Now that the pre-fs ones are run on a transient copy of target/, the
post-fs hooks are no longer needed because we no longer need to restore
the target/ directory as it is only a internal copy.
Remove support for the post-fs hooks, and update the sole package using
them.
We do not add a legacy check because this was mostly a purely-internal
detail that was never really exposed nor documented.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Like we do for packages with the PKG variable, set ROOTFS to contain the
upper-case name of the rootfs currently being generated.
This will be useful in later patches, when we need more per-rootfs
variables, like a per-rootfs TARGET_DIR for example.
In Makefiles, per-rule variables trickle down the dependency chain, to
all dependencies of that rule, so we have to stop ROOTFS as soon as
we're not in a rootfs. This means we have to stop it at target-finalize
(which is a dependency of all filesystems), and for each package
individually, since some packages (host or target) can be direct
dependencies of filesystems as well.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[Thomas:
- adapt to the changes in the golang-package infrastructure
- keep the logic to support BR2_PACKAGE_DOCKER_ENGINE_STATIC_CLIENT]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch adds a new infrastructure for golang based packages.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Arnout:
- Rewrap comments to 80 columns.
- Create a global definition of GO_TARGET_ENV.
- <PKG>_GO_ENV is appended to the default env instead of replacing it.
- Add a note to inner-golang-package that only target is supported.
]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The DOCKER_CONTAINERD_CONFIGURE_CMDS creates a symlink to runc's
source directory, but it does not build depend on runc, which means
that the runc package may not have been extracted/built before
docker-containerd.
Therefore, when doing a build with "make docker-containerd", this
symbolic link is broken, but it doesn't prevent docker-containerd from
building.
Therefore, this symlink is not necessary and can be dropped.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
License info from PyPI is wrong: it is LGPL-2.1+, not GPL-2.0. The
package includes a COPYING file with GPL-2.0, but since it is really
LGPL-2.1+ only the COPYING.LESSER file is relevant.
Signed-off-by: Jaap Crezee <jaap@jcz.nl>
[Arnout: regenerate with scanpypi, fix legal info]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issues:
- Fix for inspector DNS rebinding vulnerability (CVE-2018-7160): A malicious
website could use a DNS rebinding attack to trick a web browser to bypass
same-origin-policy checks and allow HTTP connections to localhost or to
hosts on the local network, potentially to an open inspector port as a
debugger, therefore gaining full code execution access. The inspector now
only allows connections that have a browser Host value of localhost or
localhost6.
- Fix for 'path' module regular expression denial of service
(CVE-2018-7158): A regular expression used for parsing POSIX paths could
be used to cause a denial of service if an attacker were able to have a
specially crafted path string passed through one of the impacted 'path'
module functions.
- Reject spaces in HTTP Content-Length header values (CVE-2018-7159): The
Node.js HTTP parser allowed for spaces inside Content-Length header
values. Such values now lead to rejected connections in the same way as
non-numeric values.
While we are at it, also add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Back in 2013, zsh was added to Buildroot [1] with the dependency on
BR2_PACKAGE_BUSYBOX_SHOW_OTHERS. This dependency was keept with the
refactoring [2].
But Busybox doesn't provide a zsh shell in the firt place.
This dependency can be removed.
[1] 3d19b7ef59
[2] 1dbd7b9910
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Phil Eichinger <phil.eichinger@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: André Hentschel <nerv@dawncrow.de>
[Thomas:
- remove LIBKRB5_VERSION_MAJOR
- minor tweaks to commit title and Config.in help text]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We need ":0.0 vt01" to make sure Xorg finds the correct terminal.
Quoting https://www.x.org/archive/X11R6.8.0/doc/Xorg.1.html
-allowMouseOpenFail
Allow the server to start up even if the mouse device can't be
opened or initialised.
We need this option in case BR2_PACKAGE_XDRIVER_XF86_INPUT_MOUSE was
not enabled.
-noreset
prevents a server reset when the last client connection is closed.
We need this option to prevent auto-close of Xorg.
Tested with a qemu image and Kodi.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Arnout: copy an abbreviate version of the explanation above to the
script.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Commit 4cd1ab158 (core: alternate solution to disable C++) made use of a
non-existent 'no' binary when C++ is not available in the toolchain.
However, some packages, like jimtcl as bundled in opeocd, really want to
find the binary that $CXX contains.
Revert openocd to use 'false' instead of 'no'.
Fixes:
http://autobuild.buildroot.org/results/cbd/cbd5ab97fb0659968ff628461130627cf1745955/
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 4cd1ab158 (core: alternate solution to disable C++) made use of a
non-existent 'no' binary when C++ is not available in the toolchain.
However, some packages, like jimtcl, really want to find the binary that
$CXX contains.
Revert jimtcl to use 'false' instead of 'no'.
Fixes:
http://autobuild.buildroot.org/results/54f/54f3df03551fbdf293d33dc1e3f08005faa15321/
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since version 0.28 ncmpc only supports the meson build.
Therefore, adapt to package infrastructure according to the user manual.
Add a hash for the license file.
Add a nmpc entry for myself in DEVELOPERS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
zstd is dual licensed under BSD-3-Clause or GPL-2.0 as per README.md
and source files license header.
Cc: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As per COPYING file, opusinfo is licensed under GPL version 2.
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some packages that use libtool really need some love to be able to
disable C++ support.
This is because libtool will want to call AC_PROG_CXXCPP as soon as CXX
is set non-empty to something different from 'no'. Then, AC_PROG_CXXCPP
will want a C++ preprocessor that works on valid input *and* fail on
invalid input.
So, providing 'false' as the C++ compiler will then require that we do
have a working C++ preprocessor. Which is totally counter-productive
since we do not have a C++ compiler to start with...
bd39d11d2e (core/infra: fix build on toolchain without C++) was a
previous attempt at fixing this, by using the host's C++ preprocessor.
However, that is very incorrect (that's my code, I can say so!) because
the set of defines will most probably be different for the host and the
target, thus causing all sorts of trouble. For example, on ARM we'd have
to include different headers for soft-float vs hard-float, which is
decided based on a macro, which is not defined for x86, and thus may
redirect to the wrong (and missing) header.
Instead, we notice that libtool uses the magic value 'no' to decide that
a C++ compiler is not available, in which case it skips the call to
AC_PROG_CXXCPP.
Given that 'no' is not provided by any package in Debian and
derivatives, as well as in Fedora, we can assume that no system will
have an executable called 'no'. Hence, we use that as a magic value to
disable C++ detection altogether.
Fixes: #10846 (again)
Reported-by: Damien Riegel <damien.riegel@savoirfairelinux.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Damien Riegel <damien.riegel@savoirfairelinux.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop 0003-tar-unzip-postpone-creation-of-symlinks-with-suspici.patch now upstream.
>From the release notes:
Bug fix release. 1.28.2 has fixes for tcpsvd (fixed fallout from
opt_complementary removal), udhcpd (do not ignore SIGTERM), tar and unzip
(reverted to previous, more permissive symlink handling), ssl_client (fixed
option parsing).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
Constructed ASN.1 types with a recursive definition could exceed the stack
(CVE-2018-0739)
Constructed ASN.1 types with a recursive definition (such as can be found in
PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. This could result in a Denial Of Service attack.
There are no such structures used within SSL/TLS that come from untrusted
sources so this is considered safe.
Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is
effectively reduced to only comparing the least significant bit of each
byte. This allows an attacker to forge messages that would be considered as
authenticated in an amount of tries lower than that guaranteed by the
security claims of the scheme. The module can only be compiled by the HP-UX
assembler, so that only HP-UX PA-RISC targets are affected.
rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
This issue has been reported in a previous OpenSSL security advisory and a
fix was provided for OpenSSL 1.0.2. Due to the low severity no fix was
released at that time for OpenSSL 1.1.0. The fix is now available in
OpenSSL 1.1.0h.
There is an overflow bug in the AVX2 Montgomery multiplication procedure
used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
Analysis suggests that attacks against RSA and DSA as a result of this
defect would be very difficult to perform and are not believed likely.
Attacks against DH1024 are considered just feasible, because most of the
work necessary to deduce information about a private key may be performed
offline. The amount of resources required for such an attack would be
significant. However, for an attack on TLS to be meaningful, the server
would have to share the DH1024 private key among multiple clients, which is
no longer an option since CVE-2016-0701.
This only affects processors that support the AVX2 but not ADX extensions
like Intel Haswell (4th generation).
For more details, see https://www.openssl.org/news/secadv/20180327.txt
The copyright year changed in LICENSE, so adjust the hash to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the release notes (https://lwn.net/Articles/750103/):
E2fsprogs 1.44.0 introduced a regression introduced which caused e2fsck
to fail to support HTree directories on big-endian systems. Fix how we
read block numbers for internal htree nodes.
Removed a potential memory leak from fsck.
E2image now correctly creates e2image files for bigalloc file systems.
Dumpe2fs and debugfs now correctly support e2image files for file
systems that have the meta_bg option enabled.
E2fsck and debugfs now correctly handle delete inodes (including
processing the orphaned inode list in the case of e2fsck) for bigalloc
file systems. (Addresses Google Bug: #73795618)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/f1c6494133806b9fc26ae3ce9e9c6a22fa2eda6f/
Commit 6205b75873 (sngrep: gnutls support also needs libgcrypt) ensured
that --with-gnutls is only used when both gnutls and libgcrypt are enabled,
but it didn't ensure libgcrypt gets built before sngrep or told the
configure script where to find libgcrypt-config, breaking the build.
Fix both issues.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Enable static build. gawk builds statically just fine. The shared
library check has been removed in 4.1.1.
Remove the symlink force hunk from the no-versioned patch. The only user
of LN is in the part that this patch disables.
Add license file hash.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix seed variable name for the wait3 system call AC_TRY_RUN test.
Remove manual installation; not needed anymore.
Cc: Will Newton <will.newton@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
