restriction bypass because
libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a
malicious Docker image can mount over a /proc directory.
Signed-off-by: Christian Stewart <christian@paral.in>
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Added bugfix patch to fix known issue suggested by upstream:
https://github.com/intel/libva/releases/tag/2.6.0
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
