According to the Buildroot convention, 'depends on' attributes shall
come before 'select' ones in Kconfig files.
Detected by check-package.
Signed-off-by: Rodrigo Rebello <rprebello@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Security fix:
passdb/userdb dict: Don't double-expand %variables in keys. If dict
was used as the authentication passdb, using specially crafted
%variables in the username could be used to cause DoS (CVE-2017-2669)
Full ChangeLog 2.2.29 (including CVE fix):
https://www.dovecot.org/list/dovecot-news/2017-April/000341.html
Full ChangeLog 2.2.29.1 (some fixes forgotten in the 2.2.29 release):
https://www.dovecot.org/list/dovecot-news/2017-April/000344.html
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Support was added by this commit:
8bf3932539
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The host package will be needed by tvheadend.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas:
- group the host commands together and the target commands together
- use --prefix=$(HOST_DIR)/usr for host configuration, and do not
override PREFIX= at host install time
- use DESTDIR=$(TARGET_DIR) instead of overriding PREFIX= at target
install time.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Wolfgang Grandegger <wg@grandegger.com>
[Thomas: use SPDX license codes.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
A similar fix was committed to ffmpeg in the past:
https://git.buildroot.net/buildroot/commit/package/ffmpeg?id=bfb8df2ad9b164b421d25294c6882c8b61dc59a5
which will be reverted with another patch.
Mplayer contains ffmpeg 3.0, with current ffmpeg 3.2.4 the bug is gone,
the difference between both revisions is too big in order to find a
real fix for the problem.
Special cflags, added by
https://git.buildroot.net/buildroot/commit/package/multimedia/mplayer?id=fd38100e1189d19cad87a64c52df2c773eb47e40
are no longer needed now so remove them as well.
Testing these defconfigs did not produce compile errors with current
ffmpeg but with mplayer:
BR2_i386=y
BR2_x86_i586=y
BR2_GCC_VERSION_4_8_X=y
BR2_i386=y
BR2_x86_i586=y
BR2_GCC_VERSION_5_X=y
BR2_i386=y
BR2_x86_i586=y
BR2_GCC_VERSION_6_X=y
BR2_i386=y
BR2_x86_i486=y
BR2_GCC_VERSION_5_X=y
BR2_i386=y
BR2_x86_i686=y
BR2_GCC_VERSION_5_X=y
BR2_i386=y
BR2_x86_pentium_mmx=y
BR2_GCC_VERSION_5_X=y
BR2_i386=y
BR2_x86_corei7=y
BR2_GCC_VERSION_5_X=y
Fixes
http://autobuild.buildroot.net/results/030/03066dd8937ef4c75d62f237fd195df92b247ee2//
and many others.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This reverts commit bfb8df2ad9.
With current toolchains it was not possible to trigger the bug anymore.
Tested with these settings:
BR2_i386=y
BR2_x86_i586=y
BR2_GCC_VERSION_4_8_X=y
BR2_i386=y
BR2_x86_i586=y
BR2_GCC_VERSION_5_X=y
BR2_i386=y
BR2_x86_i586=y
BR2_GCC_VERSION_6_X=y
Other x86 variants also work:
BR2_i386=y
BR2_x86_i486=y
BR2_GCC_VERSION_5_X=y
BR2_i386=y
BR2_x86_i686=y
BR2_GCC_VERSION_5_X=y
BR2_i386=y
BR2_x86_pentium_mmx=y
BR2_GCC_VERSION_5_X=y
BR2_i386=y
BR2_x86_corei7=y
BR2_GCC_VERSION_5_X=y
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This python utility scans the logs for messages logged when the system
denied permission for operations, and generates a snippet of policy
rules which, if loaded into policy, might have allowed those operations
to succeed. However, this utility only generates Type Enforcement (TE)
allow rules.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas: adjust Config.in to propagate the dependencies of sepolgen,
checkpolicy and python3.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
libselinux currently does not compile its python wrapper module for
the target. This is needed for audit2allow to function properly, and
therefore this patch adjusts libselinux.mk to install the python
wrapper module is python or python3 are enabled.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas:
- Remove useless empty lines, as noted by Matt Weber
- Move code related to python bindings before builds/install
commands, since those commands will use variables defined by the
python bindings logic.
- Instead of enabling the python bindings when
BR2_PACKAGE_POLICYCOREUTILS_AUDIT2ALLOW is set, enable the python
bindings when python is available. We generally try to avoid
looking at options of other packages to decide what to install.
- Introduce LIBSELINUX_MAKE_TARGETS and
LIBSELINUX_MAKE_INSTALL_TARGETS variable, in order to avoid
duplicate the make/make install commands.
- As suggested by Matt Weber, remove LIBSELINUX_PYTHONLIBDIR
definitions, and don't pass PYLIBVER and PYTHONLIBDIR in MAKE_OPTS.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
checkpolicy is currently a host-only package, however it is a
dependency of audit2allow. This patch allows for checkpolicy to be
compiled for the target.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas:
- remove LIBSELINUX_INSTALL_STAGING = YES, doing it in
checkpolicy.mk is wrong, and libselinux is already installed to
staging
- add "select BR2_PACKAGE_LIBSELINUX" in Config.in, and propagate the
necessary dependencies
- add host-flex in dependencies, since it is also needed (in addition
to target flex).]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Sepolgen is currently a host-only package, however it is a dependency
of audit2allow. This patch allows for sepolgen to be compiled for the
target.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas:
- fix formatting of Config.in file
- add missing dependencies inherited from the fact that the package
selects python3.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
LICENSE file refers to Python license version 2. Use SPDX short
identifier for license string and add license file while at it.
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
LICENSE file refers to Python license version 2. Use SPDX short
identifier for license string while at it.
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
LICENSE file refers to Python license version 2. Use SPDX short
identifier for license string while at it.
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
LICENSE file contains MIT license text and README file clearly mentions
pyyaml is released under MIT license.
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When libnl is selected, libpcap links with it. Since libpcap doesn't
provide a .pc file and arp-scan doesn't use its libpcap-config script,
we must provide the additional options explicilty.
Fixes
http://autobuild.buildroot.net/results/c605c8cc36348f199a36e2652851b8d02ee222c0
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This allows the page at http://autobuild.buildroot.net/stats/ to show
how many warnings returned by check-package affect each package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Warn when help text is larger than 72 columns, see [1].
Warn for wrongly indented attributes, see [1].
Warn when the convention of attributes order is not followed, see [2].
[1] http://nightly.buildroot.org/#writing-rules-config-in
[2] http://nightly.buildroot.org/#_config_files
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Explicitly state that one tab counts for 8 columns in package
description, leaving 62 characters to the text itself.
Update the text and the example in the two places where the Config.in
format is described.
Also mention a newline is expected between the help text itself and the
upstream URL.
This blob can help developers to understand the expected formatting.
Also, it can be referenced by reviewers.
http://patchwork.ozlabs.org/patch/611289/http://patchwork.ozlabs.org/patch/606866/http://patchwork.ozlabs.org/patch/459960/
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Check each hash entry (see [1]) and warn when:
- it does not have three fields;
- its type is unknown;
- its length does not match its type;
- the name of the file contains a directory component.
[1] http://nightly.buildroot.org/#adding-packages-hash
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Create 3 new check functions to warn when:
- there are consecutive empty lines in the file, see [1];
- the last line of the file is empty, see [2];
- there are lines with trailing whitespace, see [3].
Apply these functions to Config.*, *.mk and *.hash, but not for *.patch
files since they can contain any of these and still be valid.
[1] http://patchwork.ozlabs.org/patch/682660/
[2] http://patchwork.ozlabs.org/patch/643288/
[3] http://patchwork.ozlabs.org/patch/398984/
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Create the infra to check the style of new packages before submitting.
The overall function of the script is described inside a txt file.
It is designed to process the actual files and NOT the patch files
generated by git format-patch.
Also add the first check function, to warn if a file (Config.*, *.mk,
*.hash, *.patch) has no newline at the last line of the file, see [1].
Basic usage for simple packages:
support/scripts/check-package -vvv package/newpackage/*
Basic usage for packages with subdirs:
support/scripts/check-package -vvv $(find package/newpackage/ -type f)
See "checkpackage" in [2].
[1] http://patchwork.ozlabs.org/patch/631129/
[2] http://elinux.org/Buildroot#Todo_list
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Until now, the host toolchain was used to build syslinux, as it was
not possible to build a 32-bit syslinux with a x86-64 toolchain.
However, syslinux requires gnu-efi, and gnu-efi is built using the
target toolchain. Mixing different toolchains doesn't work well, so
this commit changes the syslinux package to use the target toolchain
for syslinux as well. This is made possible by patches
0003-Fix-ldlinux.elf-Not-enough-room-for-program-headers-.patch and
0004-memdisk-Force-ld-output-format-to-32-bits.patch.
Since syslinux also contains some utilities that have to run on the
host, those have to continue being built with the host toolchain,
which requires patch 0005-utils-Use-the-host-toolchain-to-build.patch.
Patch 0006-lzo-Use-the-host-toolchain-for-prepcore.patch is about
building prepcore, another utility with the host toolchain as it is
required at build-time.
This was tested using a Buildroot's built x86_64 toolchain, and
checked that the output binaries are 32-bits. It was tested as well if
they actually boot on hardware.
Signed-off-by: Benoît Allard <benoit.allard@greenbone.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In commit c6bca8cef0, the
auto-calculation logic of the ext4 filesystem size was removed. The
default size of 60MB is too small for the beaglebone_qt5_defconfig,
should it should be increased.
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Suggested-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The patch 0001-include-linux-nfs.h-directly-in-rpc_sub.patch was Git
formatted, except that a Upstream status statement was added above the
patch, which makes it unapplicable by "git am". So fix this by putting
the Upstream status statement where it should be.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
According to PEP 370 Python will also search for the packages in the
user site-packages directory. This can affect build reproducibility.
The solution is to use PYTHONNOUSERSITE=1 for all Python packages,
i.e. both host and target variants.
Fixes bug #9791.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We need to avoid failing of copy of custom dts using cp -f <>
command. So, just qstrip the variable as is done for other
configuration options.
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Tested-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>