OpenGl support mean GLX so it require X11 support.
Select automatically BR2_PACKAGE_SDL2_X11 to enable minimal X11
libraries support (libx11 and libxext).
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The ncurses sub-options BR2_PACKAGE_NCURSES_TARGET_{FORM,MENU,PANEL}
are currently very badly broken: they only control whether the
libform, libmenu and libpanel libraries are installed in
$(TARGET_DIR), but do absolutely nothing about their installation in
$(STAGING_DIR).
This means that when one of those options is disabled, the
corresponding library is indeed not installed in the target, but is
available in staging. It can therefore be detected by the configure
script of another package and used... even though the library will not
be in the target, causing a runtime failure.
Internally, ncurses.mk uses the "make install" logic of ncurses for
the staging installation, but uses a completely hand-written logic for
the target installation, which is the reason for this
desynchronization between what's installed in staging and target.
When BR2_PACKAGE_NCURSES_WCHAR=y, this also causes some build
failures. Indeed, when BR2_PACKAGE_NCURSES_WCHAR=y, Buildroot creates
some symbolic links lib<foo>.so -> lib<foo>w.so in staging and target,
but only for the lib<foo> that have been enabled by
BR2_PACKAGE_NCURSES_TARGET_{FORM,MENU,PANEL}. Due to this, a package
that for example needed the libmenu library but forgot to select
BR2_PACKAGE_NCURSES_TARGET_MENU was:
- Building fine with BR2_PACKAGE_NCURSES_WCHAR disabled (because
libmenu.so exists in staging), but would fail to run at runtime
because libmenu.so is not in the target.
- Fail to build with BR2_PACKAGE_NCURSES_WCHAR=y because only
libmenuw.so exists, and not the libmenu.so symbolic link.
Since those libraries are small (43K for libform, 21K for libmenu and
8.2K for libpanel), this commit takes the very simple approach of
removing those options, and installing the libraries
unconditionally. It therefore uses the "make install" logic for both
the staging *and* target installation.
In detail, this commit:
- Removes the NCURSES_PROGS variable, not needed since
--without-progs already allows to disable the build and
installation of programs.
- Removes the NCURSES_LIBS-y variable, and replaces it with a single
unconditional assignement to NCURSES_LIBS, only used to create the
lib<foo>w.so -> lib<foo>.so symbolic links when wchar support is
enabled.
- Removes NCURSES_INSTALL_TARGET_CMDS and the functions it was
calling: NCURSES_INSTALL_TARGET_LIBS and
NCURSES_INSTALL_TARGET_PROGS.
- Adds a NCURSES_TARGET_SYMLINK_RESET hook to create the reset ->
tset symbolic link, as was done before.
- Adds a NCURSES_TARGET_CLEANUP_TERMINFO to cleanup the terminfo
files in the target, so that we stay in the same situation in terms
of installed terminfo files.
- Removes the BR2_PACKAGE_NCURSES_TARGET_{FORM,MENU,PANEL} options
from the Config.in files: both their definition and usage.
- Simplifies all the symlink dance for lib<foo> -> lib<foo>w, because
as Yann E. Morin suggested, this dance is only needed in staging, not
in the target. Once binaries have been built, they refer to the
SONAME of the library, which is the lib<foo>w variant (for shared
linking). For static linking and .pc files, it's obvious that we
don't care about them on the target. Therefore the
NCURSES_LINK_LIBS_STATIC, NCURSES_LINK_LIBS_SHARED and
NCURSES_LINK_PC functions no longer take any argument: they always
apply to STAGING_DIR only. NCURSES_LINK_TARGET_LIBS is removed.
It is worth mentioning that adding Config.in.legacy support is *NOT*
necessary. Indeed:
- If they were disabled before this patch, having them in
Config.in.legacy would not trigger the legacy warning.
- If they were enabled before this patch, then the behavior is
unchanged: all libraries are now unconditionally installed. So
there is no point in warning the user.
We double-checked the installed size of a filesystem containing just
ncurses before and after this patch, and the only folder that has its
size changed is /usr/lib, growing from 852 KB to 932 KB in the wchar
enabled case. That's a 80 KB system size increase.
This commit fixes the sngrep build failure and potentially numerous
runtime issues with ncurses.
Fixes:
http://autobuild.buildroot.net/results/7b5db21a6c568e6c6c8fe2b5d5a2f5ca24df510c/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
- Remove patch as it has been applied upstream since 1.13
- go packages are now in vendor instead of vendor/src so update
slightly the configure and build commands
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Version bump as a dependency of docker-engine v1.13.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Version bump as a dependency of docker-engine v1.13.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Switch download URL to avoid a redirect.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since there's not much point in generating missing host keys when the
init script is called with "stop", the call to ssh-keygen should not
be done inconditionally, but in the start function instead.
Signed-off-by: Ignacy Gawędzki <ignacy.gawedzki@green-communications.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
http://autobuild.buildroot.net/results/05b/05bbc22dd6cd5564462226e612ab1e95778fe935/http://autobuild.buildroot.net/results/edf/edfe58749d1b7a1bb2e0184a6824a74b9d38ddb9/http://autobuild.buildroot.net/results/139/1395eca13ca537bde928ddd68a5bc6e130e82ba3/http://autobuild.buildroot.net/results/94a/94ad6e8bbbeb926ea834d9d6e3ba87d0398acb86/
Gcc 6.x defaults to C++14, and the iostream operator bool behaviour changed
in C++11. In previous versions, a somewhat odd operator void* was used to
return the status of the stream as a pointer. Since C++11 a more sensible
operator bool is used to return the stream staus.
For details, see:
http://en.cppreference.com/w/cpp/io/basic_ios/operator_bool
The code in CConfigReadContext assumes the pre-C++11 behaviour and provides
its own operator void overload to return the status of the embedded
iostream. With C++11, iostream no longer provides this overload, breaking
the build:
CConfig.cpp: In member function 'CConfigReadContext::operator void*() const':
CConfig.cpp:1851:9: error: cannot convert 'std::istream {aka std::basic_istream<char>}' to 'void*' in return
return m_stream;
To fix it, backport part of upstream commit 3d963bfbe7897d0a33ad (possible
fix for mavericks) which changes the code to simply provide a getStream()
method which returns a reference to the embedded stream and the calling code
is changed to use operator bool on the returned stream, making the code
compatible with both old and new compilers.
This upstream commit is part of the 1.6.0 release, so can be dropped when
the version is bumped.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The workarounds for kmod/libnss can be removed when the patch is
applied and the autobuilder toolchains got rebuild.
kmod: 0d81107f02
libnss: fceb1afd5d
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
libanl.so is needed for asynchronous network address and service
translation, declared in netdb.h
Signed-off-by: Jesper Bækdahl <jbb@gamblify.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
libanl.so is needed for asynchronous network address and service
translation, declared in netdb.h
Signed-off-by: Jesper Bækdahl <jbb@gamblify.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Commit a5015f1025 ("util-linux: security
bump to version 2.29.2") incorrectly removed <pkg>_AUTORECONF = YES.
While the patches touching configure.ac have indeed been removed, there
is still a patch touching a Makemodule.am file, which triggers an
autoreconf a build time, which itself fails because autoconf/automake
are not available.
So re-add <pkg>_AUTORECONF, with a comment pointing specifically at the
patch that makes it necessary.
Fixes:
http://autobuild.buildroot.net/results/309127a532eed00e406bbaf0b1a51b7241a10505/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
configure.ac uses PKG_CHECK_MODULES() so it needs host-pkgconf.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently the host build of Python 2 defaults to narrow unicode (UCS2),
ignoring the BR2_PACKAGE_PYTHON_UCS4 configuration option which may be
set to wide (UCS4).
This results in host and target Python packages which are incompatible
in subtle ways.
For example, installing wheels into the target fails when they are made
with the host python, citing incompatibility (as can be seen by the
package tags which may be "cp27u-manylinux1" instead of
"cp27mu-manylinux1").
Compiling the host Python 2 with the same UCS configuration as the
target ensures that the packages are compatible (and the tags match).
This does not affect Python 3 as support for narrow unicode was
deprecated in version 3.3, see https://www.python.org/dev/peps/pep-0393/
Thanks to Tony Breeds <tony@bakeyournoodle.com> for reporting this.
Signed-off-by: Chris Smart <mail@csmart.io>
[Thomas: add comment in the code.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It updates to the ffmpeg 3.2.4 codebase, fixing several security bugs.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2017-5847 - The gst_asf_demux_process_ext_content_desc function in
gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote
attackers to cause a denial of service (out-of-bounds heap read) via vectors
involving extended content descriptors.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2017-5848 - The gst_ps_demux_parse_psm function in
gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows
remote attackers to cause a denial of service (invalid memory read and
crash) via vectors involving PSM parsing.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It turned out that the troll character U+c2a0 was added by our own
patch.
So fix it amd drop our second patch.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit adds a patch to btrfs-progs that fixes the build of
docker-engine, and possibly other packages including kerncompat.h from
btrfs-progs.
For the btrfs-progs build itself, a --disable-backtrace option allows to
indicate whether backtrace()/<execinfo.h> support should be used or
not. However, once btrfs-progs is installed, it simply looks at whether
__GLIBC__ is defined or not to decide to use backtrace() or not.
However, uClibc defines __GLIBC__ but does not provide backtrace()
functionality. The additional patch tweaks the kerncompat.h to look at
__UCLIBC__ and not use backtrace() functionality in this case.
Fixes:
http://autobuild.buildroot.net/results/9dc9370a79c5c44e6c92be6a44334842c211d923/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
Makefile:532: *** mbedtls is in the dependency chain of bctoolbox that
has added it to its _DEPENDENCIES variable without selecting it or
depending on it from Config.in. Stop.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Acked-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Trying to copy loaders.cache from host-gdk-pixbuf to the gdk-pixbuf
build directory in the post-patch hook is too early when using TLP (it
breaks horribly) since host-gdk-pixbuf isn't built yet during the
massive unpack/patch cycle.
Switch it to the pre-build hook instead which ensures that gdk-pixbuf
dependencies were already built.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This release needs a new tweak regarding loaders.cache - it's now used
to build the thumbnailer.
Since we already generate it using the host variant for the target we
can re-use this for the build step.
It's not necessary to used the tweaked version since the build one is
only used to account for mime types, not the plugins/loaders themselves.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Wojciech Nizinski <niziak@spox.org>
[Thomas: use the v2.1.0 tag rather than a full commit sha1.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Update the comment about the ARC exception to match the one used in VLC,
so that a 'git grep "ARC toolchain issue"' returns the list of packages
to re-evaluate on ARC when the ARC toolchain gets upgraded.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This package fails when building for ARC due to ARC toolchain issue.
Marking this with special comment "# ARC toolchain issue" as the package
is to be enabled as soon as the issue with the ARC toolchain is
resolved.
Fixes:
http://autobuild.buildroot.net/results/ebae0ed90b88db5a3b34a46f2ca1ff97e01fe83c/
Signed-off-by: Vlad Zakharov <vzakhar@synopsys.com>
[Thomas:
- add autobuilder reference
- propagate dependency to Config.in comment.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It assumes the MIPS target has an FPU and uses FPU assembler
instructions which cause the compilation to fail when building it for
soft-float.
Fixes:
http://autobuild.buildroot.net/results/f40/f407ca9245e2445619420a9dfd595856729a2b2b/
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
[Thomas:
- propagate dependency to Config.in comment
- add comment above the "depends on" to explain why.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Because with libimxvpuapi older than 0.10.3, the gst1-imx-0.12.3 "imxvpu"
plugin will not build.
Changelog:
* properly pass on color format in simplified JPEG encoder interface
* add alternative write-callback-style encoding mode
also add encode example variant which uses write-callback style output
* add support for "fake grayscale mode" in encoders
this is done by using I420 internally and filling the U and V planes
with 0x80 bytes
* make sure JPEG quantization table is copied in standardized zig zag order
the VPU does not, so this has to be done explicitely
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2017-2629 - curl SSL_VERIFYSTATUS ignored
>From the advisory (http://www.openwall.com/lists/oss-security/2017/02/21/6):
Curl and libcurl support "OCSP stapling", also known as the TLS Certificate
Status Request extension (using the `CURLOPT_SSL_VERIFYSTATUS` option). When
telling curl to use this feature, it uses that TLS extension to ask for a
fresh proof of the server's certificate's validity. If the server doesn't
support the extension, or fails to provide said proof, curl is expected to
return an error.
Due to a coding mistake, the code that checks for a test success or failure,
ends up always thinking there's valid proof, even when there is none or if the
server doesn't support the TLS extension in question. Contrary to how it used
to function and contrary to how this feature is documented to work.
This could lead to users not detecting when a server's certificate goes
invalid or otherwise be mislead that the server is in a better shape than it
is in reality.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From https://www.kernel.org/pub/linux/utils/util-linux/v2.29/v2.29.2-ReleaseNotes
This release fixes su(1) security issue CVE-2017-2616:
It is possible for any local user to send SIGKILL to other processes with root
privileges. To exploit this, the user must be able to perform su with a
successful login. SIGKILL can only be sent to processes which were executed
after the su process. It is not possible to send SIGKILL to processes which
were already running.
Drop upstream patches and autoreconf since it's no longer required.
[Peter: extend commit message with CVE info / description]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
