There is no reason to create boot.scr in board/udoo/neo and later
install it in TARGET_DIR/boot, leaving a stale file behind.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2306339d1f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is no reason to create boot.scr in board/solidrun/mx6cubox and
later install it in TARGET_DIR/boot, leaving a stale file behind.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9ddbd11620)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is no reason to create boot.scr at board/wandboard and later
install it at TARGET_DIR/boot, leaving a stale file behind.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f14e95b3ff)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The package builds libparson, but does not install it, let's fix this.
Signed-off-by: Stephan Hoffmann <stephan.hoffmann@ext.grandcentrix.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 94120fd7c7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Unlike the other libraries built by azure-iot-sdk-c, libumqtt follows
a regular versioning scheme. It has a libumqtt.so.1 SONAME, with
libumqtt.so.1 being a symlink to libumqtt.so.1.1.11.
However, we currently install the library itself as libumqtt.so to the
target filesystem, which is not its SONAME, which means it cannot be
found by any other library/program linked against it.
This commit fixes that by installing the library as
libumqtt.so.1.1.11, and creating the appropriate symlinks. The static
library installation is not modified.
Signed-off-by: Stephan Hoffmann <stephan.hoffmann@ext.grandcentrix.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 570dd0c31b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As a preparation for adding the creation of some symlinks, let's
factor the library installation into a function.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 43822bb6db)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The canonical way to use $(INSTALL) is to have a full destination
path, that includes the file name.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 59de11b047)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The original pattern for creating the pid file was:
open_create(pid_file)
write(pid_file, pid)
close(pid_file)
But if a power outage occurs between open_create and write, the file will
be empty and httpd will refuse to start afterwards unless the corrupt pid
file is removed.
This patch uses the pattern:
open_create(temp_pid_file)
write(temp_pid_file)
close(temp_pid_file)
rename(temp_pid_file, pid_file)
which is guaranteed to be atomic, provided that temp_pid_file and pid_file
are located in the same file system, which this patch does by creating
a temporary file name with the pattern:
pid_file_name + random_suffix
Patch is upstream as of
dd10a9352e,
which will be in the next 2.5.x version.
Signed-off-by: Nicolas Carrier <nicolas.carrier@orolia.com>
[Thomas: update to use upstreamed patch.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 67fbb903b6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
*) SECURITY: CVE-2020-1934 (cve.mitre.org)
mod_proxy_ftp: Use of uninitialized value with malicious backend FTP
server. [Eric Covener]
*) SECURITY: CVE-2020-1927 (cve.mitre.org)
rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
matches and substitutions with encoded line break characters.
The fix for CVE-2019-10098 was not effective. [Ruediger Pluem]
The LICENSE file has been updated to fix a s/waranties/warranties/ typo, so
update the hash to match and adjust the spacing to match recent agreements:
-This software is provided "as is" and any express or implied waranties,
+This software is provided "as is" and any express or implied warranties,
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2bf40ad66b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch adds @CMAKE_SYSROOT@ to mariadb_config.c.in. Without it,
mariadb_config and mysql_config incorrectly returns host paths for
include paths and library paths.
The patch has been accepted upstream at
b787c0d69c
Reported-by: Alexey Lukyanchuk <skif@skif-web.ru>
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 905e4f2890)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream libmad is dead since 2004 so switch to debian package to get
two patches that fix the following CVEs:
- CVE-2017-8372: The mad_layer_III function in layer3.c in Underbit MAD
libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to
cause a denial of service (assertion failure and application exit)
via a crafted audio file.
- CVE-2017-8373: The mad_layer_III function in layer3.c in Underbit MAD
libmad 0.15.1b allows remote attackers to cause a denial of service
(heap-based buffer overflow and application crash) or possibly have
unspecified other impact via a crafted audio file.
- CVE-2017-8374: The mad_bit_skip function in bit.c in Underbit MAD
libmad 0.15.1b allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) via a crafted
audio file.
Moreover:
- Remove third patch (replaced by optimize.diff debian patch)
- Remove fourth patch (same patch than
Provide-Thumb-2-alternative-code-for-MAD_F_MLN.diff)
- Remove fifth patch (same patch than libmad.thumb.diff)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 858df3643f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since switch to debian in commit
210ccaef57, host-gperf is needed to
generate frametype.c because debian/patches/add-m4-directory.patch
patches Makefile.am. As a side effect, libid3tag tries to generate
frametype.c from frametype.gperf due to following rule:
$(srcdir)/frametype.c: $(srcdir)/frametype.gperf Makefile.am
cd $(srcdir) && \
gperf -tCcTonD -K id -N id3_frametype_lookup -s -3 -k '*' \
frametype.gperf | \
sed -e 's/\(struct id3_frametype\);/\1/' | \
sed -e '/\$$''Id: /s/\$$//g' >frametype.c
If host-gperf is not available, frametype.c will be empty and build with
madplay will fail on:
configure:17243: checking for snd_pcm_open in -lasound
configure:17268: /home/giuliobenetti/autobuild/run/instance-3/output-1/host/bin/powerpc64-linux-gcc -o conftest -Wall -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=1 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 conftest.c -lasound -L/home/giuliobenetti/autobuild/run/instance-3/output-1/host/bin/../powerpc64-buildroot-linux-gnu/sysroot/usr/lib -lasound -L/home/giuliobenetti/autobuild/run/instance-3/output-1/host/bin/../powerpc64-buildroot-linux-gnu/sysroot/usr/lib -lid3tag >&5
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/powerpc64-buildroot-linux-gnu/8.3.0/../../../../powerpc64-buildroot-linux-gnu/bin/ld: /home/giuliobenetti/autobuild/run/instance-3/output-1/host/bin/../powerpc64-buildroot-linux-gnu/sysroot/usr/lib/libid3tag.so: undefined reference to `id3_frametype_lookup'
Fixes:
- http://autobuild.buildroot.org/results/15a8c7f6e34b26446179c04383719ea71495403e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7ecd0e4edf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream libid3tag is dead since 2004 so switch to debian to get two
patches that fix the following CVEs:
- CVE-2004-2779: id3_utf16_deserialize() in utf16.c in libid3tag
through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd
number of bytes, triggering an endless loop allocating memory until
an OOM condition is reached, leading to denial-of-service (DoS).
- CVE-2017-11550: The id3_ucs4_length function in ucs4.c in libid3tag
0.15.1b allows remote attackers to cause a denial of service (NULL
Pointer Dereference and application crash) via a crafted mp3 file.
- CVE-2017-11551: The id3_field_parse function in field.c in libid3tag
0.15.1b allows remote attackers to cause a denial of service (OOM)
via a crafted MP3 file.
Moreover, drop patch (replaced by add-m4-directory.patch debian patch)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 210ccaef57)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The DTLS support needs either gnutls or openssl, so let's have these
packages as optional dependencies. We prefer gnutls over openssl as
done by upstream in their configure.ac when the user does not provide
any option (which is the case currently)
While there is support for tinydtls, and Buildroot has a tinydtls
package, libcoap is only able to use its own internal library, and
only when static linking is enabled, so we simply disable the use of
tinydtls altogether.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8b14f6b49b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Our pkg-config wrapper is not used since commit
4e0bc29993, this raise static build
failures with libglib2 because --static is not passed anymore to
pkg-config so add a patch to get back the old behaviour.
The patch was proposed upstream
https://github.com/mesonbuild/meson/pull/6629, and the feedback was
not very positive. However, we need a solution that works for
Buildroot now, and this proposal is simple enough.
Fixes:
http://autobuild.buildroot.org/results/0d36952def63cb69628697fa6408aeb6ce10cb5b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cf75d7da98)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
wget has an optional dependency to libiconv:
http://git.savannah.gnu.org/cgit/wget.git/tree/configure.ac#n344
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a3460121b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since there is a variable definition between the definition of
BR2_PACKAGE_JPEG and the choice depending on it, the choice is
not indented bewlo the "jpeg support" prompt, like we like to
have:
[*] jpeg support
jpeg variant (jpeg-turbo) --->
Move the BR2_PACKAGE_JPEG right before the choice (really, move
BR2_PACKAGE_JPEG_SIMD_SUPPORT before BR2_PACKAGE_JPEG, but diff
finds the move of BR2_PACKAGE_JPEG is smaller to display):
[*] jpeg support
jpeg variant (jpeg-turbo) --->
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7a48ac725f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 02dfcda54a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f0c0c7b75d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f2047e3d00)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit 2cc2ae83fc, kodi-pvr-vuplus
has a dependency on json-for-modern-cpp, but the dependency of
json-for-modern-cpp on gcc >= 4.9 was not propagated. Let's fix that.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 76c2914703)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As reported by our gitlab runtime test [1] and on the mailing list
[2], the test_python_django is failing due to django server taking a
lot of time to start. Since the django server is started in background
through pexpect, we can't easily wait for the last startup line:
"January 01, 1970 - 00:00:41
Django version 3.0.4, using settings 'testsite.settings'
Starting development server at http://0.0.0.0:1234/
Quit the server with CONTROL-C."
In the failing gitlab job, we don't see such lines.
If we increase a lot the timout, the test passes.
Use timeout_multiplier introduced by [3] in order to adjust the
timeout.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/488816222
Tested:
https://gitlab.com/kubu93/buildroot/-/jobs/507458355
[1] https://gitlab.com/buildroot.org/buildroot/-/jobs/488816222
[2] http://lists.busybox.net/pipermail/buildroot/2020-April/279598.html
[3] 6e45e33f27
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3e6b97e09e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 9cae8f557b introduced an optional
dependency on GPM, but got the name of the option wrong, and used
GMP. In fact, even the commit title was wrong.
This causes a build failure:
Makefile:578: *** gpm is in the dependency chain of mc that has added it to its _DEPENDENCIES variable without selecting it or depending on it from Config.in. Stop.
Fixes:
http://autobuild.buildroot.net/results/52fb92ae7dd55cba7d19862bb6cd89c80da9a4b6/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 52d10583b3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream commit
b9c295d3cf
which has been part of the releases since v19.10.1 has added
werkzeug dependency.
Without werkzeug package, the test TestPythonPy3Crossbar
is failing at runtime with this error:
ModuleNotFoundError: No module named 'werkzeug'
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/498144523
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3d4a545630)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove erroneously python-lxml dependency (as noted by
Peter Korsgaard).
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ebc55329cb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build can fail because boinc uses curl-config that it founds on host:
checking for curl-config... /usr/bin/curl-config
checking for the version of libcurl... 7.47.0
checking for libcurl >= version 7.17.1... yes
checking whether libcurl is usable... no
Fixes:
- http://autobuild.buildroot.org/results/26ab8024e3ef70b898981763f4ea89b647cc9f4b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 546d280b24)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit dcaf6e75a (package/gcc: pass -Wno-error to debug builds)
introduced non-ASCII characters in a comment, copy-pasted from a
terminal output.
check-package does not like non-ASCII characters, and whines about
them.
Replace the fancy quotes by standard ASCII ones.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2a6003ddd5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2020-11100: In hpack_dht_insert in hpack-tbl.c in the HPACK
decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can
write arbitrary bytes around a certain location on the heap via a
crafted HTTP/2 request, possibly causing remote code execution.
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5ec43086bc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
* CVE-2020-11501: It was found that GnuTLS 3.6.3 introduced a
regression in the DTLS protocol implementation. This caused the DTLS
client to not contribute any randomness to the DTLS negotiation
breaking the security guarantees of the DTLS protocol.
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 170d06cfc6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b27a07ceb6)
[Peter: drop 5.5.x / 5.6.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gcc fails to build in debug build with debug optimisations:
BR2_x86_corei7=y
BR2_ENABLE_DEBUG=y
BR2_DEBUG_3=y
BR2_OPTIMIZE_G=y
BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y
which fails with:
../../../../libsanitizer/libbacktrace/../../libbacktrace/elf.c:772:21: error: ‘st.st_mode’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
return S_ISLNK (st.st_mode);
^
Upstream has been unable to reproduce/fix properly, details:
https://gcc.gnu.org/legacy-ml/gcc-patches/2019-03/threads.html#00827
Upstream recommends passing -Wno-error as a workaround, see:
https://gcc.gnu.org/pipermail/gcc-patches/2019-April/519867.html
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr: add the reproducing defconfig]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit dcaf6e75ac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
After the staging installation, we replace a number of paths in libtool
.la files so that those paths point to STAGING_DIR instead of a location
in the build machine.
However, we replace only paths that start with /usr. And it turns out
that the linux-pam package is configured with --libdir=/lib (linux-pam
seems to always be installed in /lib rather than /usr/lib).
Due to this, libpam.la contains the following line:
libdir='/lib'
When building a configuration that has:
- BR2_ROOTFS_MERGED_USR=y
- BR2_PACKAGE_LINUX_PAM=y
- BR2_PACKAGE_POLKIT=y
on a system that has its system-wide PAM library installed in /lib,
the build fails with:
/lib/libpam.so: file not recognized: File format not recognized
For some reason, libtool searches only in STAGING_DIR/usr/lib, but
when BR2_ROOTFS_MERGED_USR=y, STAGING_DIR/lib points to
STAGING_DIR/usr/lib, so libtool finds libpam.la. And this libpam.la
contains a bogus libdir='/lib' path. libtool then goes on, finds
/lib/libpam.so, and links with it, causing the build failure.
By doing the proper replacement of libdir='/lib', we have a correct
libpam.la, and solve the build issue.
There is no autobuilder failure associated to this issue, as it
requires /lib/libpam.so to exist. This is the case on ArchLinux, on
which Xogium reported the issue, which can also be reproduced in an
ArchLinux container.
Reported-by: Xogium <contact@xogium.me>
Cc: Xogium <contact@xogium.me>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Yann E. MORIN <yann.morin.1998@free.fr>
[yann.morin.1998@free.fr:
- tested by manually creating a symlink to libpam.so in /lib
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7ae7c82dd6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
