host-pkg-conf is already in default lynx's dependencies so remove it
from openssl condition block.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In case of BR2_STATIC_LIBS=y the linking with libidn fails because
linker can't resolve libiconv symbols needed by libidn. Fix it by
required LIBS for libidn generated by pkg-conf.
The issue can be reproduced with the following defconfig:
BR2_x86_i686=y
BR2_STATIC_LIBS=y
BR2_PACKAGE_LIBICONV=y
BR2_PACKAGE_LIBIDN=y
BR2_PACKAGE_LYNX=y
Fixes:
http://autobuild.buildroot.net/results/23a421e15c32b17ff2f69f183a2e8620ecb93316/
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
woff2 depends on C++ so add a comment if C++ is not enabled
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Static linking does not work properly in netsurf, nobody fixed it, and
the netsurf build system is completely broken. Let's disable the
package for static linking configurations.
Fixes:
http://autobuild.buildroot.net/results/28b43c29e241080e23c87145797ea00dc4b3970d/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/eeb2863c6237aac8428e49a5ee514d43088b0fb8http://autobuild.buildroot.net/results/f938fd1515f1d6e11b57aa6e314135789da52a44
In commit 6da049f8ae ("package/netsurf:
fix build"), the CC variable passed to netsurf's build system was
extended to pass some special -I and -L options needed for netsurf to
find its own headers/libraries.
Unfortunately, on some systems (including mine), it breaks the build,
due to:
toolpath_ := $(shell /bin/which $(CC__))
when $(CC__) contains some -I/-L options, they are considered to be
options "to which", which causes the funny:
/usr/bin/make install --directory=libnslog HOST=arm-buildroot-linux-uclibcgnueabi PREFIX=/home/thomas/projets/outputs/shared-netsurf/build/netsurf-3.8/tmpusr Q=@ WARNFLAGS='-Wall -W -Wno-error' DESTDIR=
make[3]: warning: jobserver unavailable: using -j1. Add '+' to parent make rule.
/bin/which: invalid option -- 'I'
/bin/which: invalid option -- '/'
/bin/which: invalid option -- 'h'
/bin/which: invalid option -- 'o'
/bin/which: invalid option -- 'm'
/bin/which: invalid option -- 'e'
/bin/which: invalid option -- '/'
/bin/which: invalid option -- 't'
/bin/which: invalid option -- 'h'
/bin/which: invalid option -- 'o'
/bin/which: invalid option -- 'm'
/bin/which: invalid option -- 's'
/bin/which: invalid option -- '/'
[...]
/bin/which: invalid option -- 'l'
/bin/which: invalid option -- 'b'
/bin/which: --read-alias, -i: Warning: stdin is a tty.
and the build simply hangs.
We cannot pass CFLAGS/LDFLAGS as make options, as they would override
the CFLAGS definitions in netsurf Makefiles. However, those Makefiles
use the construct:
CFLAGS := $(CFLAGS) -more-flags
so by passing CFLAGS and LDFLAGS through the make environment, which
can achieve our goal.
It is worth mentioning that it remains very fragile, because
CFLAGS/LDFLAGS are used both for building target objects but also some
host tools. The netsurf build system is really not good.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit b2e16ea64a tried to remove
gstreamer 0.10 support by removing its dependency but this was just
masking the issue as we have a build failure with gstreamer 0.10
So put back this dependency.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
preadv/pwritev don't provide separate version for 64-bit wide off_t,
and default to 32-bit wide off_t, which results in a mismatch between
declaration and definition for user programs built with
-D_FILE_OFFSET_BITS=64.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Between glibc 2.28 and glibc 2.29, commit
89983cb37c9319806a551e8fe9f3a11ff8f973e1 ("Update siginfo constants
from Linux kernel (bug 21286)") was merged. This commit moved the
TRAP_HWBKPT definition from an IA64-specific header to an
architecture-agnostic header.
This change exhibited a build issue that until then was only visible
on IA64 (which Buildroot does not support). This Buildroot commit
backports a patch from gdb upstream (which is in gdb since 8.2) which
mentions IA64 because it was originally meant to fix only the
IA64-related issue. But the glibc change, this change has become
visible on all architectures.
Fixes:
- No autobuilder failures
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Between glibc 2.28 and glibc 2.29, commit
89983cb37c9319806a551e8fe9f3a11ff8f973e1 ("Update siginfo constants
from Linux kernel (bug 21286)") was merged. This commit moved the
TRAP_HWBKPT definition from an IA64-specific header to an
architecture-agnostic header.
This change exhibited a build issue that until then was only visible
on IA64 (which Buildroot does not support). This Buildroot commit
backports a patch from gdb upstream (which is in gdb since 8.2) which
mentions IA64 because it was originally meant to fix only the
IA64-related issue. But the glibc change, this change has become
visible on all architectures.
Fixes:
- No autobuilder failures
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Install generated trusted shared libraries in the target file
system next to the trusted applications.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This change fixes the TA binary files install sequence that were
previously install in target filesystem though
OPTEE_OS_INSTALL_IMAGES_CMDS instead of expected
OPTEE_OS_INSTALL_TARGET_CMDS.
This change removes useless mkdir prior call to $(INSTALL) that
already handles parent directory creation when needed.
This change conditions the .ta files installation upon their
availability as they may exist or not depending on the exact OPTEE
version/configuration selected.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
CVE-2018-16860: The checksum validation in the S4U2Self handler in the
embedded Heimdal KDC did not first confirm that the checksum was keyed,
allowing replacement of the requested target (client) principal.
For more details, see the advisory:
https://www.samba.org/samba/security/CVE-2018-16860.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Between glibc 2.28 and glibc 2.29, commit
89983cb37c9319806a551e8fe9f3a11ff8f973e1 ("Update siginfo constants
from Linux kernel (bug 21286)") was merged. This commit moved the
TRAP_HWBKPT definition from an IA64-specific header to an
architecture-agnostic header.
This change exhibited a build issue that until then was only visible
on IA64 (which Buildroot does not support). This Buildroot commit
backports a patch from gdb upstream (which is in gdb since 8.2) which
mentions IA64 because it was originally meant to fix only the
IA64-related issue. But the glibc change, this change has become
visible on all architectures.
Fixes:
- http://autobuild.buildroot.org/results/a81eb395bd95306fcbb07c1443c9134fd63fa379
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Thomas: extend commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
mono needs a working C++ compiler to get the exact type of size_t since
version 5.16.0.179 and
d8af77551d
Fixes:
- http://autobuild.buildroot.org/results/ee6d037154127cc6572f06e9a78bae383ea381bc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In particular, the manual was incorrect when the user had selected an
out-of-tree build.
Signed-off-by: Charlie Turner <cturner@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
qt5enginio needs Qt5 with ssl support, a dependency could be added on
BR2_PACKAGE_QT5BASE_OPENSSL but this proposal was rejected in the first
iteration of this patch.
Qt5 has ssl support through libressl on Qt 5.6 or openssl in latest Qt
however we can't select libressl without adding a circular dependency as
some packages (such as sqlcipher) force openssl through
BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL.
Any solution at the Kconfig level that tries to select libressl will
lead to circular dependencies. Since Qt 5.6 is more or less deprecated
anyway, and since it is not tested in the autobuilders, solve this with
a comment. The comment is only shown for Qt 5.6, when libressl is not
selected. Note that it is also shown when qt5enginio is not selected.
Fixes:
- http://autobuild.buildroot.org/results/60678cab68ec9aa17184b8417b64b3b79adf428a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Use the TARGET_NLS_DEPENDENCIES and TARGET_NLS_LIBS variables to
correctly handle BR2_SYSTEM_ENABLE_NLS=y configurations.
Fixes:
http://autobuild.buildroot.net/results/dda70b5b88c75d36c61fbf1cc5fca16ea8414582/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add hint about which package needs to be installed to provide IA32 libs
support for the host when it is needed.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Following commit fee29b05bb
("configs/pc_x86_64_efi: use a GPT partition table"),
board/pc/grub-efi.cfg is no longer used anywhere: the
post-image-efi-gpt.sh script generates the grub configuration.
Also, since post-image-efi-gpt.sh generates a grub configuration file
that uses the root filesystem partition UUID as the root= kernel
argument, the instructions in the readme.txt file to tweak root= from
/dev/sda2 to /dev/vda2 is no longer relevant. This was noted in the
commit log of fee29b05bb:
The root filesystem location is passed to the kernel by a partition
UUID, so it is possible to boot on QEMU, directly from the disk image,
or dump the image to a physical device.
Fixes: #11841
Cc: Pete Morici <pmorici@dev295.com>
Cc: Carlos A. M. dos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2019-10129: Memory disclosure in partition routing
Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes
of server memory by executing a purpose-crafted INSERT statement to a
partitioned table.
CVE-2019-10130: Selectivity estimators bypass row security policies
PostgreSQL maintains statistics for tables by sampling data available in
columns; this data is consulted during the query planning process. Prior to
this release, a user able to execute SQL queries with permissions to read a
given column could craft a leaky operator that could read whatever data had
been sampled from that column. If this happened to include values from rows
that the user is forbidden to see by a row security policy, the user could
effectively bypass the policy. This is fixed by only allowing a
non-leakproof operator to use this data if there are no relevant row
security policies for the table.
For more details, see the release notes:
https://www.postgresql.org/about/news/1939/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Select bind instead of using the embedded bind libraries. This will help
managing correctly all the bind dependencies such as zlib
Fixes:
- http://autobuild.buildroot.org/results/a61f24e9f117c81893c58befb20d21179e61b85b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Don't enable server by default as dhcp will now select bind to use the
bind libraries
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Threads dependency has been added in 2015 with commit
07c1ad4647 however bind can be built
without threads thanks to --disable-threads
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Static build has been disabled in 2014 with commit
6045904752 however bind can be built
statically thanks to --without-dlopen so enable it back
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
lua plugin has been added in version 5.6.0 with
023092323c
Disabled it otherwise it'll be enabled if liblua is found
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 922b82bde9 added a dependency to
locale and updated comment text but forgot to add the !BR2_ENABLE_LOCALE
dependency to comment
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2019-11365: An issue was discovered in atftpd in atftp 0.7.1. A remote
attacker may send a crafted packet triggering a stack-based buffer overflow
due to an insecurely implemented strncpy call. The vulnerability is
triggered by sending an error packet of 3 bytes or fewer. There are
multiple instances of this vulnerable strncpy pattern within the code base,
specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and
tftp_mtftp.c.
CVE-2019-11366: An issue was discovered in atftpd in atftp 0.7.1. It does
not lock the thread_list_mutex mutex before assigning the current thread
data structure. As a result, the daemon is vulnerable to a denial of
service attack due to a NULL pointer dereference. If thread_data is NULL
when assigned to current, and modified by another thread before a certain
tftpd_list.c check, there is a crash when dereferencing current->next.
For details, see
https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities
Patch 0001-Makefile.am-link-against-libpthread-for-atftp.patch patches
Makefile.am, so add _AUTORECONF.
CFLAGS is now correctly handled since commit f9dbb96844167f (configure.ac:
fix hard setting of CFLAGS), so drop the workaround about passing
-fgnu89-inline in CPPFLAGS.
Add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
