Commit Graph

36567 Commits

Author SHA1 Message Date
Romain Naour
0fe7151117 package/libunwind: fix build failure due to asm()
The gcc documentation [1] suggest to use __asm__ instead of asm.

Fixes:
http://autobuild.buildroot.net/results/3ef/3efe156b6494e4392b6c31de447ee2c72acc1a53

[1] https://gcc.gnu.org/onlinedocs/gcc/Alternate-Keywords.html#Alternate-Keywords

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-04 00:59:26 +02:00
Clayton Shotwell
b1e07d6d79 busybox: applets as individual binaries
The individual binaries option of busybox allows for the applets
that would usually be symlinks to be built as individual applications
that link against a shared library.

This feature is needed for SELinux to allow the applications to run
under the correct SELinux context.

The patch being added allows the individual applications to be
installed and will be upstreamed to the busybox developers.

The initial work for this change was done by Thomas Petazzoni
<thomas.petazzoni@free-electrons.com>.

Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com>
Signed-off-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>
[Thomas:
 - add help text in Config.in option.
 - rename BUSYBOX_CONFIGURE_INDIVIDUAL_BINARIES to
   BUSYBOX_SET_INDIVIDUAL_BINARIES to be consistent with other
   variables.
 - call BUSYBOX_INSTALL_INDIVIDUAL_BINARIES in
   BUSYBOX_INSTALL_TARGET_CMDS, not in BUSYBOX_INSTALL_INIT_SYSV.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Arnout:
 - revert to the "optional file" approach in makedevs;
 - reword Config.in comment text to match our usual pattern;
 - abbreviate comment about how suid applets are found a little;
 - all applets are optional (each one may have been unselected from the
   busybox config).]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas: remove /usr/share/udhcpc/default.script from BUSYBOX_PERMISSIONS.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-04 00:54:56 +02:00
Arnout Vandecappelle
bdbbc72934 makedevs: support optional files
Add the 'F' file type to makedevs, that allows a file to be optional.
With this option, the line is just silently skipped if the file doesn't
exist (or is not a regular file).

This is useful for _PERMISSIONS where the file can be configured out
by package-specific configuration that is not directly handled by
Buildroot, like busybox.

Cc: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Niranjan Reddy <niranjan.reddy@rockwellcollins.com>
Cc: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-04 00:54:36 +02:00
Bernd Kuhls
05b90f4513 package/libva-utils: new package
The utils provided by this package were formerly packaged with libva.

Libva contained a patch not to compile mpeg2vldemo to reduce
dependencies by avoiding C++, this patch is not moved to this package.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-04 00:52:04 +02:00
Marcin Niestroj
0111ced770 package/lua-stdlib: new package
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-04 00:47:05 +02:00
Arnout Vandecappelle
4a6168db97 pngquant: doesn't support building with ccache
pngquant's homegrown configure script doesn't understand CC with a
space, so we can't use ccache with it. Only the host variant is
affected: for the target, we call ccache from the toolchain-wrapper so
it's transparent to the configure script.

This wasn't seen in the autobuilders since they never enable
BR2_CCACHE.

To test, use any configuration and do
make BR2_CCACHE=y host-pngquant

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-04 00:37:04 +02:00
André Hentschel
40d9b45aac azure-iot-sdk-c: Package depends on NPTL
Fixes:
http://autobuild.buildroot.org/results/1ad/1ad1c02eb866dd9a1b586308b11b4242f4321355/
http://autobuild.buildroot.org/results/fd0/fd0a1f71fec062a530bcffe95e501095657c0d50/

Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-04 00:31:17 +02:00
Julien Viard de Galbert
a02c64f190 easy-rsa: new package
[Peter: Mention that openssl is a runtime dependency,
	Add license info as noted by Romain, add gpl-2.0.txt,
	Add comment explaining the missing build step,
	Use install -t for x509-types files]
Signed-off-by: Julien Viard de Galbert <julien@vdg.name>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-04 00:24:38 +02:00
Peter Korsgaard
a1b630779f package/devmem2: fix legal-info
Fixes:
http://autobuild.buildroot.net/results/1c6/1c69c77d7b378f6f76790fb5ca0078d0db0c40f8

devmem2 is a single C file that is downloaded as-is, and we patch it.
We also use that file as the license file.

Thus, the file when it is downloaded has a specific hash, but when
saved by legal-info, it has a different hash.

However, we can't store two different hashes for the same _filename_
with different content.

So, we extract the license file as a pre-patch hook, and store it in a
separate file, for which we can now add a hash.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-04 00:04:55 +02:00
Yann E. MORIN
2ba0ec576e package/cache-calibrator: fix legal-info
Fixes:
http://autobuild.buildroot.net/results/e1b/e1b3dee917f5ab3961f3dea006720431444d0ef5/

cache-calibrator is a single C file that is downloaded as-is, and we
patch it. We also use that file as the license file.

Thus, the file when it is downloaded has a specific hash, but when
saved by legal-info, it has a different hash.

However, we can't store two different hashes for the same _filename_
with different content.

So, we extract the license file as a pre-patch hook, and store it in a
separate file, for which we can now add a hash.

[Peter: add autobuilder reference]
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Stephan Hoffmann <sho@relinux.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-04 00:03:39 +02:00
Peter Korsgaard
b3a0afd47f mpg123: security bump to version 1.25.1
>From the release notes:

- Avoid memset(NULL, 0, 0) to calm down the paranoid.

- Fix bug 252, invalid read of size 1 in ID3v2 parser due to forgotten
  offset from the frame flag bytes (unnoticed in practice for a long time).
  Fuzzers are in the house again.  This one got CVE-2017-10683.

  https://sourceforge.net/p/mpg123/bugs/252/

- Avoid a mostly harmless conditional jump depending on uninitialised
  fr->lay in compute_bpf() (mpg123_position()) when track is not ready yet.

- Fix undefined shifts on signed long mask in layer3.c (worked in practice,
  never right in theory).  Code might be a bit faster now, even.  Thanks to
  Agostino Sarubbo for reporting.

dlopen() is now directly used to load output modules (and the
--with-modules-suffix option has been removed), so adjust the modules logic
to match.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 21:59:51 +02:00
Peter Korsgaard
b9153ed954 vlc: add upstream security patches fixing CVE-2017-10699
avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before
2017-06-29, allows out-of-bounds heap memory write due to calling memcpy()
with a wrong size, leading to a denial of service (application crash) or
possibly code execution.

https://trac.videolan.org/vlc/ticket/18467

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 21:59:41 +02:00
Peter Korsgaard
a6b49a7e8c libpwquality: select cracklib
libpwquality adds cracklib to its _DEPENDENCIES, but forgot to select it in
Config.in, leading to build failures if cracklib isn't explicitly enabled:

Makefile:536: *** cracklib is in the dependency chain of libpwquality that
has added it to its _DEPENDENCIES variable without selecting it or depending
on it from Config.in.  Stop.

No autobuilder references as this error happens before build-time.log is
written, causing the autobuilder to ignore the build result.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 21:59:32 +02:00
Yann E. MORIN
4bd21d3e95 docs/manual: document hashes for license files
[Peter: use sha256 in example]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 18:03:51 +02:00
Yann E. MORIN
518b797b2b core/pkg-utils: check hashes of license files
This will help catch a change of license even if the filename does
not change.

For now, a missing hash for the license files is not a fatal error, to
let people catch up and add them. When we switch to make it mandatory,
we can simplify the code by just removing the case statement.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 18:03:51 +02:00
Yann E. MORIN
ea5695b5df core/pkg-util: pass package directory and name when saving license files
This will be useful when checking the hashes of the license files.

[Peter: use '.' as buildroot directory so /buildroot.hash isn't checked]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 18:03:20 +02:00
Yann E. MORIN
f49392349f core/pkg-generic: call MESSAGE when saving package legal-info
Currently, the per-package legal-info is mostly silent, but we're soon
to add a check for the hashes of the license files.

In that case, and when there is a hash mis-match, we want a user to know
what package had a changed license file.

So, we add a call to MESSAGE to display the package we're currently
saving the legal-info of, like so:

    >>> busybox 1.26.2 Collecting legal info

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 17:34:34 +02:00
Yann E. MORIN
efb61ae07b support/check-package: don't check filenames of hashes
Currently, we check that the filenames in hash lists do not contain
a slash '/' character, because all we are checking so far are the
downloaded archives, and we explicitly need the filename to not contain
a directory component at all.

However, we're soon to also check the hashes of the license files in
packages sources, and those license files may be at any arbitrary
directory-depth in the packages source tree.

[Peter: Remove reference to files with same basename]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Acked-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 17:33:22 +02:00
Peter Korsgaard
e7548edb5f fakedate: simplify logic
Using -ef to check for the same file is nicer than relying on a magic
symlink-to-fakedate.

Notice that -ef isn't stricly posix (but supported by bash/dash/zsh), so
I've changed the shebang to /bin/bash.

While we are at it, restructure the logic to do a single exec at the end
instead of handling the epoch/!epoch cases differently for simplicity.

With that out of the way we can directly install it as $HOST/usr/bin/date
instead of the fakedate / date symlink.

[Peter: drop IFS=: change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 15:10:58 +02:00
Peter Korsgaard
51825df3a1 Makefile: generate wrapper makefile when running make without a .config
The recent change to error out instead of running menuconfig when no .config
is available broke an existing use case:

make O=output-foo; cd output-foo; br-init-conf (or similar to get a sensible .config); make

As there is no wrapper makefile in output-foo.

Fix it by ensuring the wrapper gets created if needed.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 15:02:10 +02:00
Martin Kepplinger
56ed4a1ef2 tslib: use SPDX identifiers for licenses in use
[Peter: License is GPL-2.0+ / LGPL-2.1+]
Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 14:55:43 +02:00
Thomas De Schampheleire
ec019bcf64 setlocalversion: fix detection of hg revision for untagged versions
By default, cut prints the entire line if the specified delimiter is not
present at all:

    $ printf "foo bar" | cut -d' ' -f2
    bar
    $ printf "foobar" | cut -d' ' -f2
    foobar

In setlocalversion, cut is presented with the output of 'hg id' which has
the format:

    "<revision> <tags-if-any>"

If the current revision is not tagged, the output of 'hg id' does not
contain the delimiter (space), cut prints the entire string, and
setlocalversion thinks the version is the tag.
As setlocalversion does not print anything for tagged versions, there is no
output overall, and no correct indication of the mercurial revision.

Fix by passing the extra cut option '--only-delimited', which suppresses
output if no delimiter is found.

This problem likely went unnoticed for so long, because the tag 'tip' (i.e.
most recent revision of the branch) is treated specially: in this case the
mercurial revision _is_ printed, i.e. the situation is treated as
'untagged'.
The problem is only seen when you are _not_ at the most recent revision in
your branch.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 11:40:49 +02:00
Gaël PORTAY
3529ee59d1 qt5virtualkeyboard: new package
This patch adds the Qt virtualkeyboard package.

Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
[Thomas:
 - use SDPX license codes
 - add entry to DEVELOPERS file
 - drop BR2_PACKAGE_QT5BASE_LICENSE_APPROVED logic, since we removed this option
 - select BR2_PACKAGE_QT5DECLARATIVE and
   BR2_PACKAGE_QT5DECLARATIVE_QUICK instead of using a "depends on"
   and propagate the appropriate dependencies]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-03 00:36:01 +02:00
Baruch Siach
e42a827ea1 lirc-tools: bump to version 0.9.4d
Drop 0001-tools-make_rel_symlink.py-can-also-use-python2.patch. Build requires
host-python3 since the previous version bump.

Drop upstream 0002-lircd-Remove-use-of-functions-killed-in-kernel-4.8.0.patch.

Add a patch fixing header guard macro collision with musl libc.

Set HAVE_WORKING_POLL to skip poll(2) run test that is not compatible with
cross compilation.

Add optional dependency on libftdi1.

Cc: Rhys Williams <github@wilberforce.co.nz>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-03 00:14:38 +02:00
Thomas Petazzoni
0a2576d37e wavpack: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 00:05:18 +02:00
Thomas Petazzoni
bbbe00ea35 trinity: don't download patches from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 00:05:18 +02:00
Thomas Petazzoni
18813dd922 tinycbor: on't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 00:05:18 +02:00
Thomas Petazzoni
7ced54845c systemd: don't download patches from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 00:05:18 +02:00
Thomas Petazzoni
74a56295c1 softether: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 00:05:18 +02:00
Thomas Petazzoni
80fb2e4d24 sngrep: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

For this package, the patch is not replaced 1:1 with what Github was
providing. Indeed, the URL
4740f3341a.patch
no longer exists. This pull request has been merged, so we instead use
the real upstream commits. However, the upstream developer apparently
messed up, and applied the change in two separate commits, which is
why one patch fetched from Github is replaced by this commit by two
patches in package/sngrep/.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 00:05:18 +02:00
Thomas Petazzoni
4eb7f76ed1 scrub: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 00:05:18 +02:00
Thomas Petazzoni
e4df30ff97 rpm: don't download patches from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 00:05:18 +02:00
Thomas Petazzoni
35bc55eaaa qt: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 00:05:18 +02:00
Thomas Petazzoni
e9b614ad3a poco: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 00:05:18 +02:00
Thomas Petazzoni
80f08a4b28 openzwave: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 00:05:18 +02:00
Thomas Petazzoni
4e7522aacd openssh: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 00:05:18 +02:00
Thomas Petazzoni
50368ac2ab openal: don't download patches from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 00:05:18 +02:00
Thomas Petazzoni
9ef0e9afba numactl: don't download patches from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 00:05:18 +02:00
Thomas Petazzoni
c0369e05ea mediastreamer: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 00:05:18 +02:00
Thomas Petazzoni
8c7c81d1d7 lxc: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 00:05:18 +02:00
Thomas Petazzoni
32a20319c1 libstrophe: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 00:05:18 +02:00
Thomas Petazzoni
d8e0a2d4ae jack2: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 00:05:18 +02:00
Thomas Petazzoni
57180155ca efibootmgr: don't download patch from Github
Patches downloaded from Github are not stable, so bring them in the
tree.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 00:05:18 +02:00
Thomas Petazzoni
a0c9b36b80 docs/manual: update details about hashes
This commit updates the manual about hashes, fixing a number of
issues:

 - Adding the .hash file should no longer be optional: it *must* be
   added. Therefore the wording "You can add ..." is changed to "When
   possible, you must add ...".

 - We are now checking hashes for Git downloaded packages, so fix this
   as well, and indicate more clearly which download methods have hash
   checking.

 - We no longer want to have auto-generated patches be downloaded
   through <pkg>_PATCH because such patches are not stable over time,
   and their hash can change. For example, downloading patches from
   github.com should no longer be done.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 00:05:18 +02:00
Bradford Barr
a2538e4b19 sqlite: add json1 support
Add support for the JSON1 SQLite extensions. This extension allows SQLite to
store and query JSON objects in a database.

Signed-off-by: Bradford Barr <bradford@density.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-02 23:59:08 +02:00
Peter Korsgaard
a0c53973f8 bind: security bump to version 9.11.1-P2
Fixes the following security issues:

CVE-2017-3142: An error in TSIG authentication can permit unauthorized zone
transfers

An attacker who is able to send and receive messages to an authoritative DNS
server and who has knowledge of a valid TSIG key name may be able to
circumvent TSIG authentication of AXFR requests via a carefully constructed
request packet. A server that relies solely on TSIG keys for protection with
no other ACL protection could be manipulated into:

* providing an AXFR of a zone to an unauthorized recipient
* accepting bogus NOTIFY packets

https://kb.isc.org/article/AA-01504/74/CVE-2017-3142

CVE-2017-3041: An error in TSIG authentication can permit unauthorized dynamic
updates

An attacker who is able to send and receive messages to an authoritative DNS
server and who has knowledge of a valid TSIG key name for the zone and service
being targeted may be able to manipulate BIND into accepting an unauthorized
dynamic update.

https://kb.isc.org/article/AA-01503/74/CVE-2017-3143

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-02 23:48:41 +02:00
Arnout Vandecappelle
d2a151cea0 .gitlab-ci.yml: use the Buildroot CI image published on Docker Hub
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-02 23:45:27 +02:00
Arnout Vandecappelle
2564268f99 support: add Dockerfile for CI
For Gitlab-CI, we want to avoid re-generating the minimal install to
be able to run tests all the time. So let's create a docker image that
we can post on Docker Hub and then pull.

For the time being, this is just what we need for running our CI. Later
we can produce something that is also useful for users.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-02 23:45:24 +02:00
Thomas Petazzoni
b287ea6fc5 .gitlab-ci.yml: run our runtime tests
This commit improves our .gitlab-ci.yml logic to execute our runtime
tests located in support/testing/. To do so, this commit:

 - Adds more Debian packages to be installed, namely the nose2 and
   pexpect packages needed by the runtime testing infrastructure, as
   well as the necessary Qemu emulators

 - The description of how to run the runtime tests. Each test is
   executed as a separate Gitlab CI job, so that the status of each
   test is easily visible in the Gitlab CI web interface.

 - The Makefile is improved to auto-generate .gitlab-ci.yml from
   .gitlab-ci.yml.in, like we're doing for defconfigs. Since the
   dependencies of .gitlab-ci.yml are no longer correct, we abandon
   them and instead make it a PHONY target.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Arnout: simplify .gitlab-ci.in a little, removing redundant stuff;
         make .gitlab-ci.yml a PHONY target]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-02 23:45:07 +02:00
Eric Le Bihan
346e926c15 pkg-virtual: fix host dependencies handling
If $(BR2_PACKAGE_HAS_HOST_FOO) is defined, then the pkg-virtual
infrastructure will check if $(BR2_PACKAGE_PROVIDES_HOST_FOO) is not
empty.

But later, $(BR2_PACKAGE_HOST_FOO_DEPENDENCIES) will be set from
$(BR2_PACKAGE_PROVIDES_FOO), ignoring $(BR2_PACKAGE_PROVIDES_HOST_FOO).

So fix this discrepancy by setting $(BR2_PACKAGE_HOST_FOO_DEPENDENCIES)
from $(BR2_PACKAGE_PROVIDES_FOO) only if $(BR2_PACKAGE_PROVIDES_HOST_FOO)
is empty.

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas: add comments suggested by Arnout.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-02 23:42:31 +02:00