Update the upstream URL in the help text in Config.in. This
addresses the 'Invalid(404)' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add an upstream URL to the help text in Config.in. This
addresses the 'Missing' URL status in the package stats
web page output.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Remove patch (already in version)
- Retrieve official tarball to drop autoreconf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix these warnings:
E122 continuation line missing indentation or outdented
E127 continuation line over-indented for visual indent
E265 block comment should start with '# '
E302 expected 2 blank lines, found 1
F401 'pexpect' imported but unused
Fixes:
- https://gitlab.com/buildroot.org/buildroot/-/jobs/360824861
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Spidermonkey is Mozilla's JavaScript engine written in C and C++. It is used in
various Mozilla products, including Firefox, and is available under the MPL2.
There are 10 patches currently required to properly cross-compile spidermonkey:
1) allow-newer-autoconf-versions
- Spidermonkey is hardcoded to use Autoconf 2.13, which is from 1999!
The reasoning behind using 2.13 is because newer versions of Autoconf do not
work correctly with the custom m4 macros in the source code.
However: Because we are building just the Spidermonkey engine instead of the
entire Firefox package, newer versions of Autoconf work without issue.
See: See: https://bugzilla.mozilla.org/show_bug.cgi?id=104642
for further explanation.
2) allow-building-in-tree
- By default, spidermonkey must be configured and built out-of-tree, otherwise
the following error occurs:
FATAL ERROR PROCESSING MOZBUILD FILE
==============================
The error occurred while processing the following file or one of the files
it includes:
js/src/shell/moz.build
The error occurred when validating the result of the execution. The reported
error is:
The path specified in LOCAL_INCLUDES is not allowed:
.. (resolved to js/src)
Remove this check, as spidermonkey builds without issue in-tree.
3) allow-unknown-configuration-options
- By default, if an unknown parameter is passed to configure, an error is
raised. Replace the raise with a pass and continue.
Fixes: https://bugzilla.mozilla.org/show_bug.cgi?id=1379540
4) fix-building-with-musl
- The MIPS specific header <sgidefs.h> is not provided by musl.
The Linux kernel headers <asm/sgidefs.h> provide the same definitions.
5) add-riscv-support
- Submitted upstream:
See: https://bugzilla.mozilla.org/show_bug.cgi?id=1318905
6) copy-headers-on-install-instead-of-symlinking
- When installing, instead of linking the headers to the source directory,
copy them.
7) ensure-proper-running-on-64-bit-and-32-bit-be-platforms
- Taken from the Fedora RPM
Applied upstream.
Fixes: https://bugzilla.mozilla.org/show_bug.cgi?id=1488552
8) 0008-save-and-restore-non-volatile-x28-on-ARM64-for-generated-unboxed-obje
- Taken from the Fedora RPM:
Applied upstream.
Fixes: https://bugzilla.mozilla.org/show_bug.cgi?id=1375074
9) save-x28-before-clobbering-it-in-the-regex-compiler
- Taken from the Fedora RPM:
Applied upstream.
Fixes: https://bugzilla.mozilla.org/show_bug.cgi?id=1445907
10) always-use-the-equivalent-year-to-determine-the-time-zone
- Taken from the Fedora RPM:
Applied upstream.
Fixes: https://bugzilla.mozilla.org/show_bug.cgi?id=1415202
Typically, The Firefox source tarball is used to build spidermonkey; however,
this has two disadvantages:
- It's large. The Firefox source tarball is over 250M.
- It requires Autoconf 2.13
Instead, use a tarball with only the Spidermonkey source code in it with a
pre-setup configure file. This tarball reduces the size to 31M and prevents the
Autoconf 2.13 requirement.
Signed-off-by: Adam Duskett <aduskett@greenlots.com>
[Thomas: adjust how the libnspr arch dependency is handled]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch fixes a formatting issues where spaces were used instead of tabs.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The directory $(1)/usr/include may not exist before copy files.
Signed-off-by: Jens Kleintje <scooby22@web.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
[46/66] Compiling C object 'tests/nouveau/e47a46e@@threaded@exe/threaded.c.o'.
FAILED: tests/nouveau/e47a46e@@threaded@exe/threaded.c.o
./tests/nouveau/threaded.c:24:10: fatal error: dlfcn.h: No such file or directory
#include <dlfcn.h>
[1] http://autobuild.buildroot.net/results/3042637f54d2d232904ea009455cae82e159ea2e
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security vulnerabilities:
- CVE-2019-2201: In generate_jsimd_ycc_rgb_convert_neon of
jsimd_arm64_neon.S, there is a possible out of bounds write due to a
missing bounds check. This could lead to remote code execution in an
unprivileged process with no additional execution privileges needed.
For more details, see the upstream bugtracker:
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/361
Additionally, it fixes a number of other issues. From the release notes:
- Fixed a regression in the SIMD feature detection code, introduced by the
AVX2 SIMD extensions (2.0 beta1[1]), that was known to cause an illegal
instruction exception, in rare cases, on CPUs that lack support for CPUID
leaf 07H (or on which the maximum CPUID leaf has been limited by way of a
BIOS setting.)
- The 4:4:0 (h1v2) fancy (smooth) chroma upsampling algorithm in the
decompressor now uses a similar bias pattern to that of the 4:2:2 (h2v1)
fancy chroma upsampling algorithm, rounding up or down the upsampled
result for alternate pixels rather than always rounding down. This
ensures that, regardless of whether a 4:2:2 JPEG image is rotated or
transposed prior to decompression (in the frequency domain) or after
decompression (in the spatial domain), the final image will be similar.
- Fixed a regression introduced by 2.0 beta1[15] whereby attempting to
generate a progressive JPEG image on an SSE2-capable CPU using a scan
script containing one or more scans with lengths divisible by 16 would
result in an error ("Missing Huffman code table entry") and an invalid
JPEG image.
- Fixed an issue whereby tjDecodeYUV() and tjDecodeYUVPlanes() would throw
an error ("Invalid progressive parameters") or a warning ("Inconsistent
progression sequence") if passed a TurboJPEG instance that was previously
used to decompress a progressive JPEG image.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2019-6477: TCP-pipelined queries can bypass tcp-clients limit
For details, see the release notes:
https://downloads.isc.org/isc/bind9/9.11.13/RELEASE-NOTES-bind-9.11.13.html
(9.11.11..12 were not released)
Upstream moved to a 2019-2020 signing key, so update comment in hash file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2019-11745: EncryptUpdate should use maxout, not block size
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Crontab module for reading and writing crontab files and accessing
the system cron automatically and simply using a direct API.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The GPL only applies to the C++ bindings and eeprom utility, which are
conditionally enabled with BR2_PACKAGE_LIBFTDI1_LIBFTDIPP1 and
BR2_PACKAGE_LIBFTDI1_FDTI_EEPROM, respectively.
The COPYING.LIB is indeed the LGPL-2.0, but the source file for
libftdi1 states LGPL-2.1-only, see src/ftdi.c
The src/ftdi_stream.c also bears a notice of the MIT license, so the
library itself is under both LGPL-2.1-only and MIT.
Note: the COPYING.GPL license file may get added twice to the list, but
that is not a problem in practice: it is just copied twice.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- GPL-2.0 also applies to the ftdi_eeprom utility
- s/ftdipp1/libftdipp1/
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 9b0b15e90b (package/libftdi: add license) was too hastily fixed,
with confusion between libftdi and libftdi1. The MIT-licensed file is
not present in libftdi; it is only in libftdi1.
Remove the unused MIT license from the list.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bump to 243.4 forgot to update hash of README file (update to the
requirements).
Fixes:
- http://autobuild.buildroot.org/results/eae13046b90253cdb2bf260e10b316386dff4eb1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: explain why README was changed]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The COPYING.LIB license file contains the test of the LGPL-2.0, but the
source code itself explicitly refers to the GPL-2.1-only. Additionally,
parts of the library (src/ftdi_stream.c) are under the MIT license.
The C++ bindings are udner the GPL-2.0-only with an exception, which is
expressed in the LICENSE file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- the library is under both GPL-2.1-only and MIT
- the GPL-2.0-only only applies to the C++ bindings
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
gob2 itself is GPL-2.0+, but it is a code generator. The code generated
by gob2 id not covered by gob2's license, and this is made explicit in
an accompanying license file.
So we include both license files.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- add COPYING.generated-code
- expand commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As spotted in
http://autobuild.buildroot.net/results/a61/a612cb7a85927d8cfe55c95c34d2901e7694fab0//diffoscope-results.txt,
faifa installs a library symlink with an incorrect target, which was
detected by the reproducible build logic, but is in fact wrong in any
case:
-lrwxrwxrwx 0 0 0 0 2019-11-07 19:38:04.000000 ./usr/lib/libfaifa.so -> /home/naourr/work/instance-3/output-1/target/usr/lib/libfaifa.so.0
+lrwxrwxrwx 0 0 0 0 2019-11-07 19:38:04.000000 ./usr/lib/libfaifa.so -> /home/naourr/work/instance-3/output-2/target/usr/lib/libfaifa.so.0
In practice, this is not a problem at runtime, as the .so symlink is
not used: the library soname is libfaifa.so.0. However, it still makes
sense to fix.
It is fixed by backporting an upstream commit. We considered bumping
to a newer version, but the latest version requires a new dependency
(libevent), so we preferred the backporting approach.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Upstream systemd-stable has started tagging point releses.
The commit we currently used has now been tagged as v243.3, and this
brings us to v243.4.
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
[yann.morin.1998@free.fr:
- expand commit log to explain previous version
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
cpuburn-arm burns CPU cycles to generate as much heat as possible.
Useful for stress testing.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
[yann.morin.1998@free.fr:
- fix title (Thomas)
- simplify and rename _ARCH_SUPPORTS (Thomas)
]
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
librsync can be built statically through the standard cmake
BUILD_SHARED_LIBS option since version 2.2.0 and
1ad3c7c600
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changes announced upstream:
Upgrade urgency HIGH: many issues fixed, some may have an impact.
Redis 5.0.7 fixes a number of bugs, none is very critical, however
there are a few that may have an impact. It's a good idea to upgrade.
There are fixes in the area of replication from modules commands and
callbacks, AOF fsync (non critical issue), memory leaks (very rare and small),
streams beahvior (non critical), and a potential crash in commands
processing multiple keys at the same time that is there for years, and happens
very rarely, but is not impossible to trigger.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
AST-2019-006: SIP request can change address of a SIP peer.
A SIP request can be sent to Asterisk that can change a SIP peer’s IP
address. A REGISTER does not need to occur, and calls can be hijacked as a
result. The only thing that needs to be known is the peer’s name;
authentication details such as passwords do not need to be known. This
vulnerability is only exploitable when the “nat” option is set to the
default, or “auto_force_rport”.
https://downloads.asterisk.org/pub/security/AST-2019-006.pdf
AST-2019-007: AMI user could execute system commands.
A remote authenticated Asterisk Manager Interface (AMI) user without
“system” authorization could use a specially crafted “Originate” AMI request
to execute arbitrary system commands.
https://downloads.asterisk.org/pub/security/AST-2019-007.pdf
AST-2019-008: Re-invite with T.38 and malformed SDP causes crash.
If Asterisk receives a re-invite initiating T.38 faxing and has a port of 0
and no c line in the SDP, a crash will occur.
https://downloads.asterisk.org/pub/security/AST-2019-008.pdf
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
