Currently, the packages are sorted smallest first, and biggest last
(with unknown and others second-to-last and last, resp.).
Add an option to invert the ordering (but keeping unknown and others at
their current positions).
This has the nice side effect that we can now control the colours
assigned to the biggest package(s), as the colours are cycled from the
first to the last. Currently, the biggest packages gets a redish colour,
which is appropriate, but the second gets a greenish one, which is not
as appropriate (but changing that can come later).
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When dealing with embedded devices, storage is more often than not some
kind of flash device, on which the memory is usually counted as powers
of 1024 instead of powers of 1000. As such, people may prefer reports
using IEC prefixes [0] instead of the SI prefixes.
Add an option to that effect.
We use argparse's ability to use custom actions [1] [2], to provide a
set of options that act on a boolean, but has a single help entry and
internally ensures consistency of the settings. We could have been using
the more conventional store_true/store_false actions instead, but that
would have meant either two help entries, one for each set of options,
and/or some logic after parse_args() to check the validity of the
settings.
[0] https://en.wikipedia.org/wiki/Binary_prefix
[1] https://docs.python.org/2/library/argparse.html#action
[2] https://docs.python.org/2/library/argparse.html#argparse.Action
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Currently, we group packages that contribute less then 1%, into the
"Other" category.
However, in some cases, there can be a lot of very comparatively small
packages, and they may not exceed this limit, and so only the "Others"
category would be displayed, which is not nice.
Conversely, if there are a lot of packages, most of which only so
slightly exceeding this limit, then we get all of them in the graph,
which is not nice either.
Add a way for the developers to pass a different cut-off limit. As for
the dependency graph which has BR2_GRAPH_DEPS_OPTS, add the environment
variable BR2_GRAPH_SIZE_OPTS to carry those extra option (in preparation
for more to come, later).
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[Arnout:
- remove empty base class definition from Config;
- use parser.error instead of ValueError for invalid argument.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Currently, we forcibly report sizes in multiple of Kilobytes. In some
big configurations, the sizes of the system as a whole, as well as that
of individual packages, may exceed megabytes, and when some artistic
assets get used, even the gigabyte may get exceed.
These big sizes are not easy to read when expressed in kilobytes.
Additionally, some very small packages might have sizes below the
kilobyte (and when we can specify the cut-off grouping size, they may
get reported), and thus the size displayed for those would be 0 kB.
Add a helper function that can format a floating-point size into a
string with all the appropriate formatting:
- there are at least 3 meaningfull digits visible, i.e. we display
"3.14" or "10.4" instead of just "3" or "10", but for big number we
don't care about too many precision either, so we report "100" or
"1000", not "100.42" or "1000.27";
- the proper SI prefix is appended, if needed.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Currently, the "unknown" category may be reported anywhere, so it does
not really stand out when there are a lot of packages in the graph.
Move it towards the end, but right before the "other" category, so that
it is a bit more visible. Like for Others, don't report it if its size
is zero.
Also, make it title case (i.e. "Unknown" instead of "unknown").
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
It is nicer overall to have a main() function, like all our other
scripts tend to have too.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
There are three E501 warnings returned by flake8, when run locally,
because we enforce a local 80-char limit, but that are not reported by
the gitlab-ci jobs because only a 132-char limit is required there.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Reviewed-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Release notes: https://www.videolan.org/developers/vlc-branch/NEWS
Fixes the following security bugs:
* Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
* Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
* Fix a read buffer overflow in the FAAD decoder
* Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)
* Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
* Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
* Fix a use after free in the ASF demuxer (CVE-2019-14533)
* Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
* Fix a null dereference in the dvdnav demuxer
* Fix a null dereference in the ASF demuxer (CVE-2019-14534)
* Fix a null dereference in the AVI demuxer
* Fix a division by zero in the CAF demuxer (CVE-2019-14498)
* Fix a division by zero in the ASF demuxer (CVE-2019-14535)
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
Security: when using HTTP/2 a client might cause excessive memory
consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
CVE-2019-9516).
For details, see the advisory:
https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit was pushed accidentally, it was not yet ready for prime
time. A better way to implement it was proposed.
In addition, it still introduces a circular dependency: systemd ->
polkit -> libglib2 -> util-linux -> systemd
This reverts commit 335c77b667.
uClibc doesn't build with the upstream binutils 2.32.x and gcc or1k
port due to the following error:
LD libuClibc-1.0.31.so
/opt/openrisc--uclibc--bleeding-edge-1/lib/gcc/or1k-buildroot-linux-uclibc/9.2.0/../../../../or1k-buildroot-linux-uclibc/bin/ld:
libc/libc_so.a(or1k_clone.os): pc-relative relocation against dynamic symbol
__syscall_error
See:
https://gitlab.com/kubu93/toolchains-builder/-/jobs/270854456
This error message come from a new check in binutils 2.32.x:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=f2c1801f6255a3f9f483ae2f07c7d7da0ddae4af
This issue has been reported on the uClibc-ng mailing list:
https://mailman.uclibc-ng.org/pipermail/devel/2019-August/001885.html
Since gcc 9.1 needs binutils 2.32.x or later to build successfully for
or1k, there is no binutils version left that can build gcc 9.1 and
uClibc.
For now, disable uClibc if gcc 9.1 is used for or1k.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Waldemar Brodkorb <mail@waldemar-brodkorb.de>
[Arnout: invert the logic, like in the rest of the file]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
With binutils 2.30.x or 2.31.x, the assembler doesn't
support the code generated by gcc 9.1:
Error: junk at end of line `l.movhi r17,gotoffha(.LC0)'
gotoffha is supported by binutils since version 2.32 [1].
It was added by the ork1 gcc port merged into gcc 9.x [2].
So, for or1k we can select gcc 9.x only if binutils 2.32
(or later) is selected.
Tested using qemu_or1k_defconfig and selecting musl libc,
binutils 2.32 and gcc 9.1.
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=1c4f3780f7d939402cfe555007ebff45c8e38951
[2] https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=d61fdfe71cfd42aa6454f2267a48c97820918fe3
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Waldemar Brodkorb <mail@waldemar-brodkorb.de>
[Arnout: invert the logic, like in the rest of the file]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- Add a patch to fix cross-compilation
- Fix the following CVEs:
- SQUID-2019:6 (CVE-2019-13345), Jul 12, 2019
Fixed from 4.8
Multiple Cross-Site Scripting issues in cachemgr.cgi
- SQUID-2019:5 (CVE-2019-12527), Jul 12, 2019
Fixed from 4.8
Heap Overflow issue in HTTP Basic Authentication processing
- SQUID-2019:3 (CVE-2019-12525), Jul 12, 2019
Fixed from 4.8
Denial of Service in HTTP Digest Authentication processing
- SQUID-2019:2 (CVE-2019-12529), Jul 12, 2019
Fixed from 4.8
Denial of Service in HTTP Basic Authentication processing
- SQUID-2019:1 (CVE-2019-12824), Jul 12, 2019
Fixed from 4.8
Denial of Service issue in cachemgr.cgi
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The findmount and lsblk utilities need udev to work correctly but cannot
be built with udev support because the packages providing libudev (eudev
and systemd) depend on util-linux, creating a chicken-egg problem. Solve
it by means of the following changes:
- Split util-linux into three packages:
- util-linux-libs, providing lib{blkid,fdisk,mount,smartcols,uuid}.
- util-linux-programs, providing both the aforementioned libs and the
programs.
- util-linux, a dummy package that drives configuration and building
of the other ones.
- Add blind selections for -libs and -programs, i.e. they are indirectly
selected according to the util-linux options.
- Make util-linux have build dependencies on util-linux-{libs,programs}
if they are selected.
- host-util-linux has a build dependency on either host-util-linux-libs
or host-util-linux-programs (not on both, since they are installed on
the same destination).
- Make eudev and systemd have build dependencies on util-linux-libs.
This can be extended to other packages in the future but is not needed
right now because the configuration options are backward-compatible.
- Make util-linux-programs have an optional build dependency on the
package that provides libudev (either eudev or systemd), if it is
selected.
util-linux-libs is installed on STAGING_DIR by default and on TARGET_DIR
if util-linux-programs is not selected. Conversely, util-linux-programs
installs on TARGET_DIR by default and on STAGING_DIR if util-linux-libs
is not selected. This prevents installing the libraries twice on the
same destination, which would confuse check-uniq-files.
With this approach we don't need to patch configuration files neither
change other packages besides eudev and systemd. Other packages that
require util-linux libraries and whose libraries can be used by
util-linux programs can be updated later. We also don't need to change
any existing defcconfig, since all configuration options are kept in
the dummy util-linux package.
The main drawback of this approach is that util-linux-rebuild, as wel as
-reinstall, -reconfigure and even -dirclean targets do not have real
effect. It's necessary to use util-linux-libs-rebuild, for instance, but
this is a reasonable price to pay for the solution.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=11811
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
For post-1.12.8 fixes. From the release notes:
go1.12.9 (released 2019/08/15) includes fixes to the linker, and the os and
math/big packages.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2019-14697: musl libc 1.1.23 and earlier x87 float stack imbalance
For more details, see the oss-security discussion:
https://www.openwall.com/lists/oss-security/2019/08/05/6
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is a typo in the handling of the
BR2_PACKAGE_GST1_PLUGINS_BASE_LIB_OPENGL_DISPMANX option: we're adding
dispmax to GST1_PLUGINS_BASE_WINSYS_LIST, which causes the following
build failure:
meson.build:1:0: ERROR: Options "dispmax" are not in allowed choices: "x11, wayland, win32, cocoa, dispmanx, viv-fb, gbm, auto"
We fix this by using the proper option name, "dispmanx" instead of the
slightly incorrect "dispmax".
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
/etc/quagga is listed in QUAGGA_PERMISSIONS, but is only created when
some of the quagga sub-options are enabled. When none of those
sub-options are enabled, /etc/quagga is not created, causing a build
failure when the filesystem images are created:
makedevs: line 1: recursive failed for /home/thomas/projets/outputs/quagga-minimal/build/buildroot-fs/tar/target/etc/quagga: No such file or directory
Since it is too cumbersome to maintain which sub-options exactly lead
to /etc/quagga being created, simply create /etc/quagga
unconditionally. It will simply be empty when the quagga package
doesn't install anything in it.
For the record, here is the list of files installed in /etc/quagga
when all quagga sub-options are enabled:
bgpd.conf.sample bgpd.conf.sample2 isisd.conf.sample
ospf6d.conf.sample ospfd.conf.sample pimd.conf.sample
ripd.conf.sample ripngd.conf.sample vtysh.conf.sample
zebra.conf.sample
Fixes:
http://autobuild.buildroot.net/results/cdb66589909fd3996186f7db7d1f19a3b03d58a0/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Switch to generic-package (autotools has been dropped since version
5.1.5)
- Remove hook and instead use dedicated makefile targets to build only
shared or static library and not binaries or documentation (added by
an upstreamble patch)
- ac_cv_prog_have_xmlto=no can be removed as doc is not built anymore
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: drop redundant GIFLIB_SOURCE]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2018-11490: The DGifDecompressLine function in dgif_lib.c in
GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p
0.49.4, has a heap-based buffer overflow because a certain
"Private->RunningCode - 2" array index is not checked. This will lead
to a denial of service or possibly unspecified other impact.
- Fix CVE-2019-15133: In GIFLIB before 2019-02-16, a malformed GIF file
triggers a divide-by-zero exception in the decoder function DGifSlurp
in dgif_lib.c if the height field of the ImageSize data structure is
equal to zero.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2018-11490: The DGifDecompressLine function in dgif_lib.c in
GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p
0.49.4, has a heap-based buffer overflow because a certain
"Private->RunningCode - 2" array index is not checked. This will lead
to a denial of service or possibly unspecified other impact.
- Fix CVE-2019-15133: In GIFLIB before 2019-02-16, a malformed GIF file
triggers a divide-by-zero exception in the decoder function DGifSlurp
in dgif_lib.c if the height field of the ImageSize data structure is
equal to zero.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As spotted by Danomi during review of "libssh2: security bump to version
1.9.0" (https://patchwork.ozlabs.org/patch/1148776), it seems that
the tarball from github and libssh2.org/download are not the same. One
of the difference is that LIBSSH2_VERSION in include/libssh2.h is set to
"1.9.0_DEV" in github tarball whereas it is set to "1.9.0" in
libssh2.org/download.
So switch site to https://www.libssh2.org/download to get "official"
release
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In commit 3e5926555b ("package/{mesa3d,
mesa3d-headers}: bump version to 17.1.2"), the dependency of VC4 on
BR2_arm was changed to BR2_ARM_CPU_HAS_NEON, which the reasoning that
upstream commit
https://cgit.freedesktop.org/mesa/mesa/commit/?h=17.1&id=4d30024238efa829cabc72c1601beeee18c3dbf2
made NEON mandatory. However, this commit (including its commit log)
clearly shows that there is compile-time detection on whether you're
using ARMv6 or ARMv7, and simply says there is no runtime detection
for that (which usually isn't very important in the context of
Buildroot). So, the VC4 driver can be used on ARMv6
RaspberryPis. Therefore, this commit reverts to the BR2_arm
dependency.
Note: while there are some ARMv7 without NEONs, all ARMv7 RaspberryPi
platforms do have NEON, so the compile-time checks done in the VC4
driver are good enough.
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=12126
Cc: Sahaj Sarup <sahajsarup@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The pigpio package installs programs and libraries to target, but does
not install the libraries and its headers to staging, while they may
be used by other packages. Let's install them, as was requested in bug
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=11741
Cc: vishalbhalani89@gmail.com
Cc: ivan.nazarenko@gmail.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In this commit, we:
- move the sponsors of the Buildroot Meeting at ELCE 2018 to "Past
Sponsors"
- move Scaleway, as a sponsor of Hackathon in Paris in 2018 to "Past
Sponsors"
- merge the Free Electrons and Bootlin entries together in "Past
Sponsors"
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Smile is going to provide the meeting room for the 3 days of our
meeting on October 25-27 in Lyon, France, right before the Embedded
Linux Conference Europe.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
On July 3, 2019, Let's Encrypt deployed new ACME server software that no
longer returns the 'id' field in the account information JSON.
Dehydrated relied on this field, even though it is not specified by RFC
8555. Because of this, dehydrated can no longer create a new account on
Let's Encrypt.
This was fixed by upstream commits be13dcd and 4f358e2. But the latter
broke ACMEv1 support so was fixed again in commit f60f2f8.
Cherry-picking this correctly is tricky, so instead just bump the
version. There are quite a few non-bugfix changes that are included this
way, but it's more risky to try to cherry-pick.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a bugfix release which solves an underlinking issue, which would
prevent building in some situations (for example, when --no-undefined is
passed to the linker). Release notes:
https://wpewebkit.org/release/wpebackend-fdo-1.2.2.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a bugfix release of libwpe, which fixes an issue with memory
allocation for the pasteboard, adds some missing Unicode-to-KeySym
conversions, and fixes a build issue. Full release notes:
https://wpewebkit.org/release/libwpe-1.2.1.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The TS-7680 defconfig does not build with gcc 8.x and 9.x because it
uses an old 3.14 kernel. Technologic Systems, the board manufacturer
recently released an updated 4.9 based kernel on a separate repository
on github.
Bump the kernel release from 3.14.28 to 4.19.186 and update the linux
defconfig name as requested in the TS-7680 documentation [1].
[1] https://wiki.embeddedarm.com/wiki/TS-7680#Linux_4.9.y
Signed-off-by: Julien Grossholtz <julien.grossholtz@openest.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove the cURL dependency, since they reimplemented a HTTP client.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
mbedtls support has been added in version 0.9.6 with
d449f013fa
So enable it if mbedtls is enabled and always enable embedded axTLS
support to keep existing behavior
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Remove second, third and fourth patches (already in version)
- Update first patch and sent it upstream
- Add AUTORECONF=YES to avoid patching configure in first patch
- Add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The patch against 0.6.1 has been merged upstream,
and has been removed from this package.
A small change has been made to the LICENSE file:
"Cloudflare, Inc." was added in the copyright
declaration.
Signed-off-by: Koen Martens <gmc@sonologic.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
