The PYTHON_NUMPY_FIXUP_NPY_PKG_CONFIG_FILES macro was introduced in
commit
2426002d6f ("package/python-numpy: fixup
npymath.ini for numpy extensions").
However, it turns out that by using $(PYTHON3_PATH), we can simplify
the intermediate variables, to the point where they are no longer
needed. Not having the intermediate variables makes the logic a bit
easier to understand.
Also, the logic is changed to use a single sed expression, which we
pass to $(SED).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The commit [1] added a sed command used to retreive a pattern
to keep only defconfigs whose name start with the pattern.
"<foo>-defconfigs-<pattern>"
The sed command doesn't work as expected if <foo> contains a
single hyphen [2]:
"qemu-6.2.0-defconfigs-qemu"
Update the sed command to ignore completely the part before
"-defconfigs-".
[1] 65d2f04c01
[2] http://lists.busybox.net/pipermail/buildroot/2022-January/632507.html
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Shortly after MSTPd was added, version 0.1.0 was released. Update to the
latest version.
Signed-off-by: Colin Foster <colin.foster@in-advantage.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop first patch (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix build failure raised since the addition of the libexecinfo package
in commit eea8ba446c
Fixes:
- Not autobuilder failures (yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This platform has its own kernel defconfig in Buildroot, but we cannot
get quick idea about how much it diverged from the in-kernel defconfig.
Let's use the upstream arch/arm/config/versatile_defconfig as a base,
and maintain the diff as a merge-config fragment. The same .config is
still generated based on the 5.10.7 kernel.
The diff is quite big, but this is a good start-point for cleanups.
Follow-up works can drop diff lines unless we find a good reason for
divergence.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
[Arnout: rename linux-nommu.config to linux-nommu.fragment]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This platform has its own kernel defconfig in Buildroot, but we cannot
get quick idea about how much it diverged from the in-kernel defconfig.
Let's use the upstream arch/arm/config/versatile_defconfig as a base,
and maintain the diff as a merge-config fragment. The same .config is
still generated (based on the 5.10.7 kernel).
The diff is quite big, but this is a good start-point for cleanups.
Follow-up works can drop diff lines unless we find a good reason for
divergence.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
[Arnout: rename linux.config to linux.fragment]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This defconfig enables sunxi-mali-mainline-driver so we need to disable
Lima in Linux to prevent Mali to not load.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This defconfig enables sunxi-mali-mainline-driver so we need to disable
Lima in Linux to prevent Mali to not load.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This Linux defconfig fragment is needed to disable Lima driver in favour of
Mali(if enabled). This because Lima is enabled by default in Linux's
sunxi_defconfig and if we enable Mali driver in Buildroot it will fail to
load. So let's set CONFIG_DRM_LIMA=n. Of course this fragment is only used
by Buildroot defconfigs that enable Mali driver.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Select BR2_TARGET_UBOOT_NEEDS_OPENSSL to fix the following build
error:
include/image.h:1178:12: fatal error: openssl/evp.h: No such file or directory
1178 | # include <openssl/evp.h>
| ^~~~~~~~~~~~~~~
After the update of u-boot in commit 9a04bbec1c (configs/imx6slevk: bump
U-Boot).
Fixes:
- https://gitlab.com/buildroot.org/buildroot/-/jobs/1946650628
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In GCC6 the compiler was made smarter to omit the flag
-fdebug-prefix-map from the DWARF DW_AT_producer section[1]. That flag
contains the absolute path '$(BASE_DIR)' which breaks reproducibility.
Prior to GCC6 however, the only way to omit the flag is to use
-gno-record-gcc-switches which omits all flags.
[1] https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=266cc0c181549c2fb6b50f8f26213cdc89101026
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
[Arnout: invert condition to ifeq (,) instead of ifneq (,y)]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
In GCC8 the flag -ffile-prefix-map handles cleaning up both the __FILE__
macros and the debug info paths. In GCC7 or below we are manually
handling the __FILE__ macros, but not debug info paths. Use
-fdebug-prefix-map to clean them up. This option exists since GCC 4.3.0,
which is our minimal supported GCC version.
See for more detail: https://reproducible-builds.org/docs/build-path/
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
libest is a C implementation of RFC 7030 (Enrollment over
Secure Transport).
It can be used to provision public key certificates from
a certificate authority (CA) or registration authority (RA)
to end-user devices and network infrastructure devices.
https://github.com/cisco/libest
Notes on patches included in this package:
- libest bundles a stubbed version of libsafec, and has no provision
to build against a system-installed full (non-stubbed) libsafec.
We add a patch to make that possible.
- Added a configuration option --{enable,disable}-examples to toggle
examples build by a separate patch.
- There's a configuration option `--enable-jni` which allows to build
a JNI library for binding libest to Java programs. And that library
would be using an outdated version of OpenSSL 1.0.
We fix that by adding support for OpenSSL 1.1 API for that library.
- Fixed a bug when specifying either `--enable-FEATURE` or `--disable-FEATURE`
has always been enabling the feature.
Signed-off-by: Aleksandr Makarov <aleksandr.o.makarov@gmail.com>
[Thomas:
- Added comments about the upstream status in existing patches
- Added a patch fixing an autoreconf issue
- Added a patch adding a missing "extern" on a variable to fix build
with gcc 10
- Removed the glibc dependency by using the new libexecinfo package
- Drastically simplified the complex libcoap disabling and client-only
mode vs. OpenJDK issue. libcoap support is now forcefully disabled,
and client-mode only option is made invisible when OpenJDK is
enabled.
- Fixed the license information;
- Added missing host-pkgconf
]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
GnuTls implements old, unsafe or unused protocols and cyphers
Secure embedded systems shall disable them in order to be certified.
This patch allows to select/deselect SSLv2 protocol and gost cipher.
Signed-off-by: Erwan GAUTRON <erwan.gautron@bertin.fr>
[Peter: default options to 'n', move next to _GNUTLS_TOOLS, explicit
--enable]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Agent is always enabled. Even though a server without agent is a valid
use case, the agent doesn't take much space compared to the server so
making it optional is not worth it.
Optional dependencies (openssl, libcurl, ...) are set globally, even
though they are supposedly only used for the server. However, this is
not so obvious from configure.ac so it's easy to accidentally miss one.
Setting them globally doesn't hurt.
The proxy, agent2 and webservice features are left disabled. agent2
requires go.
zabbix also has support for sqlite3 as database backend, but only for
the proxy, not for the server.
Signed-off-by: Alexey Lukyanchuk <skif@skif-web.ru>
[Arnout:
- BR2_TOOLCHAIN_USES_GLIBC implies the other glibc options.
- Fix wrapping in Config.in help text.
- Add upstream URL.
- Protect comments with "depends on" instead of "if".
- Select postgresl/mysql instead of depends (and propagate
dependencies).
- Remove redundant condition around
BR2_PACKAGE_ZABBIX_SERVER_COPY_DUMPS.
- Select PHP extensions instead of depends.
- Make optional dependencies automatic instead of Config.in.
- Improve some of the help texts.
- Bump to 5.4.9 and update hashes.
- Add COPYING as license file.
- Switch to actual upstream at zabbix.com.
- Explicitly disable all unused features.
- Disable zabbix user login with '*'.
- Don't add user to zabbix group twice.
- Do patch of zabbix_*.conf in post-patch hook and do it for all conf
files in one shot.
- Remove workarounds for pending patches (which were merged).
- Put web ui in /var/www/zabbix and SQL files in /var/lib/zabbix.
]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The current behavior for busybox' udhcpc is to terminate if no lease is
obtained at start up. Therefore no address is acquired if the link is
established afterwards.
By setting the -b flag udhcpc will background allowing the link to be
established at any time.
Signed-off-by: Lothar Felten <lothar.felten@gmail.com>
[Peter: drop incompatible -n, also fixup busybox-minimal.config]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit ead2afda13, gettext is
wrongly disabled when BR2_SYSTEM_ENABLE_NLS is set
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
These packages needed to depend on host-python3 because their Scons
machinery was written in python3, but host-scons itself was depending
on host-python. Now that host-scons depends on host-python3, the
packages that use host-scons no longer have to carry a host-python3
dependency.
The other package using scons, mongodb, does not have a direct
dependency on host-python3, but on a number of host Python 3.x modules
which are needed during the build, so no changes is necessary there.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Back in commit
f72be49830 ("package/scons: remove
python from SCONS"), we changed the SCONS variable to not explicitly
invoke the Python interpreter, because some scons-based packages used
python2, some python3.
Now that the 3 remaining packages using scons (gpsd, mongodb and
benejson) all use python3, we can bring back the python3 interpreter
call into the SCONS variable, and slightly simplify those packages.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
All packages using scons are now using Python 3 to run it, so
explicitly set scons as using host-python3. This avoids a
spurious host Python 2 dependency if BR2_PACKAGE_PYTHON3 is not
set (for example, if no Python is packaged for the target).
Signed-off-by: Robert Hancock <hancock@sedsystems.ca>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Updated license hash and location of LICENSE.TXT due to upstream commit:
0606350c2a
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use src/libfakekey.c as the license file because there is no COPYING in
the git tarball
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop second and third patches (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove upstream patch
Fixes a build issue with toolchains using kernel headers < 5.6,
when the openat2(2) syscall is not available [2].
Add a new patch to fix homework-mount with linux-headers < 5.2.
[1] cd88d010e8
[2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=fddb5d430ad9fa91b49b1d34d0202ffe2fa0e179
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Norbert Lange <nolange79@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Back in commit e90a4bf4af ("alsa-lib:
don't use versioned symbols") from 2009, symbol versioning was
disabled in alsa-lib, because it was causing problems with C
libraries (such as uClibc) that doesn't support symbol versioning. The
thread at
http://mailman.alsa-project.org/pipermail/alsa-devel/2009-February/014999.html
has some background discussion about this.
Essentially, the issue was that alsa-lib in the new version of a given
symbol calls into an old version of the same symbol. If your C library
has symbol versioning, everything works fine. But if your C library
doesn't support symbol versioning, the call from the new symbol into
the old symbol will in fact end up in the new symbol, causing an
infinite recursion.
That problem was solved back then by unconditionally disabling symbol
versioning in alsa-lib.
However, some libraries such as CEF depend on versioned symbols from
alsa-lib, and the build fails during linking with versioning disabled.
This patch conditionally disables versioned symbols when unsupported
by the toolchain, leaving them enabled otherwise. We assume only glibc
has support for symbol versioning. uClibc has no support, and musl has
some limited support, so we take the safe route of only enabling
symbol versioning for glibc.
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- CVE-2021-41105: FreeSWITCH susceptible to Denial of Service via invalid
SRTP packets
When handling SRTP calls, FreeSWITCH is susceptible to a DoS where calls
can be terminated by remote attackers. This attack can be done
continuously, thus denying encrypted calls during the attack.
https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36
- CVE-2021-41157: FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default
By default, SIP requests of the type SUBSCRIBE are not authenticated in
the affected versions of FreeSWITCH.
https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj
- CVE-2021-37624: FreeSWITCH does not authenticate SIP MESSAGE requests,
leading to spam and message spoofing
By default, SIP requests of the type MESSAGE (RFC 3428) are not
authenticated in the affected versions of FreeSWITCH. MESSAGE requests
are relayed to SIP user agents registered with the FreeSWITCH server
without requiring any authentication. Although this behaviour can be
changed by setting the auth-messages parameter to true, it is not the
default setting.
https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3
- CVE-2021-41145: FreeSWITCH susceptible to Denial of Service via SIP flooding
When flooding FreeSWITCH with SIP messages, it was observed that after a
number of seconds the process was killed by the operating system due to
memory exhaustion
https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m
- CVE-2021-41158: FreeSWITCH vulnerable to SIP digest leak for configured gateways
An attacker can perform a SIP digest leak attack against FreeSWITCH and
receive the challenge response of a gateway configured on the FreeSWITCH
server. This is done by challenging FreeSWITCH's SIP requests with the
realm set to that of the gateway, thus forcing FreeSWITCH to respond with
the challenge response which is based on the password of that targeted
gateway.
https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4
Release notes:
https://github.com/signalwire/freeswitch/releases/tag/v1.10.7
Removed patch, upstream applied a different fix:
e9fde845de
Added optional dependency to libks, needed due to upstream commit
ed98516666
Added upstream patches to fix build errors.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: mention security fixes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump U-Boot to 2021.10 and kernel to 5.15.12 version.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
So far, cryptopp only had a host variant, but some use-cases require
this library on the target, so this adjusts the cryptopp package
accordingly.
One patch (submitted upstream) is needed to have the proper symlink
corresponding to the SONAME of the shared library.
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
prometheus remote write backend depends on protobuf and snappy and is
enabled by default since the addition of the package in commit
1d2bb46907
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>