The IPUTILS_PERMISSIONS variable was wrong, because iputils installs
its programs in /usr/bin, not in /bin. It probably was only tested
with the merged /usr option enabled.
This commit fixes IPUTILS_PERMISSIONS, taking into account the change
done in 6e18892733 "package/iputils: move binaries to the location also
used by Busybox":
- arping is moved by the post-install target hook to /usr/sbin
- clockdiff is installed by iputils in /usr/bin
- ping is moved by the post-install target hook to /bin, which makes
the previously incorrect path in IPUTILS_PERMISSIONS now correct
Fixes:
http://autobuild.buildroot.net/results/fe378bca29c86a681ba9ad40386cb89248195c50/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
iputils installs several programs that are also implemented as applets
in Busybox. Two of these (arping and tftpd) are installed by iputils
in /bin, while Busybox installs them in /usr/sbin, causing both to be
present if both iputils and busybox are enabled.
This commit moves the binaries installed by iputils to /usr/sbin, so
that only these are installed (Busybox will be installed later thanks
to its optional dependency on iputils, but it will not override the
tools installed by iputils).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
systemd-journal-remote was added in systemd v211, so add a new option
to enable or disable it.
Signed-off-by: Yi Zheng <goodmenzy@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Apply LIBGLIB2_REMOVE_BINDIR_PREFIX_FROM_PC_FILE to gio-2.0.pc so
${bindir} prefix is also removed for gbus-codegen otherwise build of
packages using this binary will fail if gbus-codegen is not installed on
host
Fixes:
- http://autobuild.buildroot.org/results/5c0e4f3d33e01198688d58388aabe159bd005234
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes CVE-2019-10160: urlsplit does not handle NFKC normalization (2nd fix)
While the fix for CVE-2019-9936 is included in 3.7.3, the followup
regression fixes unfortunatly aren't.
https://bugs.python.org/issue36742
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes CVE-2019-9636: urlsplit does not handle NFKC normalization
https://bugs.python.org/issue36216
The fix unfortunately introduced regressions, so also apply the followup
fixes.
https://bugs.python.org/issue36742
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This includes the following changes:
0ff01ae v0.0.11
b217774 Add configure switch for error logging
15af38a Add compile option to disable error logging
9679a3f Add interface to retrieve link statistics
6f13cef Get link information only from specified interface
f5392c3 Fix parse_rtattr() does not completely initialize
4ea9ec7 Update can_set_ctrlmode() documentation
5938ac7 Update CAN netlink header
0c91940 GNUmakefile: include LICENSE file in tarball
4608afb configure: back to trunk
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Removed patch applied upstream:
242c2c9a18
Bundled pugixml was removed:
433ce65b68
Use host-pugixml instead and bump to HEAD to include a patch which
fixes a linking error:
41063c3e1d
Updated license hash due to upstream commit:
f255d61ffd
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
authentication for identities that differ from the user running the
DBusServer. Previously, a local attacker could manipulate symbolic links
in their own home directory to bypass authentication and connect to a
DBusServer with elevated privileges. The standard system and session
dbus-daemons in their default configuration were immune to this attack
because they did not allow DBUS_COOKIE_SHA1, but third-party users of
DBusServer such as Upstart could be vulnerable. Thanks to Joe Vennix of
Apple Information Security.
For details, see the advisory:
https://www.openwall.com/lists/oss-security/2019/06/11/2
Also contains a number of other smaller fixes, including fixes for memory
leaks. For details, see NEWS:
https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12/NEWS
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Nehalem, the predecessor to westmere, is best match for westmere
architecture in current openblas.
Signed-off-by: Esben Haabendal <esben@geanix.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The westmere line of x86_64 targets lies between nehalem (corei7) and
sandybridge (corei7-avx). Allowing use of -march=westmere enables use of
AES instruction set on these targets.
Signed-off-by: Esben Haabendal <esben@geanix.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The licensing text in README.md has changed slightly. The reference to
COPYING.LESSER has been removed. The file itself has been gone for awhile
now. COPYING.thirdparty has also been renamed to THIRDPARTY.
Release notes:
https://mariadb.com/kb/en/library/mariadb-10315-release-notes/
Changelog:
https://mariadb.com/kb/en/mariadb-10315-changelog/
Fixes the following security vulnerabilities:
CVE-2019-2614 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Replication). Supported versions that are affected
are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to
exploit vulnerability allows high privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
CVE-2019-2627 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: Security: Privileges). Supported versions that are
affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior.
Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability
to cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server.
CVE-2019-2628 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and
prior and 8.0.15 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changes include:
- Change the package type to meson, as autoconf is no longer supported.
- Add 0002-add-option-to-build-tests.patch
Upstream won't build tests when cross-compiling. However; this means still
building the tests during a host build. Building the tests causes build
failures on older distributions such as CentOS 6 and Debian 7 because of
the command `objcopy --add-symbol` is used when building the test
"test_resources2," which is not available with the older version of
objcopy provided by the distributions.
- Add 0003-remove-cpp-requirement.patch:
C++ is not needed when just compiling. The inclusion of C++ in meson.build
is to ensure libglib doesn't accidentally use C++ reserved keywords in
public headers. Because tests aren't being compiled, there is no need for
C++ as a requirement.
(https://gitlab.gnome.org/GNOME/glib/issues/1748)
- Add 0004-Add-Wno-format-nonliteral-to-compiler-arguments.patch:
This prevents a false error when compiling against older gcc versions.
(https://gitlab.gnome.org/GNOME/glib/issues/1744)
- Remove 0004-Do-not-hardcode-python-path-into-various-tools.patch:
The switch to meson makes this obsolete.
- Remove LIBGLIB2_AUTORECONF = YES from libglib2.mk:
Now that libglib2 is a meson package, there is no need for AUTORECONF.
- Remove LIBGLIB2_INSTALL_STAGING_OPTS from libglib2.mk:
Meson resolves these correctly.
- Add LIBGLIB2_REMOVE_BINDIR_PREFIX_FROM_PC_FILE in libglib2.mk:
Newer versions of libglib2 prefix glib-genmarshal, gobject-query, and
glib-mkenums with ${bindir}. Unfortunately, this will resolve to the host
systems /bin/ directory, which will cause compilation issues if the host
does not have these programs. By removing the ${bindir}/ prefix, these
programs are resolved in PATH instead.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Remove patch with NLS fix because it is was added into latest version.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add an from from upstream to fix linking Gerbera with taglib. The patch
fixes the following issue:
When cross-compiling CMakes `find_program()` will search for binaries on the
host. This is typically correct, e.g. when search for compilers or shells.
When cross-compiling, searching for `taglib-config` using `find_program` should
not find the binary on the host, instead it should find the binary in the sysroot
directory, as the host `taglib-config` will output the wrong host paths
and libs, whereas the sysroot `taglib-config` will output the correct sysroot
paths and libs.
Therefore, use the `CMAKE_FIND_ROOT_PATH_MODE_PROGRAM` variable when
cross-compiling. This variable controls whether the `CMAKE_FIND_ROOT_PATH`
and `CMAKE_SYSROOT` are used by find_program().
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The current taglib-config program does not work when cross-compiling as it only
returns paths to the host, which breaks building programs which link against
taglib.
For example gerbera uses `taglib-config` and it fails with:
```
[..]
-- Found TagLib: -L/usr/lib -ltag
[..]
arm-linux-gnueabihf-g++: ERROR: unsafe header/library path used in cross-compilation: '-L/usr/lib'
```
Before the patch the output of `taglib-config` is:
```
$ ./output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/bin/taglib-config --libs
-L/usr/lib -ltag
```
Add a patch from upstream which fixes taglib-config.
After applying the fix, the pkg-config file is correct:
```
$ ./output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/bin/taglib-config --libs
-L/home/joerg/Development/git/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib -ltag
```
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
New features in this release:
- Improved documentation
- delta updates based on rdiff library
- support for libubootenv
- dry-run option
- CA certificates for signed images
- Fix security leak in parser
This commit also:
- introduce BR2_PACKAGE_LIBRSYNC for 'rdiff' Handler. No HAVE_* is
needed, it just declares the functions locally and links with
-lrsync.
- introduce BR2_PACKAGE_LIBUBOOTENV
- drop upstreamed patch
- backport upstream patches (important fix)
- regenerate the default swupdate.config. Now CONFIG_GUNZIP is always
enabled because gunzip is provided by the default busybox config.
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
[Arnout: don't mention ZLIB in help text for libubootenv, since it is
select'ed by libubootenv.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Bump Linux to 5.1 and U-Boot to version 2019.01.
U-Boot patch is no longer needed, applied upstream.
U-Boot defconfig name for this board has changed to pico-pi-imx7d.
U-Boot now supports distrobootcmd for this board, so add the appropriate
extlinux.conf and use SPL+u-boot.img instead of u-boot.imx. Note that
the common freescale post-image script handles things appropriately
based on the selected options in .config.
dosfstools and mtools are no longer needed to build the image.
Signed-off-by: Joris Offouga <offougajoris@gmail.com>
Tested-by: Pierre-Jean Texier <pjtexier@koncepto.io>
[Arnout: remove BR2_PACKAGE_HOST_DOSFSTOOLS and BR2_PACKAGE_HOST_MTOOLS]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Modern U-Boot assumes a layout where the first partition is an ext2 and
the kernel and dtb can be found in /boot. In other words, a layout
without boot partition.
Add a genimage.cfg template for the freescale defconfigs with such a
layout.
For now, only the layout with SPL+u-boot.img is added. It's unlikely that
the u-boot.imx approach will be used.
Signed-off-by: Joris Offouga <offougajoris@gmail.com>
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Tested-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Patch is not needed since
32838c93a5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The current logic will set the "-static" flag when building go
host packages if BR2_STATIC_LIBS is set, this will not work as
there is no support to link host packages statically.
Fix this by applying this logic only for target builds.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
For the boot image creation for the i.MX8MM, the main differences with
i.MX8M are that there is no HDMI firmware image passed, and the ATF
load address is different.
Signed-off-by: Julien Olivain <juju@cotds.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>