In preparation for the addition of more patches to the syslinux
package, reformat the two existing patches as proper Git formatted
patches.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 34da6a65ad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
According to PEP 370 Python will also search for the packages in the
user site-packages directory. This can affect build reproducibility.
The solution is to use PYTHONNOUSERSITE=1 for all Python packages,
i.e. both host and target variants.
Fixes bug #9791.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f5da1951ad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
License.html now just contains the string:
The ICU license is now in plain text format, see <a href="./LICENSE">LICENSE</a>.
Update links and software appropriately.
So refer directly to that file instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d2ea2479e5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
LICENSE.TXT gives an overview and explains in detail that freetype is dual
licensed under the FTL and GPLv2+, so also include it in the license files.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 2843b970e7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In 2010 commit 32d319e6f "gst-plugins-base: ensure <stdint.h> is used"
introduced a typo (missing backslash) that made the code ineffective.
In 2013 commit f8e7fdcd3 "gst1-plugins-base: add gstreamer1 base
plugins" copied the code.
It can be confirmed by looking at the output of:
$ make printvars | grep '^GST1_PLUGINS_BASE_CONF_ENV\|^FT2_CONFIG'
FT2_CONFIG=/bin/false ac_cv_header_stdint_t="stdint.h"
GST1_PLUGINS_BASE_CONF_ENV=
Direct use of freetype was dropped in version 1.7.2 by upstream [1], so
remove the code instead of fixing it.
Found using [2]:
check-package --include-only Indent $(find * -type f)
and manually removed.
[1] https://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=183610c035dd6955c9b3540b940aec50474af031
[2] http://patchwork.ozlabs.org/patch/729669/
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 80e2a54658)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Our patch adding nios2 support to libnspr uses the built-in compiler
define "nios2". However, this doesn't work with C++11, where only the
__nios2__ define is available. Since __nios2__ is always available,
use that instead:
$ ./output/host/usr/bin/nios2-linux-gcc -dM -E - < /dev/null | grep -E "( nios2 | __nios2__ )"
$ ./output/host/usr/bin/nios2-linux-gcc -std=c++11 -x c++ -dM -E - < /dev/null | grep -E "( nios2 | __nios2__ )"
Patch 0001-nios2.patch is therefore changed to use __nios2__ (the rest
of the change noise is due to using quilt to format the patch). Patch
0002-microblaze.patch is simply updated to apply correctly on top of
the modified 0001-nios2.patch.
This fixes the build of the poppler library on nios2. It is built with
-std=c++11, and includes nspr headers (through nss), causing a build
issue.
Fixes:
http://autobuild.buildroot.net/results/9fee58076157d814616fa0da51afde8da21a8973/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 9a521546ed)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Due to a mistake, the Microblaze patch was adding another #elif
defined(nios2), which doesn't make any sense. This commit gets rid of
it.
The rest of the noise in the change is due to the use of quilt to
generate the patches.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7039c4d456)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With the bump to version 2.6, the following commit needs
to be taken into consideration for overloading paths.
8162f10e67
The PYLIBVER is no longer used and the PYTHONLIBDIR is
renamed to PYSITEDIR with slightly different pathing.
More details can be found in the issue ticket which was
marked as a non-issue after analysis that a Buildroot fix
was the resolution.
https://github.com/SELinuxProject/selinux/issues/51
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6a6ce10eba)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The libav version built into the gst-ffmpeg code produces a bogus
binary on SPARC, which causes the following error of the
check-bin-arch script:
ERROR: architecture for ./usr/lib/gstreamer-0.10/libgstffmpeg.so is Sparc v8+, should be Sparc
ERROR: architecture for ./usr/lib/gstreamer-0.10/libgstpostproc.so is Sparc v8+, should be Sparc
ERROR: architecture for ./usr/lib/gstreamer-0.10/libgstffmpegscale.so is Sparc v8+, should be Sparc
The problem is the following bit of code in
gst-lib/ext/libav/configure:
elif enabled sparc; then
enabled vis && check_asm vis '"pdist %f0, %f0, %f0"' -mcpu=ultrasparc &&
add_cflags -mcpu=ultrasparc -mtune=ultrasparc
I.e, it checks if the architecture supports the pdist
instruction... but forces -mcpu to ultrasparc while doing so. So it's
like "let's see if this Ultrasparc instruction exists when I force the
compiler to think I'm using Ultrasparc", which is non-sensical. This
has been fixed later on in libav upstream:
https://git.libav.org/?p=libav.git;a=commit;h=6aa93689abe8c095cec9fa828c2dee3131008995
However, this commit cannot be backported as-is since the shell
function check_inline_asm did not exist in the old libav version
bundled in gst-ffmpeg.
Therefore, we take the simpler route of disabling the VIS
optimizations on SPARCv8 and Leon3.
Fixes:
http://autobuild.buildroot.net/results/e82d179c3d4f92ad7423693a4b1d42379a3f5411/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d2b73875c3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Has been tested with: "./support/scripts/test-pkg -c tyrian.cfg -p opentyrian"
Fixes: http://autobuild.buildroot.net/results/0e2345db82b33f591958fc0f72ad914adafe0522
and some similar previous build failure.
Thanks Thomas for the tip ;-).
Signed-off-by: Julien BOIBESSOT <julien.boibessot@armadeus.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit dd99f2cb7d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Without pkg-config PKG_CHECK_MODULES won't be expanded
and ./configure script produces following error message:
./configure: line 12237: syntax error near unexpected token `PYTHON,'
./configure: line 12237: ` PKG_CHECK_MODULES(PYTHON, python-"$PYTHON_VERSION")'
Fixes:
http://autobuild.buildroot.net/results/86e/86e04bd2b10527130306451e56a7693ed4b4befd
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8975e9f2c7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Take Debian adapted patches of upstream.
Fixes:
CVE-2017-6004: crafted regular expression may cause denial of service
CVE-2017-7186: invalid Unicode property lookup may cause denial of service
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3143910eec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The BR2_SYSTEM_BIN_SH hidden option defines to what binary the /bin/sh
symlinks should point to. If busybox is chosen, then /bin/sh is created
to point to /bin/busybox.
This works fine with the default installation mode of Busybox, but it
fails with the upcoming "individual binaries" mode, in which each applet
is installed as its own binary, and /bin/busybox doesn't exist: we get
/bin/sh as a broken symlink to /bin/busybox.
Since Busybox already installs its own /bin/sh symlink, properly
pointing to /bin/ash or /bin/hush depending on the selected shell, it
doesn't make sense for the BR2_SYSTEM_BIN_SH logic to override
this. Just let Busybox install its own /bin/sh by making
BR2_SYSTEM_BIN_SH empty when Busybox shell is selected as /bin/sh.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit fc91501e6b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Package version of syslog-ng is 3.9.1.
Bumping version number in syslog-ng.conf to 3.9
Fixing warning message about configuration file being too old.
Signed-off-by: Pawel Sikora <sikor6@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3dad25466d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-2619:
All versions of Samba prior to 4.6.1, 4.5.7, 4.4.11 are vulnerable to
a malicious client using a symlink race to allow access to areas of
the server file system not exported under the share definition.
Samba uses the realpath() system call to ensure when a client requests
access to a pathname that it is under the exported share path on the
server file system.
Clients that have write access to the exported part of the file system
via SMB1 unix extensions or NFS to create symlinks can race the server
by renaming a realpath() checked path and then creating a symlink. If
the client wins the race it can cause the server to access the new
symlink target after the exported share path check has been done. This
new symlink target can point to anywhere on the server file system.
This is a difficult race to win, but theoretically possible. Note that
the proof of concept code supplied wins the race reliably only when
the server is slowed down using the strace utility running on the
server. Exploitation of this bug has not been seen in the wild.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 493cedf3af)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Unextected error in the br2-external script are properly caught, but
they are not reported properly, and we end up in either of two
situations:
- the .br2-external.mk file is not generated, in which case make will
try to find a rule to generate it (because the 'include' directive
tries to generate missing files);
- the .br-external.mk file is generated but does not contain the error
variable, and thus the build might not get interrupted.
We fix that by using a trap on the pseudo ERR signal, to emit the error
variable on unexpected errors.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c5fa9308ea)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
taglib is dual licensed under LGPLv2.1 or MPLv1.1. Almost all source
files have license text mentioning LGPLv2.1 or alternatively MPLv1.1.
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
[Thomas: use MPL-1.1 instead of MPLv1.1, since MPL-1.1 is the SPDX
license code for this license.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f30a3940c8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In absence of license file, use source file as a license file since it
has license header in comments.
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 50284570fb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
dbus glib bindings are dual licensed under AFLv2.1 or GPLv2+.
Separate licenses using 'or' keyword.
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f70f0b497f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The ncurses config script can have different names depending on the
configuration (e.g. wchar support enabled/disabled). So, use
$(NCURSES_CONFIG_SCRIPTS) from the ncurses package as it contains the
proper name.
Signed-off-by: Rodrigo Rebello <rprebello@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8cd1554ee1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mdev does not set "/dev/snd" and "/dev/input" group and permission
propery, because with commit c3cf1e30a3022453311a7e9fe11d94c7a381640e
(May 2013!) the behavior of mdev has changed.
The device name is now taken directly from the uevent file and does no
longer match the old rule.
Fix the rules for "/dev/snd" and "/dev/input" according to the example
given in [1].
[1] http://lists.busybox.net/pipermail/busybox/2015-February/082297.html
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit afb585468b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
upmpdcli runs as user and group upmpdcli. In order to allow it to access
the ALSA devices add it to the audio group.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ab9842e360)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When squashfs was bumped to 3de1687d in commit ee90313c64, the hash
file was not updated. This wasn't noticed before since hashes are not
checked for git downloads.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 85c832247e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When linux-firmware was bumped to 6d3bc8886 in commit 3ff5896ff, a hash
file was added but the hash was wrong. This wasn't noticed before since
hashes are not checked for git downloads.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0409b13698)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It had sha256sum instead of sha256. This wasn't noticed before since
hashes for git downloads are not checked.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ba717fde72)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On most distros, the tar format defaults to GNU. However, at build time
the default format may be changed to posix. Also, future versions of
tar will default to posix.
Since we want the tarballs created by the git download method to be
reproducible (so their hash can be checked), we should explicitly
specify the format. Since existing tarballs on sources.buildroot.org
use the GNU format, and also the existing hashes in the *.hash files
are based on GNU format tarballs, we use the GNU format.
In addition, the Posix format encodes atime and ctime as well as mtime,
but tar offers no option like --mtime to override them. In the GNU
format, atime and ctime are only encoded if the --incremental option is
given.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0f369a9231)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pkgutil.py is also part of Python itself. Placing pkgutil.py as is
in a folder with other scripts that require original pkgutil will
break them. This is the case with scanpypi. So rename pkgutil.py
to brpkgutil.py to avoid naming collision.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=9766
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3b627c89dc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The Open POSIX testsuite builds and installs to the target directory a
program called 't0' that isn't cross-compiled, which is bad.
Since the LTP build system is autoconf but not automake based, and the
Open POSIX testsuite is a sort of sub-project inside it, fixing the
issue is not trivial.
Therefore, we simply disable the Open POSIX testsuite entirely. Oddly
enough, --without-open-posix-testsuite doesn't work due to another bug,
so we simply have to remove --with-open-posix-testsuite.
Open POSIX testsuite cross-compilation issue reported at
https://github.com/linux-test-project/ltp/issues/144.
Configure script bug reported at
https://github.com/linux-test-project/ltp/issues/143.
Fixes:
http://autobuild.buildroot.net/results/8326ba9eb257dfc92c1ad282ba6d3565e8250def/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b57e1355a7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
dbus-cpp has an ugly hack to not cross-build the tools when it detects
cross-compilation.
However, we already have a host variant that builds those tools (and we
anyway don't seem to need them to begin with).
Drop our patch that propagates the CXXFLAGS/LDFLAGS_FOR_BUILD. Replace
with a patch to cross-compile the tools.
Fixes:
http://autobuild.buildroot.org/results/110/1100539caae6ef62c61a3b96bc54f7c0a215cc62/
and many, many more.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f5dbd0dea1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pid_t is a signed 32bits integer on both 32bits and 64bits
architectures.
This fixes an issue with apache server which causes bad pid
to be written in PidFile
Signed-off-by: Julien Beraud <julien.beraud@spectracom.orolia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ee8cbc5fca)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the release notes
(https://github.com/memcached/memcached/wiki/ReleaseNotes1436):
Important bug fix that could lead to a hung slab mover. Also improves
memory efficiency of chunked items.
[Peter: add release notes link / mention important bug fix]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit adfe049d85)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the release notes (https://www.openssh.com/txt/release-7.5):
Security
--------
* ssh(1), sshd(8): Fix weakness in CBC padding oracle countermeasures
that allowed a variant of the attack fixed in OpenSSH 7.3 to proceed.
Note that the OpenSSH client disables CBC ciphers by default, sshd
offers them as lowest-preference options and will remove them by
default entriely in the next release. Reported by Jean Paul
Degabriele, Kenny Paterson, Martin Albrecht and Torben Hansen of
Royal Holloway, University of London.
* sftp-client(1): [portable OpenSSH only] On Cygwin, a client making
a recursive file transfer could be maniuplated by a hostile server to
perform a path-traversal attack. creating or modifying files outside
of the intended target directory. Reported by Jann Horn of Google
Project Zero.
[Peter: mention security fixes]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2204f4deb1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
----
Changes v1 -> v2:
- use select instead of depends for BR2_PACKAGE_WAYLAND_PROTOCOLS
(suggested by Thomas Petazzoni)
- add select BR2_PACKAGE_WAYLAND_PROTOCOLS to missing second
place (BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WAYLAND)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5a2d37ca12)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable wayland support (only needed for the interactive-wayland
test program). This fixes a compile failure in case wayland
support is autodetected:
GEN xdg-shell-unstable-v5-protocol.c
/bin/sh: /usr/bin/wayland-scanner: No such file or directory
Makefile:2426: recipe for target 'xdg-shell-unstable-v5-protocol.c' failed
make[3]: *** [xdg-shell-unstable-v5-protocol.c] Error 127
make[3]: *** Waiting for unfinished jobs....
GEN xdg-shell-unstable-v5-client-protocol.h
/bin/sh: /usr/bin/wayland-scanner: No such file or directory
Makefile:2428: recipe for target 'xdg-shell-unstable-v5-client-protocol.h' failed
make[3]: *** [xdg-shell-unstable-v5-client-protocol.h] Error 127
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7665b58709)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
