external.desc must be present when using a br2-external tree. The
documentation notes this later in the text, but the file is missing
from the initial overview of files.
Fixes bug #11481.
Signed-off-by: Philipp Wagner <mail@philipp-wagner.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a6479d6058)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Suppose we use Makefile wrapper and build some project out of
buildroot tree (O=...). A command like "make
busybox-all-external-deps" will output the string "uname 022 && make
..." to stdout before the usefull information. It pollutes stdout. At
the same time if we use the same command in the buildroot source-tree
then we don't get the additional output. This patch makes wrapper
silent by default. People who prefer to see more verbose output can
use V=1.
Signed-off-by: Serj Kalichev <serj.kalichev@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c77cd17082)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
CVE-2018-16850: SQL injection in pg_upgrade and pg_dump, via CREATE TRIGGER
... REFERENCING
For more details, see the advisory:
https://www.postgresql.org/about/news/1905/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Pull a patch already submitted upstream[1] that fixes mkostemp when
_LARGEFILE64_SOURCE is defined. This is required to prevent failures
on eudev[2]:
# udevadm hwdb --update
Failure writing database //etc/udev/hwdb.bin: Invalid argument
1. https://patchwork.ozlabs.org/patch/990045/
2. https://patchwork.ozlabs.org/patch/984848/
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c33fb6e9f1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes:
https://webkitgtk.org/2018/10/29/webkitgtk2.22.3-released.html
Patch "0001-ARM-Building-FELightingNEON.cpp-fails-due-to-missing.patch"
is removed because it is included in the new release.
This is a maintenance release which further improves playback of video
when using media source extensions (MSE), specially for WebM content,
and provides a few correctness fixes.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0def20865d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This covers the case where GL/GLES is available (so -DENABLE_OPENGL=ON
gets passed), which makes the webkitgtk build system assume GStreamer-GL
is available, while actually it is not.
Also, providing an option to manually disable usage of GStremer-GL can
help with certain target configurations in which using OpenGL for video
handling might result in incorrect rendering.
This fixes some autobuilder failures like the following:
http://autobuild.buildroot.net/results/187796535af53ece426641ff7d88aabada281674http://autobuild.buildroot.net/results/00c1a8ea23a99728a4f3f4478705f2383414ae41
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4ac29a8196)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
NetworkManager includes some parts of the systemd-networkd code in its
codebase. That can be found at src/systemd/src/libsystemd-networkd.
The DHCP implementation provided by systemd-networkd is used when
NetworkManager is configured to use the internal implementation,
however the default is to use dhclient.
When NetworkManager is configured to use the internal dhcp and an
interface is setup with ipv6.method=auto (which is the default value)
or ipv6.method=dhcp, this flaw can be exploited. When using
ipv6.method=auto, the DHCPv6 client can be automatically started with a
Router Advertisement packet.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0a51ba655c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The "development" defconfigs for Atmel platforms enable both OpenSSH
and Dropbear, which doesn't make a lot of sense, as only one SSH
server can start on port 22.
This commit therefore drops BR2_PACKAGE_DROPBEAR=y from those
defconfigs, keeping OpenSSH as an SSH server/client, as was requested
by Atmel/Microchip folks in the review of an earlier version of this
patch [1]. Since those defconfigs are "development" defconfigs, they
are not meant to be minimal, and already provide an arbitrary set of
packages, so using openssh is just as good as using dropbear in this
case.
[1] https://patchwork.ozlabs.org/patch/989516/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Nicolas Ferre <nicolas.ferre@microchip.com>
Cc: Joshua Henderson <joshua.henderson@microchip.com>
Cc: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit dab1539613)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Systemd-networkd is vulnerable to an out out-of-bounds heap write in the
DHCPv6 client when handling options sent by network adjacent DHCP servers.
A attacker could exploit this via malicious DHCP server to corrupt heap
memory on client machines, resulting in a denial of service or potential
code execution.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: add description]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bc6ecbbeef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
1.4.50:
[mod_alias] security: potential path traversal with specific configs
[core] security: use-after-free invalid Range req
[mod_alias] security: path traversal in mod_alias (in some use cases) (fixes#2898)
[core] security: use-after-free after invalid Range request (fixes#2899)
1.4.51:
[core,security] process headers after combining folded headers
[mod_userdir] security: skip username “.” and “..”
1.4.51 brings optional pam and wolfssl support. Explicitly disable these
options for now.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 15793bc19f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since qemu 2.12.0 and
2ec78706d1,
x_keymap.h has been converted from "SDL display driver" to "X11 keymaps"
So add a select on BR2_PACKAGE_SDL_X11
Fixes:
- http://autobuild.buildroot.org/results/1908d2d7de8d3aff11ed6fbb8fe4cf3eff54b5a5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8153ce21e7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add an upstreamable patch to use pkg-config for finding libedit and
readline dependencies and drop ncurses "hack"
Fixes:
- http://autobuild.buildroot.org/results/b0b17f4a5b0a32631a12bdb350ba7c21f7c595d0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 91b6ca9682)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable db2pdf, db2ps and xmlto which are used for building PDF, PS, man
or html documentation
Fixes:
- http://autobuild.buildroot.org/results/28df3b50d90bc53b965280b77224f89fe09ec2b9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8b3dea2c2a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Set ac_cv_mtab_file to /etc/mtab otherwise build will fail if no mtab,
mnttab or fstab is found in /etc (on host)
Fixes:
- http://autobuild.buildroot.org/results/efaf2833d674c7e366c59f367f0b83c7f88546bb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b4501ca80d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes an out-of-bounds write, detect an integer overflow and protect
against acting on NULL input. For additional datails, see
https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2f3042a79b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Version 0.8.6 is a bugfix release including a nasty bug that has
potential to crash applications when parsing certain URIs (like
"//:%aa@", excluding quotes).
For more details please check the change log at
https://github.com/uriparser/uriparser/blob/uriparser-0.8.6/ChangeLog
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cba4062a34)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
uriparser 0.8.5 with bugfixes has been released. It has also moved from
SourceForge to GitHub:
https://uriparser.github.io/
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ca0e627200)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This fixes a check-package warning introduced by commit
19df27ed03 ("package/mariadb: add option
to disable build of embedded server")
Fixes:
package/mysql/Config.in:59: attributes order: type, default, depends on, select, help (http://nightly.buildroot.org/#_config_files)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cbf62fc569)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
- http://autobuild.buildroot.org/results/87c7fa4a8e393acaccc84bd2774f9eee32ef7d90
xmlto is optionally used to generate documentation, which we don't need.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 220f25e940)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit 916b21a7fb ("package/tar:
Depends on MMU"), BR2_PACKAGE_TAR depends on BR2_USE_MMU. However, the
Config.in comment does not take into account this dependency, an
inconsistency which is fixed by this commit.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2a3ef05520)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The new version, among other changes, includes important fixes
for unaligned memory access on ARM (both for 32 and 64-bit), as well
as performance improvements and build fixes.
Patch "0001-Tell-CMake-to-not-check-for-a-C-compiler.patch" is not
needed due to the issue being fixed upstream, and therefore is removed.
Patch "0001-CMake-Allow-using-BUILD_SHARED_LIBS-to-choose-static.patch"
is rebased against the latest upstream changes.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit be733b54a7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Incorrect command-line parameter validation in the Xorg X server can
lead to privilege elevation and/or arbitrary files overwrite, when the
X server is running with elevated privileges (ie when Xorg is
installed with the setuid bit set and started by a non-root user).
The -modulepath argument can be used to specify an insecure path to
modules that are going to be loaded in the X server, allowing to
execute unprivileged code in the privileged process.
The -logfile argument can be used to overwrite arbitrary files in the
file system, due to incorrect checks in the parsing of the option.
For more details, see the advisory:
https://lists.x.org/archives/xorg-announce/2018-October/002927.html
Issue was introduced in 1.19.0, so the older xserver variants are not
affected.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the runtime tests were first introduced, they still ran pretty
quickly. Nowadays, however, there are a lot of runtime tests, and some
of them take a really long time. So running them on every push is
really too much.
Just like we do for the defconfigs, run them on explicit trigger only.
The explicit trigger is now done every week, but it can be increased
to e.g. twice or three times per week.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 96123c1c4f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Needed for vlc to fix linking issue.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 13f7959e8d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When we do a release, we know only of a set of gcc versions that the
host may have. But in the future, distributions with newer gcc versions
may show up.
Currently, we do not recognise those versions, and thus we do as if they
were older than the oldest we know of. This means that a set of packages
become unselectable, when they should be.
We fix that by capping the detected version to the highest we know of.
Reported-by: gargar_ on IRC
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3950e69dad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Qt KMS support should not explicitly depend on the availability of opengl.
Don't explicitly disable KMS if opengl is not available and fallback to
detecting if libdrm is available before disabling kms.
The scenario where this is necessary involves using the Qt linuxfb backend
"dumb buffer" support via the DRM API. This is new in Qt 5.9 [1] and only
requires KMS, but not opengl. Although on Qt 5.6, only eglfs actually
uses libdrm/kms, it doesn't hurt to add the dependency and the -kms
option there as well, and doing so keeps the logic in the .mk file
simple.
[1] http://doc.qt.io/qt-5/embedded-linux.html#linuxfb
Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Julien Corjon <corjon.j@ecagroup.com>
Signed-off-by: Joshua Henderson <joshua.henderson@microchip.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f91ea94a6f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Size of output/target/usr:
with embedded: 1,7G
without embedded: 648M
This config option saves space on the target if the embedded server
is not used by any other package:
https://mariadb.com/kb/en/library/embedded-mariadb-interface/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Tested-by: Ryan Coe <bluemrp9@gmail.com>
[Peter: make Config.in option depend on _MARIADB_SERVER]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 19df27ed03)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The utils/diffconfig script works only on variables with the BR2_
prefix. This is OK for Buildroot [def]configs since this is the prefix
for all user-facing variables, but it prevents using the same script
to compare configs from kconfig-based packages.
Remove the BR2_ restriction, allowing usage such as:
./utils/diffconfig \
board/qemu/xtensa-lx60/linux.config \
board/qemu/xtensa-lx60/linux-nommu.config
Signed-off-by: Marcel Patzlaff <m.patzlaff@pilz.de>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bf9ccfc37b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit dea3ab6840)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The libcilkrts configure script errors out with "Pthreads are required
to build libcilkrts" if the C library doesn't have thread support. To
fix that, we disable libcilkrts when thread support is not available.
This issue was not noticed until now, because we only regularly build
a no-thread toolchain for ARM, and libcilkrts was enabled on ARM only
starting in gcc 7.x.
This fixes the build of no-thread toolchains on architectures where
libcilkrts is supported, i.e x86/x86-64, ARM and Sparc.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 076fd27da7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sort the certificates into alphabetical order so the contents of
ca-certificates.crt can be built reproducibly.
Note: The certificates are sorted uppercase then lowercase filenames
so the contents of ca-certificates.crt matches the source debian package.
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit c61b49e5b5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Rebuilding ca-certificates using make ca-certificates-rebuild
caused duplicate certificates to be installed in the target. Its build
system is broken: it doesn't detect that the output file already exists,
and instead of overwriting it, a duplicate is generated under a
different name. The net effect is that all certificates are installed
twice after rebuild.
Fix this by cleaning the build directory before building the package.
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 42b10634c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
c_rehash looks at all files in /etc/ssl/certs, generates the hash for
the certificates in them, and makes a symlink from the hash to the
certificate file.
However, ca-certificates.crt is also installed in /etc/ssl/certs and
it contains all the certificates. c_rehash will take one of them (the
first?) and create a symlink from that hash to ca-certificates.crt.
Usually, this results in an error like:
WARNING: Skipping duplicate certificate ca-certificates.crt
and all is well. However, depending on filesystem order,
ca-certificates.crt may come first, and the actual certificate is
not symlinked.
To fix this install certificates.crt to /etc/ssl/certs *after* we run
c_rehash to prevent it getting hashed by mistake.
Note: $(TARGET_DIR)/etc/ssl/certs/ is already removed during install so
this fix also works for rebuilds.
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d07ddd8e4e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gcc does not build when the srcdir path contains a '@', because that
path is then substitued in a texi file as argument to an @include
directive. But then, the '@' in the path will start a command evaluation
of its own, thus breaking the build. For example, with a $(O) path set
to /home/ymorin/dev/buildroot/O/to@ti :
perl ../../gcc/../contrib/texi2pod.pl ../../gcc/doc/invoke.texi > gcc.pod
../../gcc/doc/invoke.texi:1678: unknown command `ti'
../../gcc/doc/invoke.texi:1678: @include: could not find /home/ymorin/dev/buildroot/O/to/build/host-gcc-initial-7.3.0/build/gcc/../../gcc/../libiberty/at-file.texi
[Peter: use findstring instead of subst/compare]
Reported-by: c32 on IRC
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7007dc2bc9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The download link was broken, former qt versions are stored into a
distinct location.
Signed-off-by: Francois Gerin <francois.gerin@essensium.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2e6cd5c2d6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2018-10873: A vulnerability was discovered in SPICE before version
0.14.1 where the generated code used for demarshalling messages lacked
sufficient bounds checks. A malicious client or server, after
authentication, could send specially crafted messages to its peer which
would result in a crash or, potentially, other impacts.
Drop patches as they are now upstream.
Add host-pkgconf as the configure script uses pkg-config. Drop removed
--disable-automated-tests configure flag.
Add optional opus support, as that is now supported and needs to be
explicitly disabled to not use. Explicitly disable optional gstreamer
support for now as the dependency tree is fairly complicated.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f33f7a4f64)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Needed by spice 0.14.x
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit de8a4b747f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The license heading in source files includes the "or any later"
language.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cfa3447a78)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
