Back in commit
f72be49830 ("package/scons: remove
python from SCONS"), we changed the SCONS variable to not explicitly
invoke the Python interpreter, because some scons-based packages used
python2, some python3.
Now that the 3 remaining packages using scons (gpsd, mongodb and
benejson) all use python3, we can bring back the python3 interpreter
call into the SCONS variable, and slightly simplify those packages.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
All packages using scons are now using Python 3 to run it, so
explicitly set scons as using host-python3. This avoids a
spurious host Python 2 dependency if BR2_PACKAGE_PYTHON3 is not
set (for example, if no Python is packaged for the target).
Signed-off-by: Robert Hancock <hancock@sedsystems.ca>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Updated license hash and location of LICENSE.TXT due to upstream commit:
0606350c2a
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use src/libfakekey.c as the license file because there is no COPYING in
the git tarball
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop second and third patches (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove upstream patch
Fixes a build issue with toolchains using kernel headers < 5.6,
when the openat2(2) syscall is not available [2].
Add a new patch to fix homework-mount with linux-headers < 5.2.
[1] cd88d010e8
[2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=fddb5d430ad9fa91b49b1d34d0202ffe2fa0e179
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Norbert Lange <nolange79@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Back in commit e90a4bf4af ("alsa-lib:
don't use versioned symbols") from 2009, symbol versioning was
disabled in alsa-lib, because it was causing problems with C
libraries (such as uClibc) that doesn't support symbol versioning. The
thread at
http://mailman.alsa-project.org/pipermail/alsa-devel/2009-February/014999.html
has some background discussion about this.
Essentially, the issue was that alsa-lib in the new version of a given
symbol calls into an old version of the same symbol. If your C library
has symbol versioning, everything works fine. But if your C library
doesn't support symbol versioning, the call from the new symbol into
the old symbol will in fact end up in the new symbol, causing an
infinite recursion.
That problem was solved back then by unconditionally disabling symbol
versioning in alsa-lib.
However, some libraries such as CEF depend on versioned symbols from
alsa-lib, and the build fails during linking with versioning disabled.
This patch conditionally disables versioned symbols when unsupported
by the toolchain, leaving them enabled otherwise. We assume only glibc
has support for symbol versioning. uClibc has no support, and musl has
some limited support, so we take the safe route of only enabling
symbol versioning for glibc.
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- CVE-2021-41105: FreeSWITCH susceptible to Denial of Service via invalid
SRTP packets
When handling SRTP calls, FreeSWITCH is susceptible to a DoS where calls
can be terminated by remote attackers. This attack can be done
continuously, thus denying encrypted calls during the attack.
https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36
- CVE-2021-41157: FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default
By default, SIP requests of the type SUBSCRIBE are not authenticated in
the affected versions of FreeSWITCH.
https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj
- CVE-2021-37624: FreeSWITCH does not authenticate SIP MESSAGE requests,
leading to spam and message spoofing
By default, SIP requests of the type MESSAGE (RFC 3428) are not
authenticated in the affected versions of FreeSWITCH. MESSAGE requests
are relayed to SIP user agents registered with the FreeSWITCH server
without requiring any authentication. Although this behaviour can be
changed by setting the auth-messages parameter to true, it is not the
default setting.
https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3
- CVE-2021-41145: FreeSWITCH susceptible to Denial of Service via SIP flooding
When flooding FreeSWITCH with SIP messages, it was observed that after a
number of seconds the process was killed by the operating system due to
memory exhaustion
https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m
- CVE-2021-41158: FreeSWITCH vulnerable to SIP digest leak for configured gateways
An attacker can perform a SIP digest leak attack against FreeSWITCH and
receive the challenge response of a gateway configured on the FreeSWITCH
server. This is done by challenging FreeSWITCH's SIP requests with the
realm set to that of the gateway, thus forcing FreeSWITCH to respond with
the challenge response which is based on the password of that targeted
gateway.
https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4
Release notes:
https://github.com/signalwire/freeswitch/releases/tag/v1.10.7
Removed patch, upstream applied a different fix:
e9fde845de
Added optional dependency to libks, needed due to upstream commit
ed98516666
Added upstream patches to fix build errors.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: mention security fixes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump U-Boot to 2021.10 and kernel to 5.15.12 version.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
So far, cryptopp only had a host variant, but some use-cases require
this library on the target, so this adjusts the cryptopp package
accordingly.
One patch (submitted upstream) is needed to have the proper symlink
corresponding to the SONAME of the shared library.
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
prometheus remote write backend depends on protobuf and snappy and is
enabled by default since the addition of the package in commit
1d2bb46907
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In order to build the numpy distutils extension packages like
python-scipy, python-numba, it requires an explicit pkg-config
path fixup for npymath.ini.
This pkg-config path fixup would update the prefix path of
npymath.ini with actual target staging area where numpy core
was built, so that numpy distutils extension packages would
explicitly link this config path for their package environment.
Without this extension packages cannot find -lnpymath since
it uses host libraries (like libnpymath.a).
So, attach the post install staging hook with pkg-config
path fixup for npymath.ini.
Signed-off-by: Esben Haabendal <esben@geanix.com>
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The way that python-pybind can be used is fairly complicated, so a
runtime test for it is convenient. In addition, this test validates that
the headers actually work at runtime.
Signed-off-by: Guillaume W. Bres <guillaume.bressaix@gmail.com>
[Arnout:
- Retain python3 only.
- python-pybind is a target package, not host.
- Select python-pybind instead of depend.
- Simplify python-pybind-example package.
- Check in python-pybind-example build if pybind11.get_include()
produces output.
- Don't use python3 -m pybind11 --includes: it includes the main python
includes, which are for the host, not for the target.
- Use TestPythonPackageBase instead of open-coding something imported
with host python.
]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
pybind11 is not really a Python module; it is actually a set of headers
that is used to wrap Python objects in C++.
Since pybind version 2.6.1, it uses CMake internally. This causes a
number of build issues for Buildroot because either no cmake is present
or it is too old.
pybind in fact has three parts: the C++ headers, a python module
pybind11, and the tests. The python package's only purpose is to serve
as a configure script for users of pybind. CMake is mainly used to build
and run the tests, which use the (mock-installed) pybind11 module to
find the (mock-installed) C++ headers. CMake is also used to install the
headers.
The setup.py script calls into CMake to install the headers and CMake
support files to a temporary directory, then copies that together with
the pybind11 module into the Python directory. The pybind11 module then
returns the include and cmake paths relative to its install location
(using __file__ to determine the install location).
This is not at all compatible with how Buildroot expects things to be
organised.
- The include and CMake files are installed somewhere within the Python
directories, where nobody will find them.
- The Python module is installed for the target, but at build time
Python modules are read from the host directory only. Therefore, a
user of pybind can't actually load the module.
To solve this, several options are possible:
- Treat pybind as a host package. This causes users of pybind to build
with an include path pointing into the host directory. This happens to
work because pybind is a header-only library and because it is
installed in a specific location which is not contaminated by other
headers. However, it is philosophically wrong - a build for the target
should never have an include path pointing to the host directory.
- Install pybind in the usual way into staging, and add a stub module to
the host directory that returns paths to the staging directory. This
leaves a useless pybind11 module in the staging directory, and puts
the headers and cmake files in an unusual location. In addition it
is not so simple - we need to jump through hoops to make sure that
cmake is called correctly when it goes through python-package.
- Install the headers and cmake files using CMake, and add a (stub)
python module in the host directory that points users to the staging
directory. This puts the headers in the usual place
(STAGING_DIR/usr/include) and still makes it possible to find them
from a python package at build time.
We choose the latter solution.
First of all, convert to cmake-package. This installs just the headers
and the cmake support files. We need to pass PYBIND11_NOPYTHON=ON
because there is a cmake module that tries to find the python binary. It
sometimes finds the system python, sometimes the host python. In either
case, it checks whether this python's bitness and endianness correspond
to that of the compiler - which generally it doesn't in
cross-compilation. PYBIND_NOPYTHON bypasses this check.
Install in staging and not in target. Before, it was installed to target
but the python module would point to the target directory so it worked
anyway; now, however, we can properly use the staging directory.
Since it is no longer a python-package, the python module is not
installed automatically. Install them manually in a post-staging-install
hook. Since the python module is supposed to be used at build time,
install it in the host directory rather than in staging.
The python module normally looks in its current directory to find the
include and cmake paths, but for cross-compilation this is wrong. Add a
non-upstreamable patch that checks for STAGING_DIR in the environment.
If it is set (which is the case in Buildroot), use that instead of the
current directory.
Add an explicit dependency on python3. The headers include Python.h, so
any user of pybind needs to implicitly depend on python3. While we're at
it, change it to support python3 only - even though pybind currently
still supports python2, adding support for it in Buildroot is a little
bit complicated and python2 will be removed soon anyway.
Cc: Esben Haabendal <esben@geanix.com>
Cc: Andreas Naumann <dev@andin.de>
Co-Developed-by: Jagan Teki <jagan@amarulasolutions.com>
Co-Developed-by: Guillaume W. Bres <guillaume.bressaix@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following uclibc build failure raised since bump to version
0.8.1 in commit 5dbdb2535c:
/home/buildroot/autobuild/instance-2/output-1/host/opt/ext-toolchain/bin/../lib/gcc/microblazeel-buildroot-linux-uclibc/10.3.0/../../../../microblazeel-buildroot-linux-uclibc/bin/ld: xxhash.o: in function `XXH3_hashLong_128b_internal.constprop.0':
(.text+0xcbc): undefined reference to `static_assert'
Fixes:
- http://autobuild.buildroot.org/results/559/5595b21a711b482b84e582fc9f56e5468c9eb6d6/build-end.log
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Disable execinfo to avoid the following build failure raised since the
addition of libexecinfo package in commit
eea8ba446c:
/home/giuliobenetti/autobuild/run/instance-0/output-1/host/lib/gcc/arc-buildroot-linux-uclibc/10.2.0/../../../../arc-buildroot-linux-uclibc/bin/ld: main.o: in function `do_panic(int)':
/home/giuliobenetti/autobuild/run/instance-0/output-1/build/rtorrent-0.9.8/src/main.cc:606: undefined reference to `backtrace'
Fixes:
- http://autobuild.buildroot.org/results/10fc9016013931c58238240216c5950b23b56b30
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
qpdf needs atomic since bump to version 10.5.0 in commit
b5352c2177 and
c5c1a028cd:
/home/buildroot/autobuild/instance-2/output-1/host/opt/ext-toolchain/m68k-buildroot-uclinux-uclibc/bin/ld.real: /home/buildroot/autobuild/instance-2/output-1/build/qpdf-10.5.0/libqpdf/build/.libs/libqpdf.a(QPDF.o): in function `QPDF::QPDF()':
QPDF.cc:(.text+0x48de): undefined reference to `__atomic_fetch_add_8'
Fixes:
- http://autobuild.buildroot.org/results/7e18689670dcbe491c35f0597e5c3c787936263f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
By default, Avahi installs service definitions for SSH and SFTP, but
those might not be present on all systems. This commit adds an option
to control the installation of those Avahi services. Even though that
potentially breaks backward compatibility with older configuration, we
have chosen to make the option default to disable, which means that
now the SSH and SFTP avahi services are no longer installed by
default.
As there is no way to tell the Avahi package not to install the
service files in the first place, we have to manually remove them from
the target directory.
Signed-off-by: Florian Larysch <fl@n621.de>
[Thomas: make the option default to disabled, fix small formatting issues.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 1bf512e9ff wrongly added that
BR2_USE_WCHAR is due to flac dependency but flac is optional so remove
this comment and add boost instead
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A client interface for the Music Player Daemon.
[Peter: license is LGPL-3.0+, add DEVELOPERS entry]
Signed-off-by: Uladzimir Bely <wiselord1983@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Enable CONFIG_IO_URING through LIBURING_LINUX_CONFIG_FIXUPS in case the
user is also building a kernel
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The Bootlin toolchains for the OpenRISC architecture have been rebuilt
with the fix for binutils bug 28735, so let's update their definition
in Buildroot.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
liburing is an optional dependency (enabed by default) since version
4.0.11 and
b1f9aee5c4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is the io_uring library, liburing. liburing provides helpers to
setup and teardown io_uring instances, and also a simplified interface
for applications that don't need (or want) to deal with the full kernel
side implementation.
https://git.kernel.dk/cgit/liburing
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Don't build c_example which needs a dynamic library and so will raise
the following static build failure since bump to version 2021.10 in
commit d1d93d488c and
12647a6ee5:
/home/buildroot/autobuild/instance-2/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i686-buildroot-linux-uclibc/9.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: cannot find -lpcm
Fixes:
- http://autobuild.buildroot.org/results/1276a3d49c8848039f034e7f03632df365097e94
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Install libvirt in staging to allow collectd to use it
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Binutils bug 21464 is not present anymore in Buildroot so let's remove it
and its depends on in libgeos and postgis packages.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
After fixing binutils bug 21464, bug 28735 showed up. It got fixed very
soon after my request:
https://sourceware.org/pipermail/binutils/2022-January/119078.html
So let's add patch and backported patches to all binutils versions to make
Buildroot free from bug 28735. Unfortunately Bootlin toolchains have just
been rebuilt and will fail for this bug. This happened because libgeos
has been bumped few time ago and was masked by bug 21464 dependency that
prevented to build.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
