syslog-ng expects that rabbitmq-c is built with openssl support however
currently we're disabling openssl on rabbitmq-c in static build.
To fix this issue, add a dependency on dynamic library on rabbitmq-c and
its reverse dependencies (only BR2_PACKAGE_JANUS_GATEWAY_RABBITMQ as
php-amqp already depends on dynamic library)
Fixes:
- http://autobuild.buildroot.org/results/fce91b98fb199a26ad5f5f726c9bdec4f9d64486
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
rabbitmq-c is not an embedded submodule since version 3.16.1 and
c0559593c3
So enable/disable amqp depending on rabbitmq-c availability and remove
uneeded -lrt from LIBS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Fabrice Fontaine <<a href="mailto:fontaine.fabrice@gmail.com" target="_blank" rel="noreferrer">fontaine.fabrice@gmail.com</a>><br></blockquote></div></div><div dir="auto"><br></div><div dir="auto">Looks good to me</div><div dir="auto"><br></div><div dir="auto">Reviewed-by: Chris Packham <<a href="mailto:judge.packham@gmail.com">judge.packham@gmail.com</a>><br><br></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
console-getty.service is not a template unit file (it doesn't have the
@ specifier), so %I doesn't get properly expanded in it. Thus, getty
startup will fail due to invalid options and no getty prompt is launched
on the console.
Fixes:
No getty prompt on boot
Signed-off-by: Francois Gervais <fgervais@distech-controls.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When not using OpenSSL, the correct option to configure is --without-ssl
with two dashes.
Fixes: b8b78e7e6a ("libcurl: Allow selection of TLS package libcurl will use")
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes:
- http://autobuild.buildroot.org/results/1d868798c5b80d7b41123f988449ef548dd95490
This works for libressl as well, because libressl does provide
EVP_CIPHER_CTX_new() which is what gets enabled by -DSSL11
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes a long standing fsync issue and a number of other bugs:
https://www.postgresql.org/docs/11/release-11-2.htmlhttps://wiki.postgresql.org/wiki/Fsync_Errors
The hash of the license file is only changed due to a year update:
-Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group
+Portions Copyright (c) 1996-2019, PostgreSQL Global Development Group
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
[Thomas: update commit log to explain why the license file hash has
changed, as repoted by Peter Seiderer]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
On some architectures, atomic binutils are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:
sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line
This is often for example the case on sparcv8 32 bit.
Fixes:
- http://autobuild.buildroot.org/results/16e360cb91afff7655f459a3d1fb906ca48f8464
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We have virtually no way to know the hashes for user-supplied patches,
so we should just ignore them.
Reported-by: Simon van der Veldt <simon.vanderveldt@gmail.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Tested-by: Simon van der Veldt <simon.vanderveldt@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mender is a service explicitly written for systemd and so it doesn't
fork on background, doesn't redirect outputs and doesn't create a pid
file by itself.
To make the service running correctly is therefore necessary to use the
-m switch of start-stop-daemon to create the pid file and -b option to
send the process to background.
Logging is preserved because the service will log anyway on syslog.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mender needs /var/lib directory to be available: on some configurations
/var/lib is not available and thus the mender package installation fails.
This patch does a mkdir to ensure the /var/lib directory is always
available.
Fixes:
http://autobuild.buildroot.net/results/d2237083a13ab7688dd2b6dc8dbcd4226ed5651a/
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The Qt configure auto detection (and announced runtime detection
feature) failes (see e.g. [1]), so override the configuration
with the buildroot determined settings.
[1] http://lists.busybox.net/pipermail/buildroot/2019-January/241862.html
Reported-by: David Picard <dplamp@gmx.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- fix the following start warnings:
W: [pulseaudio] main.c: Running in system mode, but --disallow-exit not set.
W: [pulseaudio] main.c: Running in system mode, but --disallow-module-loading not set.
N: [pulseaudio] main.c: Running in system mode, forcibly disabling SHM mode.
N: [pulseaudio] main.c: Running in system mode, forcibly disabling exit idle time.
- fix the following stop error:
E: [pulseaudio] main.c: Failed to kill daemon: No such process
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In commit 3e99c8418a ("package/qwt:
remove qt4 support"), the following line was incorrectly dropped:
select BR2_PACKAGE_QT5BASE_GUI if BR2_PACKAGE_QT5
Due to this, qt5base can now be configured with widgets enabled but
gui disabled, causing the following build issue:
ERROR: Feature 'widgets' was enabled, but the pre-condition 'features.gui' failed.
Re-introduce the proper select, but slightly simplified since only Qt5
is supported now.
Fixes:
http://autobuild.buildroot.net/results/c771c2d5aac3e21f908e5a118f3755dbc9301a47
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Thomas: rework commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changes since 1.16.2:
- Makefile.am: don't use relative paths for include
- keytable: do not install bpf protocols decoders with execute permission
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
madplay uses a very old configure script.
When the toolchain lacks C++ and the build machine lacks /lib/cpp, this
old configure script fails because it can't find a C++ preprocessor that
is valid:
checking for arm-buildroot-linux-uclibcgnueabi-g++... no
checking whether we are using the GNU C++ compiler... no
checking whether no accepts -g... no
checking dependency style of no... none
checking how to run the C++ preprocessor... /lib/cpp
configure: error: C++ preprocessor "/lib/cpp" fails sanity check
See `config.log' for more details.
This is yet another case that was tentatively fixed by bd39d11d2e
(core/infra: fix build on toolchain without C++), further amended by
4cd1ab1588 (core: alternate solution to disable C++).
However, this only works on libtool scripts that are recent enough, and
thus we need to autoreconf to get it.
We also need to patch configure.ac so that it does not fail on the
missing, GNU-specific files: NEWS, AUTHORS, and Changelog.
Finally, remove also patch on ltmain.sh and MADPLAY_LIBTOOL_PATCH=NO as
autoreconf will create an up to date ltmain.sh
Fixes:
- http://autobuild.buildroot.org/results/fc927de0e9a42095789fb0a631d5facf14076f6e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format()
If django.utils.numberformat.format() – used by contrib.admin as well as the
the floatformat, filesizeformat, and intcomma templates filters – received a
Decimal with a large number of digits or a large exponent, it could lead to
significant memory usage due to a call to '{:f}'.format().
To avoid this, decimals with more than 200 digits are now formatted using
scientific notation.
https://docs.djangoproject.com/en/2.1/releases/2.1.6/
2.1.6 contained a packaging error, fixed by 2.1.7:
https://docs.djangoproject.com/en/2.1/releases/2.1.7/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a bugfix release fixing two problems with C++ bindings.
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit replaces the two RISC-V configurations used for the
autobuilders to use pre-built external toolchains rather than internal
toolchains. This saves quite a bit of build time in the autobuilders,
and also allows people to reproduce build issues in a much more
efficient way, since rebuilding the toolchain is not needed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Mark Corbin <mark.corbin@embecosm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
All toolchains have been rebuilt with Buildroot 2019.02-rc1.
Changes:
- Toolchains that were using no-longer maintained kernel headers
versions have been changed to use a variety of newer kernel headers
versions (4.4, 4.9 or 4.14).
- Since gcc 7.x is now the default in Buildroot, most toolchains that
simply use the default gcc version use 7.x instead of 6.x.
- br-arm-cortex-a9-glibc uses gcc 8.x, binutils 2.31 and kernel
headers 4.20
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release, fixing a number of issues discovered post-1.5.6.
Drop patches as they are now included upstream.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Qemu assumes that when <linux/usbdevice_fs.h> is available, it can
build its USBFS code. However, some systems have
<linux/usbdevice_fs.h>, but it doesn't provide all the definitions
that Qemu needs, causing a build failure.
In order to fix this, we introduce a Qemu patch that improves the
check that determines whether USBFS support should be enabled or not.
Fixes:
http://autobuild.buildroot.net/results/c4af5505f80e1e6185df70d191e85d9393df5795/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Contrary to what the comment in the defconfig says, the
orangepi_one_plus_defconfig was not using the "same as kernel" option
for kernel headers, but really selecting explicitly Linux 4.18
headers, independently from the kernel version.
Except that in the mean time, BR2_KERNEL_HEADERS_4_18 has been
removed, causing a build failure due to the legacy checking:
Makefile.legacy:9: *** "You have legacy configuration in your .config! Please check your configuration.". Stop.
This commit fixes that by using the proper
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_18 option.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/158295166
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Relase archive is distributed with depencies, this prevents the go
build system to download them.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 6e3f7fbc07 ("package/runc: add
upstream security fix for CVE-2019-5736") added a dependency of
docker-containerd to uclibc (inherited from runc), but the depends on
has a typo that makes it ineffective. Due to this, docker-containerd
can still be selected in uClibc configurations, causing runc to be
build, and failing to build due fexecve() being missing in uClibc.
Fixes:
http://autobuild.buildroot.net/results/64ecdb1e007106fdb05979b10b42b90591255504/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Linux version are changed to 4.19.16 (LTS) for all qemu defconfigs,
except for riscv. riscv defconfigs are left unchanged because they have
a custom Linux repository causing more difficulties when upgrading to
4.19 for riscv32. And for the riscv64, it has been updated recently to
Linux 4.20 by another contributor.
Patch for arm-versatile-nommu is changed into a git format
Add cache attributes for xtensa-lx60-nommu config because the commit
7bb516ca54
added a new config variable for memory cache attribute:
CONFIG_MEMMAP_CACHEATTR
All these updated configs have been built successfully.
Signed-off-by: Gerome Burlats <gerome.burlats@smile.fr>
Cc: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For details, see https://github.com/snyk/zip-slip-vulnerability
Older python versions do not validate that the extracted files are inside
the target directory. Detect and error out on evil paths before extracting
.zip / .tar file.
Given the scope of this (zip issue was fixed in python 2.7.4, released
2013-04-06, scanpypi is only used by a developer when adding a new python
package), the security impact is fairly minimal, but it is good to get it
fixed anyway.
Reported-by: Bas van Schaik <security-reports@semmle.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the startup warning from Docker:
failed to retrieve runc version: unknown output format: runc version commit ...
Introduces a patch to replace the faulty version detection logic in the Docker
engine.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Here is the list of the changes compared to the removed mongodb 3.3.4
version:
- Remove patch (not applicable anymore)
- Add patch (sent upstream) to fix openssl build with gcc 7 and
-fpermissive
- Remove 32 bits x86 platforms, removed since version 3.4:
https://docs.mongodb.com/manual/installation/#supported-platforms
- Change license: since October 2018, license is SSPL:
- https://www.mongodb.com/community/licensing
- https://jira.mongodb.org/browse/SERVER-38767
- gcc must be at least 5.3 so add a dependency on gcc >= 6
- Add a dependency on host-python-xxx modules:
https://github.com/mongodb/mongo/blob/r4.0.6/docs/building.md
- Use system versions of boost, pcre, snappy, sqlite, yaml-cpp and zlib
instead of embedded mongodb ones
- Add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
host-python-typing is needed for mongodb 4.0.6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
host-libyaml is needed for host-python-pyyaml
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The vulnerability allows a malicious container to (with minimal user
interaction) overwrite the host runc binary and thus gain root-level
code execution on the host. The level of user interaction is being able
to run any command (it doesn't matter if the command is not
attacker-controlled) as root within a container in either of these
contexts:
* Creating a new container using an attacker-controlled image.
* Attaching (docker exec) into an existing container which the
attacker had previous write access to.
For more details, see the advisory:
https://www.openwall.com/lists/oss-security/2019/02/11/2
The fix for this issue uses fexecve(3), which isn't available on uClibc, so
add a dependency on !uclibc to runc and propagate to the reverse
dependencies (containerd/docker-engine).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
runc (which is a reverse dependency of docker-engine) is about to gain a
!uclibc dependency, so move to a glibc toolchain instead.
There are currently no prebuilt x86_64 / core2 / glibc toolchains available,
so instead use the internal toolchain backend to build one.
While we are at it, drop the infra.basetest.BASIC_TOOLCHAIN_CONFIG
reference, as that ARM toolchain configuration doesn't make any sense for
this x86-64 based test.
add docker / docker-compose tests
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2019-1000019: Crash when parsing some 7zip archives.
CVE-2019-1000020: A corrupted or malicious ISO9660 image can cause
read_CE() to loop forever.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
