This patch enables the inclusion of the Pi's overlays. Previously
the overlays were not included in the genimage configuration.
This patch ensures overlays are included in the sdcard (when
enabled) by defaulting to the inclusion of an empty
output/images/rpi-firmware/overlays directory in genimage cfg.
The Pi's overlays are built with the following config
variables:
BR2_PACKAGE_RPI_FIRMWARE=y
BR2_PACKAGE_RPI_FIRMWARE_INSTALL_DTBS=y
BR2_PACKAGE_RPI_FIRMWARE_INSTALL_DTB_OVERLAYS=y
BR2_LINUX_KERNEL_IMAGE_TARGET_CUSTOM=y
BR2_LINUX_KERNEL_IMAGE_NAME="Image"
BR2_LINUX_KERNEL_IMAGE_TARGET_NAME="Image modules dtbs"
After building, the dtbo files are present in the
output/images/rpi-firmware/overlays directory but not added
to the sdcard because they are missing from the genimage cfg
file.
Signed-off-by: Matt Flax <flatmax@flatmax.org>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Arnout: fix indentation, and add comment explaining why an empty
directory is created.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
--with-slang has to be given explicitly, otherwise the configure script
looks for slang.h in host directories.
Signed-off-by: Sven Oliver Moll <svolli@svolli.de>
[Arnout: add --with-slang config option]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
LibHTP is a security-aware parser for the HTTP protocol and the related
bits and pieces.
https://github.com/OISF/libhtp
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Thomas: always disable SSP, let our gcc/wrapper handle that]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
sconeserver can't be built statically since commit
a845798aa8
So drop unneeded workaround for statically linking with openssl
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
bind can't be built statically since commit
6045904752
So drop uneeded LIBS="-lz" which was added by commit
80ebf12906 to fix static build with
openssl
Also, drop ac_cv_func_EVP_{sha256,sha384,sha512} that was also added to
fix tests in static build by commit
26aefa672c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use pkg-config to find openssl dependencies such as lz or latomic
Fixes: static build on sparc v8 (even if there are no autobuilder
failures yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We currently do the Linux build as follows:
make <imagename>
if modules enabled; make modules; fi
However, Clement Léger recently reported that due to us not using the
"all" target, the GDB scripts that the kernel can build when
CONFIG_GDB_SCRIPTS is enabled are not built, since upstream kernel
commit 67274c083438340ad16c1437caebc84e1253b224 (merged in v5.1) moved
that logic to a separate scripts_gdb target, which is a dependency of
the "all" target.
While we could add some more logic to explicit generate the
"scripts_gdb" target, this logic would fail on Linux < 5.1 for which
this make target doesn't exist.
So instead, let's simplify the build logic, and use:
make all <imagename>
The "all" target automatically depends on "modules" if CONFIG_MODULES
is set, so we no longer need to explicit generate the "modules" target
separately.
As a result of this change, we may generate additional kernel images
compared to what was done previously, but such images would anyway not
be installed, and the additional build time is minimal.
We did some research as to why the kernel build was done like this in
Buildroot, and it's been like that since linux/linux.mk was added back
in 2010 by commit 487e21cff6 ("New,
simpler, infrastructure for building the Linux kernel").
Reported-by: Clément Leger <cleger@kalray.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
A patch was added to the Linux kernel in 5.1.0-rc3 which adds a
requirement that the host build environment include pkg-config. Add the
correct host-pkgconf dependency and environment variables to ensure
Linux picks up the correct libraries.
Move the existing LINUX_MAKE_ENV assignment earlier, to simplify the
append-assignment in the libelf conditional block.
Fixes: #11761
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Stuart Summers <stuart.summers@intel.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Arnout: extend commit message as suggested by Yann]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Use pkg-config to find openssl dependencies such as lz or latomic
Fix static build on sparc v8 (even if there is no autobuilder failures
yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Don't pass --with-openssl option to force softether to use pkg-config
(see autotools/ax_check_openssl.m4).
pkg-config will find openssl dependencies such as lz or latomic
Fix static build on sparc v8 (even if there is no autobuilder failures
yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
thrift uses pkg-config to find openssl dependencies such as lz or
latomic so drop unneeded workaround. This was a leftover from the very
first integration of thrift 0.9.1 in 2013.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Use pkg-config to find openssl dependencies such as lz or latomic
Fix build on sparc v8 (even if there is no autobuilder failures yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Use pkg-config to find openssl dependencies such as lz or latomic
Fix build on sparc v8 (even if there is no autobuilder failures yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Previously, the flake8 script didn't help us to detect when Python
scripts were incorrectly wrapped. Now, however, it does report such
errors.
Fix one such an error now.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
[Arnout: give commit message a more positive tone]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
After version bump, all sha256 were updated, but not the changed license
files paths for version 5.12.2.
Update license files paths for 5.12.2.
Fixes:
http://autobuild.buildroot.net/results/3812f4a6313fab57766c7b98defa723c58a8fa76/
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
In order to make the file easier to maintain, reorder the keys in a more
logical way:
Keep the docker image at the top.
Then all check-* jobs in the case-insensitive alphabetical order they
appear on Gitlab-CI pipeline results.
Then all keys related to defconfigs.
Finally all keys related to runtime tests.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- Switch site to https://github.com/ralph-irving/squeezelite.
Indeed the current upstream used in Buildroot has been automatically
exported from code.google.com/p/squeezelite and has seen no updates
since 4 years. Comparatively the new upstream is active (updated in
March 2019), includes the four out-of-tree patches we had, is
declared as the official repository on wikipedia
(https://en.wikipedia.org/wiki/Squeezelite), and drawn interest from
debian maintainer
(https://github.com/ralph-irving/squeezelite/issues/29).
- Remove all patches (already in version)
- Update hash of license file (new author added:
b8e5cd2d94)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
kmsro allow to support KMS displays with the renderonly layer used to
attach a GPU [1].
Quote from mesa3d meson.build: "kmsro driver requires one or more
renderonly drivers (vc4, etnaviv, freedreno)". But only vc4 support is
available by using the (deprecated) autotools build system [2].
This will also be used by mesa to support KMSRO with the upcomming
Panfrost and Lima Gallium drivers.
[1] https://cgit.freedesktop.org/mesa/mesa/commit/?id=ed65aeec7810a7d98a19461ba933bd77268cb0f6
[2] https://cgit.freedesktop.org/mesa/mesa/tree/configure.ac?h=mesa-19.0.1#n2864
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release 1.16.2 tarball doesn't contain all sublibraries license files
listed in the base LICENSE.txt file, one is missing, even though it is
present in the project Git repository.
This makes python-numpy-legal-info incomplete.
- Add patch to add missing sublibrary license file:
numpy/linalg/lapack_lite/LICENSE.txt
- its sha256 into hash file.
- update PYTHON_NUMPY_LICENSE adding:
BSD-2-Clause, PSF, Apache-2.0, MIT, Zlib
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Needed for Kodi 18.x-compatible version of kodi-screensaver-rsxs.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security vulnerabilities:
- CVE-2019-9494 (cache attack against SAE)
For details, see the advisory:
https://w1.fi/security/2019-1/sae-side-channel-attacks.txt
- CVE-2019-9495 (cache attack against EAP-pwd)
For details, see the advisory:
https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt
- CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
For details, see the advisory:
https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt
- CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
- CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)
- CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element)
For details, see the advisory:
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
Notice that SAE is not currently enabled in Buildroot, but the patches are
included here anyway for completeness.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security vulnerabilities:
- CVE-2019-9494 (cache attack against SAE)
For details, see the advisory:
https://w1.fi/security/2019-1/sae-side-channel-attacks.txt
- CVE-2019-9495 (cache attack against EAP-pwd)
For details, see the advisory:
https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt
- CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
For details, see the advisory:
https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt
- CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
- CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)
- CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element)
For details, see the advisory:
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
Notice that SAE is not currently enabled in Buildroot, but the patches are
included here anyway for completeness.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
http://autobuild.buildroot.net/results/6c9bb17920749409e5a0c3388ccda411c6c7cfb4/
tpm2-totp uses _DEFAULT_SOURCE to make the htobe64() macro available,
support for which was only added in glibc 2.20:
https://www.gnu.org/software/libc/manual/html_node/Feature-Test-Macros.html#index-_005fDEFAULT_005fSOURCE
>From glibc 2.20 NEWS:
* The _BSD_SOURCE and _SVID_SOURCE feature test macros are no longer
supported; they now act the same as _DEFAULT_SOURCE (but generate a
warning). Except for cases where _BSD_SOURCE enabled BSD interfaces that
conflicted with POSIX (support for which was removed in 2.19), the
interfaces those macros enabled remain available when compiling with
_GNU_SOURCE defined, with _DEFAULT_SOURCE defined, or without any feature
test macros defined.
This could be worked around by defining _BSD_SOURCE for this old toolchain
(cannot be done unconditionally as it generated warnings for modern glibc
versions), but given that platforms using this old toolchain are unlikely to
have a TPM 2.0 and use it for TOTP, simply blacklist it instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This test allow to check if the xserver with GLX is working properly.
This is a basic test but it allow to trigger the current bug reported
by [1].
To test if the glxinfo test is working, you can change "-display :0" by
"-display :1" in the glxinfo command line.
[1] https://bugs.buildroot.org/show_bug.cgi?id=11591
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Youssef Harmouch <youssef.harmouch@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libcap dependency has been added in version 1.16 with
009faa64b7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
pcre dependency has been added in version 1.18 and
ab3324be47
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also change the site location to the non-archived URL.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
