François has regularly updated this defconfig in the last few years,
so it makes sense to have him as a contact for it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Francois Perrad <francois.perrad@gadz.org>
Acked-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 560affd654)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit dca3a64b48)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Starting with Binutils 2.33.1, elf2flt segfault while building busybox:
"ld (ld-elf2flt):
/opt/armv7m--uclibc--bleeding-edge-2/arm-buildroot-uclinux-uclibcgnueabi/bin/elf2flt
This was reported to the Binutils mailing list and it's seems
an elf2flt issue with .ARM.exidx RO data section as explained
by: https://sourceware.org/ml/binutils/2019-10/msg00132.html
Apply the patch provided by Greg Ungerer [1] and tested by
Christophe Priouzeau using stm32f469_disco_defconfig on
stm32f469-disco board.
Fixes:
https://gitlab.com/kubu93/toolchains-builder/-/jobs/319395300
[1] https://github.com/uclinux-dev/elf2flt/issues/12
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2b064f86b6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When a package specifies extra downloads, it has the option to only name
the basename of the extra download, in which case that extra download
will be retrieved from the same location the main download is retrieved
from.
In that case, if the extra download contains a '+', it would confuse the
dl-wrapper, which believes the LHS of the '+' is the site method, and
the RHS the actual URI, and so the dl-wrapper mangles and damages the
URI when fetching such extra downloads, like that happens with android
tools, where the proper URI and mangled URIs of the extra download are,
respectively:
https://launchpad.net/ubuntu/+archive/primary/+files/android-tools_4.2.2+git20130218-3ubuntu41.debian.tar.gzhttp://archive/primary/+files/android-tools_4.2.2+git20130218-3ubuntu41.debian.tar.gz
We fix that by always propagating the site method to extra downloads,
but only when they are specified as relative to the main download URI.
For the extra downloads that specify a full URI, it is not systematic
that it is the same site method. For example, a main download could be a
git clone, but an extra download a pure http download; in that case we
can't replicate the site method for extra downloads, so they'll have to
take appropriate care to specify the required method and encoding if
needed.
Reported-by: Jemy Zhang <jemy.zhang@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Jemy Zhang <jemy.zhang@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2c543b4f4c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The name of the option to enable/disable support for pulseaudio has been
in flux in FreeRDP, sometimes being WITH_PULSE, sometimes being the
erroneous WITH_PULSEAUDIO. Eventually, FreeRDP came to their feet, and
fixed it to WITH_PULSE everywhere.
Signed-off-by: Alexey Lukyanchuk <skif@skif-web.ru>
[yann.morin.1998@free.fr:
- remove useless (obsolete) WITH_PULSEAUDIO
- fix the else clause too
- enhance commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 807495a885)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current URL from which we download the yaffs2utils tarball no
longer works:
-2019-11-02 10:17:20-- https://yaffs2utils.googlecode.com/files/0.2.9.tar.gz
Resolving yaffs2utils.googlecode.com (yaffs2utils.googlecode.com)... 2a00:1450:400c:c02::52, 173.194.76.82
Connecting to yaffs2utils.googlecode.com (yaffs2utils.googlecode.com)|2a00:1450:400c:c02::52|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2019-11-02 10:17:20 ERROR 404: Not Found.
So, let's replace it with a working URL.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 41f4c85dd0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6feba7cba1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cf9afa50e1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
eudev and systemd provide a hardware database (hwdb) as a set of
multiple files. Various other utilities may also use that database.
Those files have to be "compiled" into a binary to be useful; libudev
(and thus all utilities based on it) only use the compiled hwdb.
Compiling the hwdb is done with udevadm, using the hwdb sub-command:
udevadm hwdb --update
Provide a simple host-variant of eudev, so that we can call udevadm at
build time.
When it is configured, eudev will shoehorn its --prefix path as the base
location where the .hwdb file will be searched from, as well as where
the hwdb.bin will be generated in. This means that with the usual
--prefix=$(HOST_DIR), it would look into there.
udevadm also accepts a --root=/path option at runtime, which prepends
/path to all the paths it uses to find and generate files.
Obviously, combining --root=$(TARGET_DIR) and --prefix=$(HOST_DIR) would
not do what we want: all files would be searched for, and generated, in
$(HOST_DIR)$(TARGET_DIR)/ . Avoiding use of --root would not help much
either, as files would still searched in $(HOST_DIR) (we could use a
trick to copy files there, generate and then move the hwdb.bin, but
that's not nice).
However, since we only need udevadm, and since udevadm has no internal
and no external dependency, we can use a less dirty trick and configure
host-eudev with --prefix=/usr (and similar for the other paths), manually
copy udevadm to HOST_DIR, and then use --root when calling it.
Then, we get a udevadm that can read files from, and generate files into
$(TARGET_DIR). We register a target-finalize hook to generate the
hwdb.bin, so that any pakage may install its .hwdb files (currently only
eudev and systemd do, but other packages might (e.g. sane is known to do
so on standard desktop distros))
The *.hwdb source files consume a lot of space, roughly the same as the
generated database, i.e. ~8MiB as of today, and they are totally useless
on the target; only the generated hwdb.bin is useful. So we want to get
rid of them.
However, we also want to be able to complete a build (e.g. make
foo-reinstall to reinstall more hwdb files), so we don't want to
irremediably lose them. As such, we register a pre-rootfs-cmd hook, that
removes them just before assembling the filesystems, when we're only
using a copy of the target directory.
Note that this is the first host package to register a target-finalize
hook, and also the first to register a pre-rootfs-cmd hook. This avoids
duplicating these hooks logic in both eudev and systemd.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c2fee90943)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The indirect dependency through kmod was not tracked.
Detected with randconfig.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0c768dbbd9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
fakeroot can be built to either use SYSV IPC or TCP for message passing.
A bug was discovered where Microsoft Windows 10 Services for Linux
doesn't include support for SYSV IPC MsgQ. This patch adds support to
detect this case and automatically build fakeroot to use the TCP
transport instead (It is assumed a TCP transport would definitely have
more overhead then MsgQs so the default wasn't changed to TCP).
Fixes
https://bugs.busybox.net/show_bug.cgi?id=11366
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Jean-Francois Doyon <jfdoyon@gmail.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Arnout: use a post-patch hook and AUTORECONF=YES]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit fd1bcce989)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2019-18408: archive_read_format_rar_read_data in
archive_read_support_format_rar.c in libarchive before 3.4.0 has a
use-after-free in a certain ARCHIVE_FAILED situation, related to
Ppmd7_DecodeSymbol.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 2ba99ff4e2 (DEVELOPERS: trim runtime tests for Ricardo
Martincoski) backported a commit to tweak the DEVELOPERS entry, but
test_check_package.py is not in 2019.02.x, leading to check-package
complaining:
WARNING: 'support/testing/tests/utils/test_check_package.py' doesn't match any file
So drop that line.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit 127eff5c2f.
The a33 board is not in 2019.02.x, leading to complaints from check-package:
WARNING: 'board/olimex/a33_olinuxino/' doesn't match any file
WARNING: 'configs/olimex_a33_olinuxino_defconfig' doesn't match any file
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- bpo-38243: Escape the server title of xmlrpc.server.DocXMLRPCServer when
rendering the document page as HTML. (Contributed by Dong-hee Na in
bpo-38243.)
- bpo-38174: Update vendorized expat library version to 2.2.8, which
resolves CVE-2019-15903.
- bpo-37764: Fixes email._header_value_parser.get_unstructured going into an
infinite loop for a specific case in which the email header does not have
trailing whitespace, and the case in which it contains an invalid encoded
word. Patch by Ashwin Ramaswami.
- bpo-37461: Fix an infinite loop when parsing specially crafted email
headers. Patch by Abhilash Raj.
- bpo-34155: Fix parsing of invalid email addresses with more than one @
(e.g. a@b@c.com.) to not return the part before 2nd @ as valid email
address. Patch by maxking & jpic.
Additionally, the release contains a number of non-security related fixes.
For details, see the changelog:
https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-5-final
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
iconv.h is always included by mz_os_posix.c so select
BR2_PACKAGE_LIBICONV if !BR2_ENABLE_LOCALE
Fixes:
- No autobuilder failures
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 19806dab03)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
At the moment libnss assumes that every ARM has NEON extension but it's
not that way. So add a patch to make it aware of it and use native
functions in place of NEON optimized ones.
Fixes:
http://autobuild.buildroot.net/results/1342d305d1aeebef7af54a83afc094fda12421e2/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 166d6b1bce)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2019-10218:
Malicious servers can cause Samba client code to return filenames containing
path separators to calling code.
- CVE-2019-14833:
When the password contains multi-byte (non-ASCII) characters, the check
password script does not receive the full password string.
- CVE-2019-14847:
Users with the "get changes" extended access right can crash the AD DC LDAP
server by requesting an attribute using the range= syntax.
Release notes:
https://www.samba.org/samba/history/samba-4.9.15.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libsigrok optionally depends on libftdi1, not libftdi. This was already
the case for a long time, but until the recent commit 01b30e5d69, all
the configure options were wrong so it would use the automatic check for
availability of libftdi1. Now we pass the --with-libftdi option
explicitly, configure will fail if libftdi1 is not available.
Fixes:
- http://autobuild.buildroot.net/results/ec1f9f57944139b24738c1be529c4fc4b128a516
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 658388138c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerability:
- CVE-2019-17596: Invalid DSA public keys can cause a panic in dsa.Verify.
In particular, using crypto/x509.Verify on a crafted X.509 certificate
chain can lead to a panic, even if the certificates don’t chain to a
trusted root. The chain can be delivered via a crypto/tls connection to a
client, or to a server that accepts and verifies client certificates.
net/http clients can be made to crash by an HTTPS server, while net/http
servers that accept client certificates will recover the panic and are
unaffected.
Upstream has not provided a go 1.11.x release with a fix for this, so
instead include the Debian backport of the upstream security fix from:
https://sources.debian.org/src/golang-1.11/1.11.6-1+deb10u3/debian/patches/0008-Fix-CVE-2019-17596.patch/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If C++ is enabled, enable cxx exceptions, so libunwind will implement
_Unwind_GetIP which is used by mono (which already depends on C++)
Fixes:
- http://autobuild.buildroot.net/results/dbd64c89815d393a4e28b312d74fd80ee6de92da
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d5bcb30cf9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Laurent reported that a short tutorial was missing in the manual to
explain how to reuse a Buildroot toolchain as external toolchain.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Laurent Guillier <laurent.guillier@smile.fr>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas: completely rewrite the thing]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f7b0b0ad73)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
"mount" from the "util-linux" package does expect the helper utilities
in "/sbin" and not "/usr/sbin". We use "--exec-prefix=/" to fix the
issue. The man-pages are then still installed under "/usr/share/man".
Signed-off-by: Wolfgang Grandegger <wg@grandegger.com>
Tested-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e7f32dc3c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use pkg-config to retrieve static dependencies of libarchive in gvfs.mk
instead of patching configure.ac as upstream switched to meson
Fixes:
- http://autobuild.buildroot.org/results/486187bb7b8800f44a8c173af518b84e68e53584
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9b66547108)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerability:
- CVE-2019-18218: cdf_read_property_info in cdf.c in file through 5.37 does
not restrict the number of CDF_VECTOR elements, which allows a heap-based
buffer overflow (4-byte out-of-bounds write).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1c4584e47e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Retrieve upstream patch to fix build with BR2_PIC_PIE on x86
Fixes:
- http://autobuild.buildroot.org/results/b1252b7907944d227694ad8506de25881bf2ca04
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 41eadb1a9b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fd69562949)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
icu is required to build Q5tWebkit.
When UChar is defined as char16_t in ICU, then qtbase fails to detect ICU.
The issue is described https://bugreports.qt.io/browse/QTBUG-49586
Build fails with following error messages:
...
ustring.h:473:20: error: ‘UChar’ does not name a type
u_strCompare(const UChar *s1, int32_t length1,
^
^
make[2]: *** [Makefile:195: icu.o] Error 1
ICU disabled.
The ICU library support cannot be enabled.
Signed-off-by: Andrey Skvortsov <andrej.skvortzov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 89a82e7210)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On x86_64, we use the host compiler instead of the target compiler to
build kvm-unit-tests, because it is built with -m32 and our target
compiler doesn't support that.
However, the compiler on Arch Linux is broken: it *always* builds with
-fstack-protector, even when -ffreestanding is passed. However, when
-fnostdlib is passed at link time (which is normally the case when
building with -ffreestanding), it is not linked with the stack-protector
library. This leads to a link time error:
/usr/bin/ld: x86/realmode.o: in function `print_serial_u32':
.../x86/realmode.c:104: undefined reference to `__stack_chk_fail'
Since the entire package is built with -ffreestanding, it doesn't
support stack-protector at all. Therefore, simply pass
-fno-stack-protector explicitly on x86_64 to work around the bug in Arch
Linux.
Bug reported upstream: https://bugs.archlinux.org/task/64270
Fixes:
- http://autobuild.buildroot.org/results/e6f767755ffdb5ecc014eb5ad7519814f075a60e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c0ffd16e40)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Openssl is required so that Gem can install ruby gems from secure websites.
ERROR: While executing gem ... (Gem::Exception)
Unable to require openssl, install OpenSSL and rebuild ruby (preferred) or
use non-HTTPS sources
Signed-off-by: Nicolas Carrier <nicolas.carrier@orolia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ed5549b987)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
sox implements a custom mechanism to detect whether the toolchain has
SSP suport or not. In doing so, it explicitly tries to see if libssp.so
is present, in which case it unconditionally links with it, even though
the compiler, if left by itself, would have used the SSP support
provided by the C library.
However, with Buildroot, the SSP options are handled in our gcc
wrapper, so packages should just not bother with that.
It turns out that, when sox is configured with --disable-stack-protector,
it does not disable it, but really does nothing, which is good for us.
Currently, SSP is conditionally disabled in sox, under various
conditions: that the toolchain does not have SSP, or that it is one of
the know SSP-challenged (i.e. broken) toolchains. Those conditions dates
back tpo before our wrapper started handling that.
Remove all those conditions, unconditionally disable SSP in sox, and let
our gcc wrapper handle the SSP options.
Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4653d273b8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In Buildroot, the internal toolchain backend uses the SSP support from
the C library, not that of gcc.
Some external toolchains come with SSP suport in gcc, which is
implemented in libssp.so, rather than in the C library.
When a toolchain even has both, it is up to the compiler to decide
whether it will link to libssp or use the support from the C library.
However, in the latter case, a (incorrectly written) package may decide
to explicitly link with libssp.so when it is available (even though the
compiler may have decided otherwise if left by itself). This is the case
for example with sox, which results in runtime failures, such as:
$ sox
sox: error while loading shared libraries: libssp.so.0: cannot open
shared object file: No such file or directory
Even if sox is wrong in doing so, the case for libssp-only toolchains is
still valid, and we must copy it as we copy other libs.
Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 971479ed62)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
