Fixes security bugs CVE-2017-11103 & CVE-2017-6594
Changed upstream tarball location as noted in the release notes:
http://www.h5l.org/releases.html?show=7.4.0
--with-db-type-preference= is needed to fix a build error:
CCLD otp
../../lib/otp/.libs/libotp.a(otp_db.o): In function `otp_get_internal':
otp_db.c:(.text+0x32): undefined reference to `__roken_dbm_fetch'
otp_db.c:(.text+0xd9): undefined reference to `__roken_dbm_store'
../../lib/otp/.libs/libotp.a(otp_db.o): In function `otp_db_open':
otp_db.c:(.text+0x1c9): undefined reference to `__roken_dbm_open'
../../lib/otp/.libs/libotp.a(otp_db.o): In function `otp_db_close':
otp_db.c:(.text+0x205): undefined reference to `__roken_dbm_close'
../../lib/otp/.libs/libotp.a(otp_db.o): In function `otp_delete':
otp_db.c:(.text+0x23e): undefined reference to `__roken_dbm_delete'
../../lib/otp/.libs/libotp.a(otp_db.o): In function `otp_put':
otp_db.c:(.text+0x388): undefined reference to `__roken_dbm_store'
collect2: error: ld returned 1 exit status
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add initial support for nanopi-m1-plus board
with below features
- U-Boot 2017.07-rc3
nanopi-m1-plus dts support is present in rc3 version
- Linux 4.11.5
- linux patches to add nanopi-m1-plus dts
- Default packages from buildroot
Signed-off-by: Chakra Divi <chakra@openedev.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that we have 0001-remove-__FAVOR_BSD.patch in uClibc-ng (which is
upstream and will be part of uClibc-ng 1.0.26), we no longer need the
work-around patch in the ndisc6 package.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This variable is currently not used by anyone.
The value is changed to match the path to DL_DIR.
The next patch will introduce the use of PKG_DL_DIR for packages that
use specific EXTRACT_CMDS.
And then we will be able to change the value of PKG_DL_DIR to create a
new directory structure in DL_DIR with a subdirectory for each package.
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Building host-aespipe fails on Debian stretch at linking stage:
/usr/bin/gcc -L/home/buildroot/br6/output/host/lib -L/home/buildroot/br6/output/host/usr/lib -Wl,-rpath,/home/buildroot/br6/output/host/usr/lib -o aespipe aespipe.o aes-amd64.o md5-amd64.o md5-2x-amd64.o aes-intel64.o sha512.o rmd160.o
/usr/bin/ld: aes-amd64.o: relocation R_X86_64_32S against `.rodata' can not be used when making a shared object; recompile with -fPIC
The same problem apparently exists on recent Ubuntu and Gentoo.
Fix is also used in Debian:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837393
[Peter: add comment explaining why]
[Arnout: use host-cc-option to discover if -no-pie is available;
cfr. 57b628a932]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This macro allows to test if HOSTCC supports a specific option. It is
needed to pass '-no-pie' on recent Debian, Ubuntu and Gentoo hosts.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since it supports each variants individually, it should also supports
the big.LITTLE configurations.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Cyril Bur <cyrilbur@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The big.LITTLE configurations can be optimised for by gcc, and a few
users wonder what they should choose when they have such CPUs.
Add new entries for those big.LITTLE configurations.
Note: the various combos were added in various gcc versions, but only
really worked in later versions:
Variant | Introduced in | First built in
----------+---------------+----------------
a15-a7 | 4.9 | 4.9
a17-a7 | 5 | 5
a57-a53 | 4.9 | 6
a72-a53 | 5 | 6
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Move all architecture options to their own symbol, so that it is easier
to add more variants in the future.
The dependency on cross-gcc >= 4.5 is only valid for i386, as we use the
host gcc for x86_64. Adapt the dependency accordingly.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Cyril Bur <cyrilbur@gmail.com>
[Thomas:
- add comment about host gcc >= 4.5 dependency on x86-64
- remove bogus "depends on ... if ..." construct.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Now that the build of efivar with gcc 7.x has been fixed by commit
0ca3017034 ("efivar: fix build with gcc
7"), efibootmgr fails similarly with gcc 7.x.
This commit backports an upstream patch that fixes this issue.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Depending on Python implementation used for testing, time it takes to
perform a given test can vary pretty significantly. To accout for that
allow individual test functions to specify different timeout value.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In order to be able to leverage the same test code for testing
different python interpreters (or wrappers around CPython) allow child
classes of TestPythonBase to override the name of the executable used
to run tests.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add Python3 version of TestPython2 to make sure both versions of
Python get unit-tested.
Modify the code of libc_time_test() to support that change (convert
the code to use Python3-style "print").
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
[Thomas: update .gitlab-ci.yml.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Select the new package by the legacy option for easier update.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: use SPDX license code.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since the bump of ICU to 59.1, it needs C++11. cppcms has been updated
with the appropriate dependency on gcc >= 4.8, but it also needs
-std=c++11. Therefore, this patch complements the CXXFLAGS passed to
cppcms by adding what icu-config reports, in a manner similar to what
was done to fix the same issue in the PHP package in commit
214a76d045 ("package/php: fix icu
support").
Fixes:
http://autobuild.buildroot.net/results/f05d9999f1f3248b6a50f14de476108028ed047e/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Convert TestPythonBase to a true base class that only provides code
implementing various tests without defining tests themselves in a
"discoverable" form.
To retain correct testing functionality, add TestPython2 derived class
that uses code from TestPythonBase to define actual runnable test.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Tested-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
[Thomas: fix typo in commit log, update .gitlab-ci.yml, both pointed
by Ricardo.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Some commands take more than 5 seconds to complete under QEMU, so add
provisions to allow individual unit-test to specify different duration
to avoid false negative test failures.
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Tested-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently, remounting / read-write (or not) is done by the skeleton
package when the init system is either busybox or sysvinit, by
registering a target-finalize hook; it is not done at all for systemd.
Move registering this target-finalize hook to both of busybox and
sysvinit. Leave systemd alone, we'll take care of it later.
Rename the macro to a more meaningful name, and move it to system.mk
with the other such macros.
Yet a little bit less init-system knowledge in the skeleton.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Thomas: remove not-so-useful comments, as pointed by Arnout.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently, setting the getty is done:
- by the skeleton package when the init system is either busybox or
sysvinit;
- by the systemd package when the init system is systemd;
both by registering a target-finalize hook.
This is not very consistent.
Move setting the getty out of the skeleton and into the package that
provides the init system, by registering a per-package target-fialize
hook.
This offloads yet a bit more out of the skeleton, so that it is easier
to properly separate the skeletons for the various init systems.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Some macros, soon some variables, currently defined in the skeleton are
going to be used by other packages.
Some of those variables will be used as Makefile conditions (e.g. in
ifeq() conditions), so they *must* be defined before being used.
Since the skeleton package, starting with an 's', is included quite
late, those variables would not be available to most packages.
Offload the existing macros into the new system/system.mk file, that is
included early, before any package is. Rename the macros to appropriate
names.
Future commits will add new macros and variables in that file.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Rather than duplicate that code in all skeleton packages, make this a
macro, so that it is easier to use.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
ffmpeg always enables support for nvenc/cuda even if their support
libraries are not present:
External libraries providing hardware acceleration:
cuda cuvid nvenc
[...]
Enabled hwaccels:
h264_cuvid mjpeg_cuvid mpeg2_cuvid vc1_cuvid vp9_cuvid
hevc_cuvid mpeg1_cuvid mpeg4_cuvid vp8_cuvid
This leads to a crash in freeswitch git master when transcoding video
streams on a system without nvidia hardware:
2017-07-22 15:06:27.306760 [INFO] avcodec.c:1077 initializing encoder 352x288
2017-07-22 15:06:27.306760 [NOTICE] avcodec.c:828 NVENC HW CODEC ENABLED
This patch disables the support of nvidia hardware acceleration support
for now until the needed packages are added to buildroot. For details
about this please refer to https://developer.nvidia.com/ffmpeg
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The rsync command is currently called from a single location. In
follow-up patches, it will be called from various places then.
It will be easier to update and fix this command if it is defined in a
single location, rather than if duplicated in many places.
Define a macro that skeleton packages can call to install their skeleton
directories. Since at least one occurrence of it will want to install in
staging, the macro must accept a destination path, rather than hard-code
target as the destination.
Since it is to be used by other skeleton packages, define it early,
outside of any conditional block.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We currently skip the skeleton dependency by checking if the current
package is the skeleton.
We are going to introduce more skeleton-related packages, so we
need a way to exclude the skeleton dependency for those, or we'd
get a circular dependency, for the same reason we need to skip
the toolchain dependency.
Instead of checking for all the skeleton-providing packages in the core
infra, add a new package options so that packages can express they do
not need the dependency on the skeleton, like we have an option to avoid
the depednency on the toolchain. The only packages that will use that
option are probably the skeletons, so we need not document this
variable, like we did not document the option to exclude the dependency
on the toolchain.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
PaX regression test suite
Signed-off-by: David Graziano <david.graziano@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Here are the main U-Boot modifications:
- Rebase on top of mainline 2017.03 release
- Fix sparse image flashing issues
Here are the main Linux modifications:
- Add mma8451 driver support
- Fix possible TiWi spurious interrupts issue
- Fix Ethernet interrupt parent issue
- Add USB Type C TUSB320 controller support
- Add SOM2 i.MX6DL and i.MX6QP variants
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Patches 0001 to 0004 were upstream backports, so they have been
dropped. Patch 0005 has been upstreamed as commit
af5fb3d6e7. Therefore,
all 5 patches are dropped.
Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We use a separate make target to build a relocatable SDK. We first
sanitize the RPATH in host tree. Next we also sanitize the
staging tree. Therefore "sdk" must depend on world.
Sanitizing staging is not really needed, in the sense that any rpath
in there is simply not going to be used. We want to sanitize staging
for the following reasons:
- To avoid leaking references to the original output directory. This
way, we can validate that the SDK is relocatable by running a simple
"grep -r ${BASE_DIR} ${HOST_DIR}". Obviously RPATH sanitization is
not sufficient (e.g. also the references to source files have to be
stripped), but it's a step in the right direction. This reason is
obviously only relevant for the SDK.
- To make sure that when an executable is copied to target that it
actually executes correctly. Since within Buildroot we never copy
stuff from staging to target, this is clearly only relevant for
the SDK.
Finally we install the script "relocate-sdk.sh" into the top directory
of the SDK (HOST_DIR) and the SDK location path is stored in the file
"HOST_DIR/share/buildroot/sdk-location"-
Signed-off-by: Wolfgang Grandegger <wg@grandegger.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit adds a patch to the libmemcached package that fixes the
build with gcc 7.x. Since libmemcached is barely maintained upstream,
the patch comes from the Fedora packages.
Fixes:
http://autobuild.buildroot.net/results/872b8e0e6a24cbc96e3ad9e0b8b47acdf6160ce0/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Upstream project has dropped all runtime dependencies.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-mfpxx option was added in gcc-5.1.0 so make sure that users cannot
select the "xx" fp32 mode when using toolchains that have a gcc older
than 5.1.0.
-mfp32 and -mfp64 were added in gcc-4.1.0, so given the older gcc
version we support in Buildroot (in the GCC_AT_LEAST options) is 4.3 we
don't need to do anything else for them.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-mnan option was added in gcc-4.9.0 so make sure that users cannot
select the NaN mode when using toolchains that have a gcc older
than 4.9.0, and also make sure that the -mnan option is not passed at
all to the toolchain-wrapper and target cflags.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>