The source files contain the "(at your option) any later version" text, so
change the licese to GPL-2.0+.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The source files contain the "(at your option) any later version" text and
the website states:
License
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
http://0pointer.de/lennart/projects/ifplugd/
So change the license to GPL-2.0+
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Which is the version used by docker 18.09.9:
0a3767c7e9
Also add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Includes a number of post-18.09.7 bugfixes and to keep in sync with the
docker-engine version.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security vulnerability:
CVE-2019-13509: Docker Engine in debug mode may sometimes add secrets to the
debug log. This applies to a scenario where docker stack deploy is run to
redeploy a stack that includes (non external) secrets. It potentially
applies to other API users of the stack API if they resend the secret.
And a number of other non-security issues.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The patch used previously to support versions of ln lacking the '-r'
option generated broken links:
$ file target/usr/lib/cups/backend/driverless
target/usr/lib/cups/backend/driverless: broken symbolic link to ../../usr/lib/cups/driver/driverless
Add a squashing of two patches already applied upstream that provide a
better solution:
https://github.com/OpenPrinting/cups-filters/pull/154https://github.com/OpenPrinting/cups-filters/pull/157
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
texttotext must be linked to libiconv if !BR2_ENABLE_LOCALE so pull a
patch applied upstream that adds libiconv discovery via autoconf.
With this change, autoreconf requires the config.rpath and ABOUT-NLS
files which are not in v1.25.4. Add a pre-configure hook to fake them.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=12031
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
With Microblaze Gcc version < 8.x the build hangs due to gcc bug
85180: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85180. The bug
shows up when building protobuf with optimization but not when building
with -O0. To work around this, if BR2_TOOLCHAIN_HAS_GCC_BUG_85180=y we
force using -O0.
Fixes:
http://autobuild.buildroot.net/results/73dc9610a13d6e14eec58d529617210d93d5dec4/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[Arnout: fix variable name]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
fakeroot can be built to either use SYSV IPC or TCP for message passing.
A bug was discovered where Microsoft Windows 10 Services for Linux
doesn't include support for SYSV IPC MsgQ. This patch adds support to
detect this case and automatically build fakeroot to use the TCP
transport instead (It is assumed a TCP transport would definitely have
more overhead then MsgQs so the default wasn't changed to TCP).
Fixes
https://bugs.busybox.net/show_bug.cgi?id=11366
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Jean-Francois Doyon <jfdoyon@gmail.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Arnout: use a post-patch hook and AUTORECONF=YES]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This reverts commit 9135ab7a7c. This
version bump causes a major issue: the entire root filesystem of the
build machine is being copied into $(STAGING_DIR)/usr/lib/python2.7/,
causing the build to consume the entire disk space of the machine.
>>> python-sip 4.19.13 Installing to target
[...]
make[2]: Leaving directory `/home/test/buildroot/output/build/python-sip-4.19.13/siplib'
Traceback (most recent call last):
File "/home/test/buildroot/output/build/python-sip-4.19.13/mk_distinfo.py", line 108, in <module>
fn_f = open(fn, 'rb')
FileNotFoundError: [Errno 2] No such file or directory: '/home/test/buildroot/output/target/usr/lib/python3.7/site-packages/sip.pyi'
make[1]: *** [install_distinfo] Error 1
make[1]: *** Waiting for unfinished jobs....
cp: cannot open `/proc/fs/aufs/plink_maint' for reading: Permission denied
cp: cannot open `/proc/sys/fs/protected_fifos' for reading: Permission denied
cp: cannot open `/proc/sys/fs/protected_hardlinks' for reading: Permission denied
cp: cannot open `/proc/sys/fs/protected_regular' for reading: Permission denied
cp: cannot open `/proc/sys/fs/protected_symlinks' for reading: Permission denied
cp: cannot open `/proc/sys/kernel/cad_pid' for reading: Permission denied
cp: cannot open `/proc/sys/kernel/unprivileged_userns_apparmor_policy' for reading: Permission denied
cp: cannot open `/proc/sys/kernel/usermodehelper/bset' for reading: Permission denied
...
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When using a newer host system cmake to build MariaDB, the following build
error occurs:
CMake Error at cmake/os/Linux.cmake:29 (STRING):
STRING sub-command REPLACE requires at least four arguments.
Call Stack (most recent call first):
CMakeLists.txt:101 (INCLUDE)
CMake Error at cmake/os/Linux.cmake:29 (STRING):
STRING sub-command REPLACE requires at least four arguments.
Call Stack (most recent call first):
CMakeLists.txt:101 (INCLUDE)
Fixes: https://bugs.busybox.net/show_bug.cgi?id=11781
Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
mariadb no longer allows the WITH_SSL=OFF configure option. It will
instead search for openssl or gnutls headers, and if missing error out
with:
CMake Error at /usr/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:137 (message):
Could NOT find GnuTLS (missing: GNUTLS_LIBRARY GNUTLS_INCLUDE_DIR)
(Required is at least version "3.3.24")
Call Stack (most recent call first):
/usr/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:378 (_FPHSA_FAILURE_MESSAGE)
/usr/share/cmake/Modules/FindGnuTLS.cmake:54 (FIND_PACKAGE_HANDLE_STANDARD_ARGS)
libmariadb/CMakeLists.txt:298 (FIND_PACKAGE)
Therefore, make host-mariadb depend on host-openssl, and tell mariadb
to use the system openssl.
This was not found by autobuilders because mariadb isn't built in the
autobuilders (it's part of a choice).
Note that the target mariadb already has an unconditional dependency
on openssl.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Tested-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Leave pam_selinux enabled by default in su.pam and remove it from the
/etc/pam.d/su and /etc/pam.d/su-l files if libselinux is not selected.
This cosmetic change prevents leaving a misleading commented-out line
that references a PAM module that does not exist.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
If follow through the customize-outside-br.txt with how to add external
toolchain in br-ext tree then one thing is missing - inclusion of
*.mk file with external toolchain package description.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Colorlog is a formatter for the python logging module.
Signed-off-by: Joris Offouga <offougajoris@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When updating to libglib2 2.62.0, the file 0002-add-option-to-build-tests.patch
had to be refactored to work with the new build_tests checks. In the process of
refactoring, a missing check was overlooked in glib/meson.build causing
distributions with older versions of objcopy to fail because the older version
does not contain the --add-symbol argument.
Adding the check for the build_tests argument fixes the issue.
Fixes:
http://autobuild.buildroot.net/results/dcc2352a036aba9650eae8abaaa23819fc67332d
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
match.o: In function `SetMatchSpec':
match.c:(.text+0x9c): undefined reference to `re_comp'
match.o: In function `Match':
match.c:(.text+0xca): undefined reference to `re_exec'
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Remove second patch (already in version)
- Fix a missing error detection in ECJPAKE. This could have caused a
predictable shared secret if a hardware accelerator failed and the
other side of the key exchange had a similar bug.
- When writing a private EC key, use a constant size for the private
value, as specified in RFC 5915. Previously, the value was written as
an ASN.1 INTEGER, which caused the size of the key to leak about 1 bit
of information on average and could cause the value to be 1 byte too
large for the output buffer.
- The deterministic ECDSA calculation reused the scheme's HMAC-DRBG to
implement blinding. Because of this for the same key and message the
same blinding value was generated. This reduced the effectiveness of
the countermeasure and leaked information about the private key
through side channels. Reported by Jack Lloyd.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Change NILFS_UTILS_SITE to https://nilfs.sourceforge.io as this is the
official site with the official tarballs
- Remove first and third patch (already in version)
- Drop fourth patch and host-pkgconf from dependencies, not needed since
d5ce780856
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Remove all patches except first one (already in version)
- Update first patch
- Fix CVE-2019-6471: A race condition when discarding malformed packets
can cause BIND to exit with an assertion failure
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update to the latest version of libcamera, including a fix for toolchains
which require libatomic to be linked manually.
The patch which handles this locally is therefore removed.
Since the last version update, the option to disable building of the
unit tests has been renamed from '-Dtests=' to '-Dtest='
This is updated accordingly.
Signed-off-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a new major release which brings in many improvements and new
features. For a complete list, please refer to the release notes:
https://webkitgtk.org/2019/09/09/webkitgtk2.26.0-released.html
A small patch is added which fixes a build failure when X11 headers
are not available (for example, when building a Wayland-only system)
The new support for the WPE renderer on Wayland and the new Bubblewrap
sandbox need additional dependencies and therefore are explicitly
disabled at the moment.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch sets the default floating point ABI based on the ISA
extensions that have been selected rather than defaulting to soft
float.
For 64-bit:
ISA 'D' selects lp64d
ISA 'F' selects lp64f
Otherwise select lp64
For 32-bit:
ISA 'D' selects ilp32d
ISA 'F' selects ilp32f
Otherwise select ilp32
This change was proposed by Palmer Dabbelt at SiFive.
Signed-off-by: Mark Corbin <mark.corbin@embecosm.com>
Reviewed-by: Palmer Dabbelt <palmer@sifive.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
I am exclusively using my Gmail address for now on. Reflect this in
the DEVELOPERS file.
Signed-off-by: Vivien Didelot <vivien.didelot@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mathieu is no longer working at Savoir-faire Linux, update his email
address in the DEVELOPERS file.
Signed-off-by: Vivien Didelot <vivien.didelot@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following check-package warning:
package/libglib2/libglib2.mk:90: consecutive empty lines
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
New upstream at github. Update homepage link and download site.
Drop the custom extract command; we now get the source tree from github.
Drop patch #2; the code detects rpc support.
Add optional dependency on libtirpc.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes a security issue. From the annoncement:
A vulnerability exists in Mosquitto versions 1.5 to 1.6.5 inclusive.
If a client sends a SUBSCRIBE packet containing a topic that consists of
approximately 65400 or more '/' characters, i.e. the topic hierarchy
separator, then a stack overflow will occur.
The issue is fixed in Mosquitto 1.6.6 and 1.5.9. Patches for older versions
are available at https://mosquitto.org/files/cve/2019-hier
The fix addresses the problem by restricting the allowed number of topic
hierarchy levels to 200. An alternative fix is to increase the size of the
stack by a small amount.
https://mosquitto.org/blog/2019/09/version-1-6-6-released/
Also notice that 1.6.5 silently fixed a security issue:
CVE-2019-11778
A vulnerability exists in Mosquitto version 1.6 to 1.6.4 inclusive, known as CVE-2019-11778
If an MQTT v5 client connects to Mosquitto, sets a last will and testament,
sets a will delay interval, sets a session expiry interval, and the will
delay interval is set longer than the session expiry interval, then a use
after free error occurs, which has the potential to cause a crash in some
situations.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This would normally be enabled by systemctl preset-all however since we
don't have a host systemctl we need to enable the service manually.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>