This is a minor release which provides fixes for CVE-2020-11793,
CVE-2020-3887, CVE-2020-3894, and CVE-2020-3899.
Updating from 2.28.0 also brings a few rendering fixes, a build fix
on MIPS64, a build fix for GStreamer 1.12, and solves a couple of
crashes. The full release notes covering 2.28.1 and 2.28.2 can be
found at:
https://wpewebkit.org/release/wpewebkit-2.28.1.htmlhttps://wpewebkit.org/release/wpewebkit-2.28.2.html
A detailed security advisory can be found at:
https://wpewebkit.org/security/WSA-2020-0004.html
Note that the above does not cover all the CVEs, and a new advisory
including them is expected to be published in the next days.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cage is a "kiosk" Wayland compositor, which shows a single maximized
application at a time and limits user interaction to that application.
https://www.hjdskes.nl/projects/cage/
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This reverts commit ed28a698e3
which I applied locally fo testing, but forgot to reset before
continuing to work on other patches...
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The Qemu version present in readme.txt files was needed when
the Buildroot's Qemu defconfig was tested manually using the
qemu-system-<arch> binary already present on the host.
This information is now incorrect since we are using host-qemu
package, currently at 4.2.0 version, to do a runtime test since
0c79350638.
For m68k-q800, we can use the upstream qemu since 4.2.0 release
[1].
So, remove this line from the readme.txt.
[1] https://www.qemu.org/2019/12/13/qemu-4-2-0/
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
ualpn with mbedtls requires the activation of
MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION on mbedtls which can
be a security risk.
So let the user explicitly choose the crypto library by copy/pasting
behavior of libssh and don't allow the user to select mbedtls with ualpn
Fixes:
- http://autobuild.buildroot.org/results/5d42189299549cd655218e9e7cfcfa63e79f74ec
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
mesa3d-headers is a little bit special: it uses the same sources as
the mesa3d package, named just 'mesa' upstream. mesa uses the meson
buildsystem, an that is what we use in the mesa3d package.
However, mesa3d-headers does not install the whole of mesa; it only
installs a select set of headers for those binary blobs that do not
provide them.
mesa does not provide such a feature (only installing headers) with
its meson buildsystem. As a consequence, we've made mesa3d-headers a
generic package, that basically only copies headers over.
Additionally, mesa3d-headers also provides the dri.pc file for when
Xorg is enabled; see 7468b60e7c (package/mesa3d-headers: also install
dri header and .pc file).
We used to manually generate that file from a .in template that was
present in mesa source code at the time it was still using autotools.
But when they switched over to using meson, the template was dropped
[0], and the dri.pc is now entirely generated using meson internals
[1].
So we now have no template present in the source code, so we must
come up with our own. This simplifies the replacement pattern to
just inject the version string.
[0] https://cgit.freedesktop.org/mesa/mesa/commit/?id=158758618264eac113025a86a360dc305ed4498b
[1] https://cgit.freedesktop.org/mesa/mesa/tree/src/mesa/drivers/dri/meson.build?h=19.2#n93
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Tested-by: Vincent Fazio <vfazio@xes-inc.com>
[yann.morin.1998@free.fr:
- entirely rework the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
wlroots is a modular library which provides building blocks to
implement Wayland compositors. wlroots is a dependency of the
Cage Wayland compositor.
https://github.com/swaywm/wlroots/
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
musl libc uses ELFv2 by default for all PPC64 targets.
Now, OpenSSL libraries built with musl targeting PPC64BE should build
and function as expected.
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
update to add mod_sftp_sql for proftpd as a build option
http://www.proftpd.org/docs/contrib/mod_sftp_sql.html
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove 0002-fix-iconv.patch as this has been fixed as part of bug
56178 which is a part of the 1.5.6 release.
http://savannah.nongnu.org/bugs/?56178
Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Linux version are changed to the new LTS kernel 5.4.35 for all qemu
defconfigs, except for riscv and csky. Thoses defconfigs are left
unchanged because they require either a custom Linux repository
or a specific kernel header version causing some difficulties when
upgrading to 5.4.35.
Update the nios2-10m50 linux.fragment to update the .dtb build directory
due to a change in kernel 4.20 [1]:
nios2: build .dtb files in dts directory
Align nios2 with other architectures which build the dtb files in the
same directory as the dts files. This is also in line with most other
build targets which are located in the same directory as the source.
This move will help enable the 'dtbs' target which builds all the dtbs
regardless of kernel config.
This transition could break some scripts if they expect dtb files in
the old location.
For x86 and x86_64 kernel, add the CONFIG_PCI symbol due a change in kernel
5.0 [2]. The option was previously enabled by default (default y).
PCI: consolidate PCI config entry in drivers/pci
There is no good reason to duplicate the PCI menu in every architecture.
Instead provide a selectable HAVE_PCI symbol that indicates availability
of PCI support, and a FORCE_PCI symbol to for PCI on and the handle the
rest in drivers/pci.
Update the kernel of ppc-mac99 defconfig added in Buildroot 2019.08.
This version bump was tested on gitlab [4] using the newly introduced
boot-qemu-image.py script [5].
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=118864869805123bf82d666062542440a0fda5dd
[2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=eb01d42a77785ff96b6e66a2a2e7027fc6d78e4a
[3] a8fac3fcfc
[4] https://gitlab.com/kubu93/buildroot/pipelines/139819874
[5] 0c79350638
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Convert the patch for microblaze kernel added for kernel 3.14 by
Waldemar to git format.
Note: the Waldemar Sob line is missing in the original patch:
fa27985483
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
paho-mqtt-c by default enables the building of test materials and
install of CPack documentation:
PAHO_ENABLE_TESTING - "Build tests and run"
PAHO_ENABLE_CPACK - "Enable CPack"
Let's disable these to save a couple megabytes and time. This is
in keeping with the generic settings in pkg-cmake.mk.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch had been merged by upstream but appears to have been
accidentially overwritten with a force push. Let's add back the
rebased version until fixed by upstream.
Fixes:
http://autobuild.buildroot.net/results/667/667409f1d44a3f9be43aaff3f9a3426fe1386de2/build-end.log
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Force Release otherwise libraries will be suffixed by _debug which will raise
unexpected build failures with packages that use gflags (e.g. rocksdb)
Fixes:
- http://autobuild.buildroot.org/results/3545774258babc3584f69e7d523efdf7fff1acb5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When 4bcc344464 was applied, it was not
noticed that 96dc6701af (from another
contributor) had already been
applied. 4bcc344464 essentially did the
same thing as 96dc6701af, except it also
disable zstd support explicitly in the host-libarchive package.
Let's drop the part of 4bcc344464 that
duplicates 96dc6701af.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
zstd is available since version 3.3.3 and
26838cf5c1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
lz4 is available since version 3.2.0 and
724f3f918e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libiio-sharp.dll.mdb is not installed since version 0.19.0 and
8b571969fa
Indeed, EXISTS "${LIBIIO_CS_DLL}.mdb" will always return false because
the file will not exist when cmake will create the makefiles.
Fixes:
- http://autobuild.buildroot.org/results/42ffbd07d0e998c75d1afde6a5db7d6418c10f45
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The CMakeLists.txt contains:
if(CPPREST_EXCLUDE_COMPRESSION)
if(NOT CPPREST_EXCLUDE_BROTLI)
message(FATAL_ERROR "Use of Brotli requires compression to be enabled")
endif()
libcpprestsdk requires openssl, so if the libopenssl provider is
chosen, it anyway pulls in zlib. But if libressl is used as a
provider, it doesn't pull in zlib, and building libcpprestsdk becomes
possible without zlib thanks to this patch.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Convert the hash file to using the two space format for hashes. The
has for the LICENSE file has been updated since version 6.0.4 now
includes DOS line endings (\r\n).
Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some people want to be able to inspect the current state of the build,
and report information about it, like:
- report the number of packages already built out of the total,
- list the packages being actually built (e.g. for TLPB)
- etc...
However, the location where a package is built is inherently an internal
detail, so expose that to the user in the output of show-info. We only
expose the location relative to the base directory (basically, either
output/ or the user-suppiled $(O)), so that show-info does not contain
local information (the output of show-info can be shared).
Interested parties will be able to poke in there to identify the stamp
files and deduce the package's state.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Vadim Kochan <vadim4j@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: eeppeliteloop@gmail.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Although most virtual packages do not install anything, some of them
do. For example, the virtual package 'toolchain' does tweak the musl
headers during a post staging hook.
So, it makes sense for "show-info" to report if a virtual package has
its target, staging and/or image installation steps enabled or not.
This commit changes show-info to report the type of install steps for
virtual packages too, which means for all packages.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Vadim Kochan <vadim4j@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: eeppeliteloop@gmail.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
By their very nature, host packages have no target, staging, or images
install steps; they have a single install step, that is always
performed.
As such, setting the corresponding _INSTALL_{TARGET,STAGING,IMAGES}
variables does not make sense for host packages.
However, people (and scripts) may get confused when they process the
output of printvars, e.g.:
$ make printvars VARS=HOST_LIBTOOL_INSTALL_TARGET
HOST_LIBTOOL_INSTALL_TARGET=YES
Only set those variables for target packages. There is no
corresponding variable for host packages, as they are always installed
(and only once).
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Vadim Kochan <vadim4j@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: eeppeliteloop@gmail.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
By their very nature, host packages have no target, staging, or
images install steps; they have a single install step, that is
always performed.
However, we currently report those three types of install, which
is misleading at best, and really incorrect.
If we were to report any install type for host package, that would
be a single one, and it would always be true.
So, do not report any install type for host packages, as it does
not make sense to report anything that is always true.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Vadim Kochan <vadim4j@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: eeppeliteloop@gmail.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
diff LICENSE:
-This software is Copyright (c) 2019 by mst - Matt S. Trout (cpan:MSTROUT) <mst@shadowcat.co.uk>.
+This software is Copyright (c) 2020 by mst - Matt S. Trout (cpan:MSTROUT) <mst@shadowcat.co.uk>.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When booting with 'console=<empty>' in the kernel command line (as e.g.
U-Boot does with silent flags in effect), opening /dev/console fails.
As per POSIX [0], when iany redirection fails, the shell running exec
shal exit in error. So, when 'console=<empty>' is specified.
/dev/console can't be opened, and the redirection fails, and /init is
killed.
That behaviour was fixed on the kernel side with commit 2bd3a997befc2
(Open /dev/console from rootfs), present since 2.6.34, released in May
2010, so any [dr]ecent kernel will have that fix.
Furthermore, busybox will fix things up anyway (in bb_sanitize_stdio()),
falling back to opening /dev/null if no console is availble. systemd
does a similar thing (in make_console_stdio()), and sysvinit again has
a similar approach (in console_init()).
The archealogy search turned up those relevant commits:
2011-08-04 10a130f91e initramfs/init: make sure that 0, 1, 2 fds are available
introduces the three exec redirections in initramfs
2011-09-06 3fac21ef8d cpio: fix boot with dynamic /dev
introduces the three exec redirections in cpio
2011-09-06 13a3afc536 fs/initramfs: refactor with fs/cpio
dropped the initramfs tweaks to reuse the cpio ones
2012-11-04 e1ebae700a fs/common: Create initial console device
introduces the /dev/console char,5,1 pseudo device creation in
cpio
2018-03-31 dec061adce fs/cpio: don't extend packages' permissions table
switched from the permission-table to a manual mknod to create
/dev/console
The redirections were added before we could guarantee there was a
/dev/console in the rootfs.
We're now guaranteed to have /dev/console in an initramfs, and any recent
kernel will automatically open /dev/console before spawning /init.
The three redirections are useless now, and cause harm under certain
conditions. Drop them.
[0] https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_20_01
Signed-off-by: Timo Ketola <timo.ketola@exertus.fi>
Cc: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr:
- extend commit log with the analysis done with Peter
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The reason why the external wireguard kernel module is not allowed with
kernel headers >= 5.6 is that wireguard is included in the upstream kernel
since 5.6 rather than some kind of (fixable) incompatibility issue. Adjust
the comment to make that clear.
While we're at it, drop the redundant !5.6 dependency on the kernel headers
dependency comment. If headers are older than 3.10, then they are also
older than 5.6, so the statement is redundant.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop !BR2_PACKAGE_PYTHON3 dependency as SConstruct requires
host-python3 since version 4.1.10 and:
8dd6d47557
- host-python-psutil is needed since 4.1.8 and
ff03811e31
- Drop unneeded host-python-typing dependency
- C++17 and so gcc 7 is required since 4.1.8 and
01d84b2565
- Set --disable-minimum-compiler-version-enforcement as mongodb enforces
gcc >= 8.2 since verson 4.1.8 and
9ac90b128e
- Explictly disable ssl if needed as ssl is enabled by default
- Add host-python-cheetah dependency if needed
- Manage new http-client option added in version 4.1.2 and
4d7dcca91b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Titouan: Fix patch conflicts with master]
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Needed to build mongodb.
With this host variant there is no need to enforce host
python in the original package.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
