Prior to the bump to version 1.5.3 in commit
4e42366939, we had a patch on pkgconf
that ensures only some variables containing paths were prefixed by the
sysroot directory when queried through pkg-config. This patch was
dropped as part of the 1.5.3 bump, but it turns out we really need
something like this, or a significant number of changes need to be
done to existing packages.
Indeed, pkg-config has no notion of which variable/path gets used at
build time vs. which variable/path gets used at runtime. Prefixing
with the sysroot the paths used at build time works and is desirable,
but prefixing the paths used at runtime doesn't work.
This commit should fix a large number of remaining build failures
related to pkgconf 1.5.3, and should allow reverting a significant
number of workarounds.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes CVE-2018-1160: Netatalk before 3.1.12 is vulnerable to an out of
bounds write in dsi_opensess.c. This is due to lack of bounds checking on
attacker controlled data. A remote unauthenticated attacker can leverage
this vulnerability to achieve arbitrary code execution.
For more details, see the release notes:
http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
NXP U-Boot tree has the following build issue:
MKIMAGE u-boot-dtb.imx
Error: No BOOT_FROM tag in board/freescale/mx7dsabresd/imximage.cfg.cfgtmp
arch/arm/imx-common/Makefile:91: recipe for target 'u-boot-dtb.imx' failed
make[2]: *** [u-boot-dtb.imx] Error 1
Makefile:877: recipe for target 'u-boot-dtb.imx' failed
This issue has been fixed by commit f916757300c1 ("imx: Create
distinct pre-processed mkimage config files"), so backport this
commit to the NXP U-Boot tree in order to fix the build error.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/136980027
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
U-Boot 2017.11 has the following build issue:
MKIMAGE u-boot-dtb.imx
Error: No BOOT_FROM tag in board/freescale/mx6slevk/imximage.cfg.cfgtmp
arch/arm/mach-imx/Makefile:86: recipe for target 'u-boot-dtb.imx' failed
make[2]: *** [u-boot-dtb.imx] Error 1
Makefile:907: recipe for target 'u-boot-dtb.imx' failed
make[1]: *** [u-boot-dtb.imx] Error 2
make[1]: *** Waiting for unfinished jobs....
This issue has been fixed by commit f916757300c1 ("imx: Create
distinct pre-processed mkimage config files"), which landed in
U-Boot 2018.05.
Bump the U-Boot version to fix this build error.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/136980040
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
shairport-sync creates its pidfile at /var/run/shairport-sync/, so pass
that path to start-stop-daemon in the stop operation.
Also pass the executable path, allowing start-stop-daemon to check if
the PID matches the shairport-sync process, preventing killing some
other inocent daemon.
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=11566
Reported-by: Bin Zhang <yangtze31@gmail.com>
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 51ff8bb263)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 348d79a331)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 29675f8e54)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
removes rdp-compositor: fix compilation against FreeRDP 2.0.0 rc2
backport which is now included in 5.0.0
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 42c8f9f6b4 ("package/netsurf: add
dependency on host-libpng for sdl") ensured host-libpng was built
prior to netsurf when the SDL backend is selected. However, this is
not sufficient for the netsurf build system to find libpng on the
host, we need to help by providing the right HOST_CFLAGS and
HOST_LDFLAGS.
Fixes:
http://autobuild.buildroot.net/results/d0bbd563fe5c9463316b2ba0d7ef5553be0563bc/
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Thomas: rewrite commit message.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch updates the csky custom external toolchain to fix a broken
host dependency of gdb on libexpat.so.0 (most hosts now ship
libexpat.so.1). gdb is required to copy and and boot the kernel (see
board/csky/readme.txt). The updated gdb no longer has this host
dependency, which solves the issue.
Since this external toolchain was built and tested with csky kernel
4.9.56, this patch also updates to that kernel version.
Finally, this 4.9.56 csky kernel changed its default bootargs. So we
add a patch to preserve the same behavior as the previous version.
Signed-off-by: Julien Olivain <juju@cotds.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As part of this bump, we backport two upstream patches that fix the
license text to really reflect the license of the project. The second
patch was prompted by a bug report made by Arnout Vandecappelle
(https://github.com/mono/libgdiplus/issues/375), following a
discussion on the Buildroot mailing list. The first patch is needed as
a dependency of this first patch. Since both patches are upstream,
they can be dropped during the next version bump.
So now, the license text is the one of the MIT license, which matches
the header comments in all source files, making the comment about the
<pkg>_LICENSE variable in libgdiplus.mk irrelevant. The hash of the
license file is updated as well.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Thomas: update licensing aspects.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add "-std=c++11" to CXXFLAGS, forcing C++ 2011 standard (it's
experimental in GCC 4.8.2 but goot enough to build pcm-tools).
Fixes:
http://autobuild.buildroot.net/results/cf3c79f0c94be8a184d532570bdb1893090316a3/
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Orangepi lite2 board has AP6356S WiFi/BT combo, but does
not have ethernet port. So it makes sense to enable wireless
networking by default:
- add broadcom wireless firmware package to image
- add basic wireless tools to image
- add rootfs overlay with proper NVRAM file for on-board AP6356S chip
- add mdev to image to enable module autoloading
- update readme.txt to test wifi
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add initial support for Orangepi Lite2 board with below features:
- U-Boot 2018.09
- Linux 4.19.0-rc8
- Default packages from buildroot
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add initial support for Orangepi One Plus board with below features:
- U-Boot 2018.09
- Linux 4.19.0-rc8
- Default packages from buildroot
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libpagekite is a C implementation of the backend of the PageKite relay
protocol. It allows external access to embedded devices without public
IP address.
There is a bundled version of libev but we prefer to use the global
libev library.
Although the configure script has a --without-openssl option, it
doesn't actually build without openssl.
Patch 0001-configure.ac-fix-handling-of-with.patch is needed because
we want to explicitly pass --with and --without options, even if they
are the default. The way the AC_ARG_WITH macros were used, --with and
--without both had the effect of enabling the option.
Patch 0002-configure.ac-use-AS_HELP_STRING-for-with-openssl.patch is
not needed for Buildroot, but it is part of the same upstream PR and
would generate a conflict for the next patch.
Patch 0003-configure.ac-use-pkg-config-for-openssl.patch is needed to
pass -lz (needed by openssl) in static compilation.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
[Thomas:
- As noticed by Romain Naour, fix the prompt of the package in the
Config.in
- Add entry to DEVELOPERS file
- Drop the dependency on BR2_bfin, since this architecture has been
dropped from Buildroot.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Added license hash, removed patches included in new version.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Removed upstream patches included in the new version.
Added upstream patch to fix build error.
Updated license hash after commit
http://w1.fi/cgit/hostap/commit/README?id=c2c6c01bb8b6fafc2074b46a53c4eab2c145ac6f
updated the copyright year.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
setup.py explicitly listed a maximum allowed version of python-requests,
causing runtime failures with the python-requests version we have:
Loaded image: docker-enp.bin.cloud.barco.com/eis/baseos-docker-snmp:0.1.0
Traceback (most recent call last):
File "/usr/bin/docker-compose", line 6, in <module>
from pkg_resources import load_entry_point
File "usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3123, in <module>
File "usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3107, in _call_aside
File "usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3136, in _initialize_master_working_set
File "usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 580, in _build_master
File "usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 593, in _build_from_requirements
File "usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 781, in resolve
pkg_resources.DistributionNotFound: The 'requests!=2.11.0,!=2.12.2,!=2.18.0,<2.19,>=2.6.1' distribution was not found and is required by docker-compose
FAIL
Upstream regularly updates setup.py as new python-requests releases are
made, but it is unknown why new python-requests releases (which are supposed
to be backwards compatible) should not be allowed right away.
Add a path submitted upstream to only disallow new major versions, similar
to how the other dependencies are handled.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
go 1.11.3 fixes the following security issues:
cmd/go: remote command execution during "go get -u"
The issue is CVE-2018-16873 and Go issue golang.org/issue/29230. See the Go issue for details.
Thanks to Etienne Stalmans from the Heroku platform security team for discovering and reporting this issue.
cmd/go: directory traversal in "go get" via curly braces in import paths
The issue is CVE-2018-16874 and Go issue golang.org/issue/29231. See the Go issue for details.
Thanks to ztz of Tencent Security Platform for discovering and reporting this issue.
crypto/x509: CPU denial of service in chain validation
The issue is CVE-2018-16875 and Go issue golang.org/issue/29233. See the Go issue for details.
Thanks to Netflix for discovering and reporting this issue.
go 1.11.4 fixes issues, including regressions introduced by 1.11.3:
1.11.4 includes fixes to cgo, the compiler, linker, runtime, documentation, go
command, and the net/http and go/types packages. It includes a fix to a bug
introduced in Go 1.11.3 that broke go get for import path patterns
containing "...".
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The 4.11.1 release brings a large number of fixes:
https://xenproject.org/downloads/xen-archives/xen-project-411-series/xen-4111.html
Including a number of security fixes:
XSA-268: Use of v2 grant tables may cause crash on ARM (CVE-2018-15469)
XSA-269: x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS
(CVE-2018-15468)
XSA-272: oxenstored does not apply quota-maxentity (CVE-2018-15470)
XSA-273: L1 Terminal Fault speculative side channel (CVE-2018-3620,
CVE-2018-3646)
XSA-275: insufficient TLB flushing / improper large page mappings with AMD
IOMMUs
XSA-276: resource accounting issues in x86 IOREQ server handling
XSA-277: x86: incorrect error handling for guest p2m page removals
XSA-278: x86: Nested VT-x usable even when disabled (CVE-2018-18883)
XSA-279: x86: DoS from attempting to use INVPCID with a non-canonical
addresses
XSA-280: Fix for XSA-240 conflicts with shadow paging
XSA-282: guest use of HLE constructs may lock up host
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>