If support for extended attributes is enabled, then we can use them to
store capabilities. If not, we keep using the setuid bit.
arping does not get a capability, as it can be used for arp poisoning.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
[yann.morin.1998@free.fr:
- resort to using q full-fledged conditional block
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
arping can be used for arp poisoning, so it should really not be setuid.
Reported-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Acked-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Remove patch, it is not needed anymore as CFLAGS/LDFLAGS are now
correctly passed to extract_compressed_fs. CFLAGS/LDFLAGS are not
passed to cloop_suspend but it isn't built. Moreover original CFLAGS
are lost but this is acceptable)
- Switch site to http://snapshot.debian.org/archive/debian as
http://debian-knoppix.alioth.debian.org/packages/sources/cloop is not
available anymore
- Add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
host-cloop needs _GNU_SOURCE for loff_t otherwise build fails with gcc
8.3.0 on:
extract_compressed_fs.c: In function 'main':
extract_compressed_fs.c:55:2: error: unknown type name 'loff_t'; did you mean 'off_t'?
loff_t *offsets;
Fixes:
- No autobuilder failures
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the build of host-qemu with virtfs enabled: fix a typo in makefile
conditional and add a dependency on host-libcap as that is a dependency of
virtfs support:
if test "$virtfs" != no && test "$cap" = yes && test "$attr" = yes ; then
virtfs=yes
The virtfs configuration option was added by commit e0f49e6484
("package/qemu: add option to enable virtual filesystem in host qemu").
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
glib-networking uses the meson's shared_module function
This is a partly revert of commit
ed3eef6bb4 'package/glib-networking: bump
to version 2.61.1' re-adding the dynamic library dependency due to the
meson's build system and not from gnutls
Fixes:
- http://autobuild.buildroot.org/results/60037e37e020404485df9814f3f3ad4e3b2abdb3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libxml2 is needed during Windows builds to populate the COFF
file manifest info. This isn't required for Linux builds.
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issues:
CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator
If django.utils.text.Truncator's chars() and words() methods were passed the
html=True argument, they were extremely slow to evaluate certain inputs due
to a catastrophic backtracking vulnerability in a regular expression. The
chars() and words() methods are used to implement the truncatechars_html and
truncatewords_html template filters, which were thus vulnerable.
The regular expressions used by Truncator have been simplified in order to
avoid potential backtracking issues. As a consequence, trailing punctuation
may now at times be included in the truncated output.
CVE-2019-14233: Denial-of-service possibility in strip_tags()
Due to the behavior of the underlying HTMLParser,
django.utils.html.strip_tags() would be extremely slow to evaluate certain
inputs containing large sequences of nested incomplete HTML entities. The
strip_tags() method is used to implement the corresponding striptags
template filter, which was thus also vulnerable.
strip_tags() now avoids recursive calls to HTMLParser when progress removing
tags, but necessarily incomplete HTML entities, stops being made.
Remember that absolutely NO guarantee is provided about the results of
strip_tags() being HTML safe. So NEVER mark safe the result of a
strip_tags() call without escaping it first, for example with
django.utils.html.escape().
CVE-2019-14234: SQL injection possibility in key and index lookups for
JSONField/HStoreField
Key and index lookups for django.contrib.postgres.fields.JSONField and key
lookups for django.contrib.postgres.fields.HStoreField were subject to SQL
injection, using a suitably crafted dictionary, with dictionary expansion,
as the **kwargs passed to QuerySet.filter().
CVE-2019-14235: Potential memory exhaustion in
django.utils.encoding.uri_to_iri()
If passed certain inputs, django.utils.encoding.uri_to_iri could lead to
significant memory usage due to excessive recursion when re-percent-encoding
invalid UTF-8 octet sequences.
uri_to_iri() now avoids recursion when re-percent-encoding invalid UTF-8
octet sequences.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We don't use "make install" for the target installation so we must pick
the executables from the ".libs" directories on which libtool generates
them otherwise we install the automatically generated wrapper scripts.
This was not necessary before the upgrade to version 4.4.1.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=12051
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove patch (already in version) and drop AUTORECONF as it is not
needed anymore
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove both patches (already in version) and drop AUTORECONF as it is
not needed anymore
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Even though the hash of the license file changes, there are no changes
in the licensing terms themselves. There are changes in other parts of
readme.md, and whitespace changes in the licensing terms, but no
licensing term changes per-se.
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
[Thomas: add explanation about the license file hash change]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
the module std.normalize is no longer a dependency
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The major bottleneck in pkg-stats is the time spent waiting for
answers from remote servers. Two functions involve such communication
with remote servers:
- 'check_package_urls' which checks that each package upstream website
is up, it is efficient due to the use of process-pools thanks to
Matt Weber.
- 'check_package_latest_version' which fetches the latest package
version from release-monitoring, it uses a http-pool but runs
sequentially.
This patch extends the use of process-pools to 'check_latest_version'.
Due to some limitations of multiprocess callbacks, this patch loses
the overall progress of packages in favour of just the current package
name.
Runtimes for this function are ~3m vs ~25m for the linear version.
Tested on an i7 7500U (2/4 cores/threads @3.5GHz) with 15ms ping.
Note: There have already been work trying to parallelize this function
using threads but there were a failure on some configurations [1].
This implementation rely on a dedicated module already in use on this
script, so it's unlikely to see failure with this version.
[1] http://lists.busybox.net/pipermail/buildroot/2018-March/215368.html
Signed-off-by: Victor Huesca <victor.huesca@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
- blank space before ':'
- unused 'o' variable left from a previous patch
- bad continuous alignment
Signed-off-by: Victor Huesca <victor.huesca@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
PowerPC kernel developers were after a userspace for testing 32-bit
powerpc kernels. This machine both suits that requirement and has
support in qemu. It's also a fairly common piece of 32-bit ppc hardware.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Tested-by: Daniel Axtens <dja@axtens.net>
[Peter: lock kernel/headers to 5.2.4]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 23c0e97b29 (toolchain-external: anchor sysroot regex with /)
tried to make the find-sysroot work more consistently, especially for
toolchains where the C library is located in a sub-directory, like the
"Realtek mips toolchain".
After that patch, the '/' that was trailing in the returned path got
removed now. This in turn breaks the Codesourcery toolchain.
We fix that by appending the now-missing trailing '/'.
Fixes:
http://autobuild.buildroot.net/results/9284d571668148febce23d96a9c0a97a6b2b43dc
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: 陈小 刚 <shawn_chen@realsil.com.cn>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Upstream changes:
- libpdbg API clean-up
- Path based targetting
- POWER8 sreset fixes
- gdbserver
This also adds the v back to the version string that pdbg's build system
uses, following the recent buildroot changes to remove "v" from package
versions.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently the BR2_LINUX_KERNEL_DTB_IS_SELF_BUILT option is only
available to be selected by another config option. This option controls
if the Linux build system should build the DTB itself, or if buildroot
explicitly calls the Linux Makefile like "make something.dtb".
My use case: I want to build an OpenRISC image with a custom device tree
file. OpenRISC does not support appended DTBs, and I'm not using a
bootloader, but link everything into a single kernel (vmlinux) image.
The kernel option CONFIG_OPENRISC_BUILTIN_DTB allows me to specify a dtb
file, which is typically located in the kernel source tree in
arch/openrisc/boot/dts/NAME.dts.
Since my dts file is not part of the upstream kernel, I have two
options: either patch the kernel to include the DTS file, and then
specify it using the CONFIG_OPENRISC_BUILTIN_DTB option.
Or use buildroot's BR2_LINUX_KERNEL_CUSTOM_DTS_PATH config option to
copy any DTS file to the kernel source tree, and then specify this file
with CONFIG_OPENRISC_BUILTIN_DTB as before.
However, the second option also requries the buildroot option
BR2_LINUX_KERNEL_DTB_IS_SELF_BUILT to be set, otherwise I end up with a
"make -C kerneldir NAME.dts" call, which doesn't work (no such target
exists).
Currently the BR2_LINUX_KERNEL_DTB_IS_SELF_BUILT option exists, but it's
not visible/available. Simply making it available solves the problem for
me nicely.
Signed-off-by: Philipp Wagner <mail@philipp-wagner.com>
[Arnout: add help text]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- Switch site, see
975fd7331d:/README
- Switch to autotools (and so drop second patch on Makefile: if there is
some errors raised by -Werror, we'll fix them)
- Update first patch by upstream commit
- Add hash for license file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Set USE_GETTEXT depending on BR2_SYSTEM_ENABLE_NLS as otherwise build
will fail if gettext is not installed on host because USE_GETTEXT is
enabled by default since version 20190324 and
2615a52720
Fixes:
- http://autobuild.buildroot.org/results/127823ddbd75336abc0fe0e9bd11e4f5249df87c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The proj package exhibits gcc bug 68485 when built for the Microblaze
architecture with optimization enabled, which causes a build failure.
As done for other packages in Buildroot work around this gcc bug by
setting optimization to -O0 if BR2_TOOLCHAIN_HAS_GCC_BUG_68485=y.
Fixes:
http://autobuild.buildroot.net/results/e61/e61bd55067071415223e523a81de3c2e9cafea6f/
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Tested-by: Zoltan Gyarmati <zgyarmati@zgyarmati.de>
Acked-by: Zoltan Gyarmati <zgyarmati@zgyarmati.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also remove PROJ.4 dependency, as upstream decided to
drop it.
Signed-off-by: Zoltan Gyarmati <zgyarmati@zgyarmati.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The pkg-stats calls 3 times `make` to get a bunch of variables. These
variables can be obtained in only one make invocation. This patch
replaces the three calls by just one and adjusts the parsing logic
accordingly.
Note: another option suggested by Arnout would be to run `make
show-info` that produces a json with the necessary variables. This
would avoid the duplicated effort done in pkg-stats and pkg-utils and
allow to add other infos to pkg-stats like dependencies, reversed
dependencies or if the package is virtual.
In order to use this method, the following changes are required in
pkg-generic's show-info:
- include license_files;
- have an option to run it on *all* packages, not just the selected
ones.
This patch take the simplest approach of only factorizing the make
calls as it requires less changes.
Signed-off-by: Victor Huesca <victor.huesca@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit a0b0976c93 (support/testing: add luaposix test) added a new test,
but forgot to update .gitlab-ci.yml. Do that now.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This can be useful for Python scripts running on a host machine that
need to connect to a bus on a remote device, e.g. test scripts.
The target dbus-python depends on dbus instead of selecting it because
dbus has dependencies that check that it is supported. Using 'select'
would override those dependencies. For host-dbus, there are no such
checks -- it's assumed the host has the features neeeded to run dbus, so
it is okay to just depend on host-dbus.
The pyexpat dependency is not needed, as it is forced on for
host-python.
Signed-off-by: Brent Generous <bgenerous@impinj.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch adds support to extract compiled in default env
via u-boot's get_default_envs script and generate env image from it.
Signed-off-by: Denis Osterland <Denis.Osterland@diehl.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop dependency on libuuid as it got removed in v1.6. From ChangeLog.txt:
1.6 - 20190417
==============
- Improved general support for broker generated client ids. Removed libuuid
dependency.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
[Peter: explain why libuuid isn't needed any more]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We used to build everything for pretty much baseline ARC HS capable
of runnig Linux kernel, which was ARC HS38/48 with MMU and caches.
But there's a fully featured ARC HS with additional support for
- Dual & quad integer multiply and MAC operations
- Double-precision floating-point unit
It corresponds to the following ARC HS templates in ARChitect: hs38_slc_full.
In fact existing HSDK board uses exactly this configuration in its SoC
and this is recommended configuration for Linux use-cases.
To make life simpler we have corresponding "-mcpu" and "--with-cpu"
options in ARC GCC port so we're going to use it and get binaries
built accordingly optimized.
And while at it added help message so users may better understand
what they are dealing with.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Adds the c-capnproto package. This creates a C plugin for the regular
capnproto capnpc compiler. It supports only serialization (no RPC).
Since it depends on capnproto, the package selects capnproto and has the
same requirements as capnproto.
The host version is always needed for the code generator, which is what
gets called by packages using it. The target version is also always
needed for the library. Therefore, no Config.in.host option is needed.
We need to use the git download method because the package has
submodules. The submodule is gtest, which is not really needed, but it's
complicated to remove the dependency.
The version is the latest upstream git hash. It is version 0.3 with just
two patches applied: one to the README file, and a fix submitted by us.
Signed-off-by: Joel Carlson <JoelsonCarl@gmail.com>
[Arnout:
- use latest upstream version which has patch already applied;
- mark in Config.in that dependencies come from capnproto;
- add some newlines to .mk file;
- updated commit message.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since it's used only for the HTML output, and all other functions used
for HTML output are prefixed by dump_html, let's do so for
dump_gen_info() as well by renaming it to dump_html_gen_info().
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The 'dump_html' and 'dump_json' both include commit infos as well as the
current date. It make more sense to retrieve these information once.
This patch simply does this factorization.
Signed-off-by: Victor Huesca <victor.huesca@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
