mariadb is licensed under GPL-2.0, which is not license compatible with
modern readline (GPL-3.0+), so instead use the bundled older version
(GPL-2.0+ licensed) of readline instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 29cdf119f3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
lvm2 is licensed under GPL-2.0, which is not license compatible with
readline (GPL-3.0+), so drop the optional dependency and add a comment
explaining why.
Notice: The readline support is only used when the raw lvm tool is called
without arguments.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit be72d8c9e6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3f761492ac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The tarball unfortunately does not include a dedicated license file, so
instead use the main source file for the setkey command.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2dff01f24b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
chrony is licensed under GPL-2.0, which is not license compatible with
readline (GPL-3.0+), so remove the optional readline handling and replace
with libedit instead.
While we are at it, also explicitly disable the libedit backend when not
available.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit baadfbcc02)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
While the core connman code is licensed under GPL-2.0, the client code is
GPL-2.0+ for compatibility with readline (which is GPL-3.0+).
Extend the _LICENSE with this info to clarify that linking against
readline is OK licensing wise.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7d0ee8b4b8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build can sometimes fails on:
src/svgtiny.c:21:10: fatal error: autogenerated_colors.c: No such file or directory
#include "autogenerated_colors.c"
^~~~~~~~~~~~~~~~~~~~~~~~
because svgtiny.c does not properly depends on autogenerated_colors.c
that is built by gperf. So, just disable parallel build instead of
trying to fix this issue especially because libsvgtiny uses the netsurf
buildsystem
Fixes:
- http://autobuild.buildroot.org/results/48e7a7f7c72634d59cca817778d31661bfe8e72f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 26d67a2599)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
François has regularly updated this defconfig in the last few years,
so it makes sense to have him as a contact for it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Francois Perrad <francois.perrad@gadz.org>
Acked-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 560affd654)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit dca3a64b48)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Starting with Binutils 2.33.1, elf2flt segfault while building busybox:
"ld (ld-elf2flt):
/opt/armv7m--uclibc--bleeding-edge-2/arm-buildroot-uclinux-uclibcgnueabi/bin/elf2flt
This was reported to the Binutils mailing list and it's seems
an elf2flt issue with .ARM.exidx RO data section as explained
by: https://sourceware.org/ml/binutils/2019-10/msg00132.html
Apply the patch provided by Greg Ungerer [1] and tested by
Christophe Priouzeau using stm32f469_disco_defconfig on
stm32f469-disco board.
Fixes:
https://gitlab.com/kubu93/toolchains-builder/-/jobs/319395300
[1] https://github.com/uclinux-dev/elf2flt/issues/12
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2b064f86b6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When a package specifies extra downloads, it has the option to only name
the basename of the extra download, in which case that extra download
will be retrieved from the same location the main download is retrieved
from.
In that case, if the extra download contains a '+', it would confuse the
dl-wrapper, which believes the LHS of the '+' is the site method, and
the RHS the actual URI, and so the dl-wrapper mangles and damages the
URI when fetching such extra downloads, like that happens with android
tools, where the proper URI and mangled URIs of the extra download are,
respectively:
https://launchpad.net/ubuntu/+archive/primary/+files/android-tools_4.2.2+git20130218-3ubuntu41.debian.tar.gzhttp://archive/primary/+files/android-tools_4.2.2+git20130218-3ubuntu41.debian.tar.gz
We fix that by always propagating the site method to extra downloads,
but only when they are specified as relative to the main download URI.
For the extra downloads that specify a full URI, it is not systematic
that it is the same site method. For example, a main download could be a
git clone, but an extra download a pure http download; in that case we
can't replicate the site method for extra downloads, so they'll have to
take appropriate care to specify the required method and encoding if
needed.
Reported-by: Jemy Zhang <jemy.zhang@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Jemy Zhang <jemy.zhang@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2c543b4f4c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The name of the option to enable/disable support for pulseaudio has been
in flux in FreeRDP, sometimes being WITH_PULSE, sometimes being the
erroneous WITH_PULSEAUDIO. Eventually, FreeRDP came to their feet, and
fixed it to WITH_PULSE everywhere.
Signed-off-by: Alexey Lukyanchuk <skif@skif-web.ru>
[yann.morin.1998@free.fr:
- remove useless (obsolete) WITH_PULSEAUDIO
- fix the else clause too
- enhance commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 807495a885)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current URL from which we download the yaffs2utils tarball no
longer works:
-2019-11-02 10:17:20-- https://yaffs2utils.googlecode.com/files/0.2.9.tar.gz
Resolving yaffs2utils.googlecode.com (yaffs2utils.googlecode.com)... 2a00:1450:400c:c02::52, 173.194.76.82
Connecting to yaffs2utils.googlecode.com (yaffs2utils.googlecode.com)|2a00:1450:400c:c02::52|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2019-11-02 10:17:20 ERROR 404: Not Found.
So, let's replace it with a working URL.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 41f4c85dd0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6feba7cba1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cf9afa50e1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
eudev and systemd provide a hardware database (hwdb) as a set of
multiple files. Various other utilities may also use that database.
Those files have to be "compiled" into a binary to be useful; libudev
(and thus all utilities based on it) only use the compiled hwdb.
Compiling the hwdb is done with udevadm, using the hwdb sub-command:
udevadm hwdb --update
Provide a simple host-variant of eudev, so that we can call udevadm at
build time.
When it is configured, eudev will shoehorn its --prefix path as the base
location where the .hwdb file will be searched from, as well as where
the hwdb.bin will be generated in. This means that with the usual
--prefix=$(HOST_DIR), it would look into there.
udevadm also accepts a --root=/path option at runtime, which prepends
/path to all the paths it uses to find and generate files.
Obviously, combining --root=$(TARGET_DIR) and --prefix=$(HOST_DIR) would
not do what we want: all files would be searched for, and generated, in
$(HOST_DIR)$(TARGET_DIR)/ . Avoiding use of --root would not help much
either, as files would still searched in $(HOST_DIR) (we could use a
trick to copy files there, generate and then move the hwdb.bin, but
that's not nice).
However, since we only need udevadm, and since udevadm has no internal
and no external dependency, we can use a less dirty trick and configure
host-eudev with --prefix=/usr (and similar for the other paths), manually
copy udevadm to HOST_DIR, and then use --root when calling it.
Then, we get a udevadm that can read files from, and generate files into
$(TARGET_DIR). We register a target-finalize hook to generate the
hwdb.bin, so that any pakage may install its .hwdb files (currently only
eudev and systemd do, but other packages might (e.g. sane is known to do
so on standard desktop distros))
The *.hwdb source files consume a lot of space, roughly the same as the
generated database, i.e. ~8MiB as of today, and they are totally useless
on the target; only the generated hwdb.bin is useful. So we want to get
rid of them.
However, we also want to be able to complete a build (e.g. make
foo-reinstall to reinstall more hwdb files), so we don't want to
irremediably lose them. As such, we register a pre-rootfs-cmd hook, that
removes them just before assembling the filesystems, when we're only
using a copy of the target directory.
Note that this is the first host package to register a target-finalize
hook, and also the first to register a pre-rootfs-cmd hook. This avoids
duplicating these hooks logic in both eudev and systemd.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c2fee90943)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The indirect dependency through kmod was not tracked.
Detected with randconfig.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0c768dbbd9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
fakeroot can be built to either use SYSV IPC or TCP for message passing.
A bug was discovered where Microsoft Windows 10 Services for Linux
doesn't include support for SYSV IPC MsgQ. This patch adds support to
detect this case and automatically build fakeroot to use the TCP
transport instead (It is assumed a TCP transport would definitely have
more overhead then MsgQs so the default wasn't changed to TCP).
Fixes
https://bugs.busybox.net/show_bug.cgi?id=11366
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Jean-Francois Doyon <jfdoyon@gmail.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Arnout: use a post-patch hook and AUTORECONF=YES]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit fd1bcce989)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2019-18408: archive_read_format_rar_read_data in
archive_read_support_format_rar.c in libarchive before 3.4.0 has a
use-after-free in a certain ARCHIVE_FAILED situation, related to
Ppmd7_DecodeSymbol.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 2ba99ff4e2 (DEVELOPERS: trim runtime tests for Ricardo
Martincoski) backported a commit to tweak the DEVELOPERS entry, but
test_check_package.py is not in 2019.02.x, leading to check-package
complaining:
WARNING: 'support/testing/tests/utils/test_check_package.py' doesn't match any file
So drop that line.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit 127eff5c2f.
The a33 board is not in 2019.02.x, leading to complaints from check-package:
WARNING: 'board/olimex/a33_olinuxino/' doesn't match any file
WARNING: 'configs/olimex_a33_olinuxino_defconfig' doesn't match any file
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- bpo-38243: Escape the server title of xmlrpc.server.DocXMLRPCServer when
rendering the document page as HTML. (Contributed by Dong-hee Na in
bpo-38243.)
- bpo-38174: Update vendorized expat library version to 2.2.8, which
resolves CVE-2019-15903.
- bpo-37764: Fixes email._header_value_parser.get_unstructured going into an
infinite loop for a specific case in which the email header does not have
trailing whitespace, and the case in which it contains an invalid encoded
word. Patch by Ashwin Ramaswami.
- bpo-37461: Fix an infinite loop when parsing specially crafted email
headers. Patch by Abhilash Raj.
- bpo-34155: Fix parsing of invalid email addresses with more than one @
(e.g. a@b@c.com.) to not return the part before 2nd @ as valid email
address. Patch by maxking & jpic.
Additionally, the release contains a number of non-security related fixes.
For details, see the changelog:
https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-5-final
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
iconv.h is always included by mz_os_posix.c so select
BR2_PACKAGE_LIBICONV if !BR2_ENABLE_LOCALE
Fixes:
- No autobuilder failures
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 19806dab03)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
At the moment libnss assumes that every ARM has NEON extension but it's
not that way. So add a patch to make it aware of it and use native
functions in place of NEON optimized ones.
Fixes:
http://autobuild.buildroot.net/results/1342d305d1aeebef7af54a83afc094fda12421e2/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 166d6b1bce)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2019-10218:
Malicious servers can cause Samba client code to return filenames containing
path separators to calling code.
- CVE-2019-14833:
When the password contains multi-byte (non-ASCII) characters, the check
password script does not receive the full password string.
- CVE-2019-14847:
Users with the "get changes" extended access right can crash the AD DC LDAP
server by requesting an attribute using the range= syntax.
Release notes:
https://www.samba.org/samba/history/samba-4.9.15.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libsigrok optionally depends on libftdi1, not libftdi. This was already
the case for a long time, but until the recent commit 01b30e5d69, all
the configure options were wrong so it would use the automatic check for
availability of libftdi1. Now we pass the --with-libftdi option
explicitly, configure will fail if libftdi1 is not available.
Fixes:
- http://autobuild.buildroot.net/results/ec1f9f57944139b24738c1be529c4fc4b128a516
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 658388138c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerability:
- CVE-2019-17596: Invalid DSA public keys can cause a panic in dsa.Verify.
In particular, using crypto/x509.Verify on a crafted X.509 certificate
chain can lead to a panic, even if the certificates don’t chain to a
trusted root. The chain can be delivered via a crypto/tls connection to a
client, or to a server that accepts and verifies client certificates.
net/http clients can be made to crash by an HTTPS server, while net/http
servers that accept client certificates will recover the panic and are
unaffected.
Upstream has not provided a go 1.11.x release with a fix for this, so
instead include the Debian backport of the upstream security fix from:
https://sources.debian.org/src/golang-1.11/1.11.6-1+deb10u3/debian/patches/0008-Fix-CVE-2019-17596.patch/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If C++ is enabled, enable cxx exceptions, so libunwind will implement
_Unwind_GetIP which is used by mono (which already depends on C++)
Fixes:
- http://autobuild.buildroot.net/results/dbd64c89815d393a4e28b312d74fd80ee6de92da
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d5bcb30cf9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Laurent reported that a short tutorial was missing in the manual to
explain how to reuse a Buildroot toolchain as external toolchain.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Laurent Guillier <laurent.guillier@smile.fr>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas: completely rewrite the thing]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f7b0b0ad73)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
"mount" from the "util-linux" package does expect the helper utilities
in "/sbin" and not "/usr/sbin". We use "--exec-prefix=/" to fix the
issue. The man-pages are then still installed under "/usr/share/man".
Signed-off-by: Wolfgang Grandegger <wg@grandegger.com>
Tested-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e7f32dc3c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use pkg-config to retrieve static dependencies of libarchive in gvfs.mk
instead of patching configure.ac as upstream switched to meson
Fixes:
- http://autobuild.buildroot.org/results/486187bb7b8800f44a8c173af518b84e68e53584
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9b66547108)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerability:
- CVE-2019-18218: cdf_read_property_info in cdf.c in file through 5.37 does
not restrict the number of CDF_VECTOR elements, which allows a heap-based
buffer overflow (4-byte out-of-bounds write).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1c4584e47e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Retrieve upstream patch to fix build with BR2_PIC_PIE on x86
Fixes:
- http://autobuild.buildroot.org/results/b1252b7907944d227694ad8506de25881bf2ca04
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 41eadb1a9b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fd69562949)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
