Peter Korsgaard [Wed, 29 Aug 2018 16:26:35 +0000 (18:26 +0200)]
docs/website: update for 2018.02.5
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 29 Aug 2018 15:56:17 +0000 (17:56 +0200)]
Update for 2018.02.5
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit
b07116644d617a0365d70eaae57c68ca273e6183)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Giulio Benetti [Wed, 29 Aug 2018 11:54:05 +0000 (13:54 +0200)]
mender: fix ioctl build failure on powerpc64le / power8
Build fails due to missing // +build ppc64le in ioctl_64_bit.go
Add patch to append ppc64le to // +build list.
Fixes
http://autobuild.buildroot.net/results/f22/
f222b4389f9308363c386da25ec22a0919bc29fb//
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Wed, 29 Aug 2018 04:07:09 +0000 (07:07 +0300)]
json-c: drop host-autoconf dependency
It turns out that the configure script attempts to run autoheader
because the configure.ac timestamp is slightly later than that of
config.h.in. Update the config.h.in timestamp after tarball extract to
avoid autoheader run. With that we can drop the host-autoconf
dependency.
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Matt Weber [Mon, 27 Aug 2018 23:14:28 +0000 (18:14 -0500)]
Revert "package/aircrack-ng: powerpc arch requires altivec"
This reverts commit
1f3f1fb8c7324c9a50383b1cafcbd2f9d74a91f9.
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Matt Weber [Mon, 27 Aug 2018 23:14:27 +0000 (18:14 -0500)]
package/aircrack-ng: powerpc support optional ALTIVEC
This patch adds support for the powerpc arch to conditionally
check if an arch provies altivec accelerator support, similar
to other SIMD on ARM/x86.
Upstream issue: aircrack-ng/aircrack-ng#1941
Fixes
http://autobuild.buildroot.net/results/
87e82a5e8d0b1c1ff10ec3e59d25bcd56b329075
Tested against both a e6500 with Altivec and a e500 target.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Tue, 28 Aug 2018 20:59:24 +0000 (22:59 +0200)]
cutelyst: link with libatomic when needed
On some architectures, atomic binutils are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:
sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line
This is often for example the case on sparcv8 32 bit.
This atomic dependency is due to Qt >= 5.8, pkconfig can't be used as
Qt5 pc files does not mention this dependency
Fixes:
- http://autobuild.buildroot.net/results/
9e307ab9c7067b26d7b33a572204394808e25772
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Jörg Krause [Tue, 28 Aug 2018 09:23:45 +0000 (11:23 +0200)]
package/shairport-sync: add upstream patch to fix build issue with soxr
Add upstream patch to fix build issue detected by the Buildroot autobuilder:
```
arm-buildroot-linux-uclibcgnueabi/sysroot/usr//lib/libsoxr.a(soxr.c.o): In function `soxr_create':
soxr.c:(.text+0xd4c): undefined reference to `av_get_cpu_flags'
collect2: error: ld returned 1 exit status
```
A quick look at the soxr source code shows that `soxr_create()` might use
`av_get_cpu_flags()` depending on the architecture.
For the sake of simplicity link with `-lavutil` if it is found when using soxr.
Even better, as soxr provides a pkg-config file, this should be prefered.
Upstream issue: https://github.com/mikebrady/shairport-sync/issues/733
Upstream status:
5101ab2d13e2b89ea3c1276df5fb7413634eeccd
Fixes:
http://autobuild.buildroot.net/results/53d/
53d21686780aa2485745b59e812b6280dd39f1c5
http://autobuild.buildroot.net/results/605/
60576363adfca404c3a7883d5d46e8a4a9ee8171
http://autobuild.buildroot.net/results/806/
806867ab1c6f42ad1b34d44844efc57272d48235
http://autobuild.buildroot.net/results/840/
840810601fbb8a7957ea9dae175b959a7f9b7491
.. and more.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adam Duskett [Tue, 28 Aug 2018 16:31:27 +0000 (12:31 -0400)]
postgresql: security bump to 10.5
Fixes CVE-2018-10915 & CVE-2018-10925
Changelog: https://www.postgresql.org/docs/10/static/release-10-5.html
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Baruch Siach [Tue, 28 Aug 2018 14:54:47 +0000 (17:54 +0300)]
json-c: needs host-autoconf
The json-c configure script uses the autoheader utility. Use the
host-autoconf provided autoheader, as this tool is not always installed
on the host.
Fixes:
http://autobuild.buildroot.net/results/030/
030fddceda4f5bc6379f7bfcc405e92d2e24184a/
http://autobuild.buildroot.net/results/e48/
e482f174b8124ace0690a26bb7daf073fe5fcd75/
http://autobuild.buildroot.net/results/482/
4829425c38c58d9844aa07108532a93d47191d23/
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 28 Aug 2018 15:06:55 +0000 (17:06 +0200)]
docs/website: update for 2018.05.2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 28 Aug 2018 14:22:25 +0000 (16:22 +0200)]
Update for 2018.05.2
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit
4b8deaf34cca1a1c0196ab7e91ceb9720923d6aa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Tue, 28 Aug 2018 12:36:17 +0000 (15:36 +0300)]
libsoup: add upstream security fix
Fixes CVE-2018-12910: The get_cookies function in soup-cookie-jar.c in
libsoup 2.63.2 allows attackers to have unspecified impact via an empty
hostname.
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 27 Aug 2018 21:16:42 +0000 (23:16 +0200)]
mbedtls: fix x86 PIC build with GCC < 5
Fixes:
http://autobuild.buildroot.net/results/d6d/
d6dc9a640aa1f6650a3e7b9397f2fe2ae3433f4d/
http://autobuild.buildroot.net/results/ab5/
ab5a58ea7845f9f378454ee1aa7e872448618ba9/
ebx was recently added to the x86 inline asm MULADDC_STOP clobber list to
fix #1550, but this causes the build to fail with GCC < 5 when building in
PIC mode with errors like:
include/mbedtls/bn_mul.h:46:13: error: PIC register clobbered by ‘ebx’ in ‘asm’
This is because older GCC versions treated the x86 ebx register (which is
used for the GOT) as a fixed reserved register when building as PIC.
This is fixed by an improved register allocator in GCC 5+. From the release
notes:
Register allocation improvements: Reuse of the PIC hard register, instead of
using a fixed register, was implemented on x86/x86-64 targets. This
improves generated PIC code performance as more hard registers can be used.
https://www.gnu.org/software/gcc/gcc-5/changes.html
As a workaround, add a patch to detect this situation and disable the inline
assembly, similar to the MULADDC_CANNOT_USE_R7 logic.
Patch submitted upstream: https://github.com/ARMmbed/mbedtls/pull/1986
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 27 Aug 2018 16:54:04 +0000 (18:54 +0200)]
cutelyst: depends on C++11
thread-local storage is a C++11 feature available since gcc 4.8:
https://gcc.gnu.org/projects/cxx-status.html#cxx11
Fixes:
- http://autobuild.buildroot.net/results/
2963bd55cd7c33ded3e5a75fc86079acfae844c1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 27 Aug 2018 20:40:40 +0000 (22:40 +0200)]
aircrack-ng: fix build with mmx
Commit
39387fc80f90f3a9ac9ef9f3aa32da5776a0721e removed mmx support
however aircrack-ng fails to build on platforms with mmx because an
error is raised if __MMX__ is defined.
Fixes:
- http://autobuild.buildroot.net/results/
b7362b69435e9ef6fb2aedc50743e88dbd7a5c72
[Upstream status: merged
(https://github.com/aircrack-ng/aircrack-ng/pull/1943)]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Christopher McCrory [Mon, 27 Aug 2018 13:21:27 +0000 (06:21 -0700)]
php: fix build with mysqli
This fixes autobuild failures like
http://autobuild.buildroot.net/results/
3288b742cee650ee47a41c5b4d6aaef1fe67bff1
php compile breaks with:
ext/mysqlnd/mysqlnd_auth.o: In function `php_mysqlnd_scramble_sha2':
mysqlnd_auth.c:(.text+0x1054): undefined reference to `PHP_SHA256Init'
mysqlnd_auth.c:(.text+0x1064): undefined reference to `PHP_SHA256Update'
mysqlnd_auth.c:(.text+0x1070): undefined reference to `PHP_SHA256Final'
mysqlnd_auth.c:(.text+0x1078): undefined reference to `PHP_SHA256Init'
mysqlnd_auth.c:(.text+0x1088): undefined reference to `PHP_SHA256Update'
mysqlnd_auth.c:(.text+0x1094): undefined reference to `PHP_SHA256Final'
mysqlnd_auth.c:(.text+0x109c): undefined reference to `PHP_SHA256Init'
mysqlnd_auth.c:(.text+0x10ac): undefined reference to `PHP_SHA256Update'
mysqlnd_auth.c:(.text+0x10bc): undefined reference to `PHP_SHA256Update'
mysqlnd_auth.c:(.text+0x10c8): undefined reference to `PHP_SHA256Final'
It looks like the php mysqli extension needs the hash extension to work. This
seems to be a php Make dependany bug. This patch works around it until the
upstream maintainers can fix it.
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sun, 26 Aug 2018 21:40:37 +0000 (23:40 +0200)]
dropbear: add upstream security fix for CVE-2018-15599
dropbear is affected by an user enumeration vulnerability similar to the
recent issue in openssh (CVE-2018-15473). Add an upstream patch fixing the
issue.
For more details, see the discussion on the mailing list:
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002110.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Sat, 25 Aug 2018 21:46:07 +0000 (23:46 +0200)]
openpowerlink: add patch to fix musl build
This commit adds a one-liner patch that fixes the build with musl of
the openpowerlink package, caused by a missing <sys/types.h>
include. The patch has been submitted upstream.
Fixes:
http://autobuild.buildroot.net/results/
8aff5f6d7bcab616129368c1fb22026bb164e454/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Wed, 22 Aug 2018 08:28:32 +0000 (10:28 +0200)]
package/brltty: fix cross-compilation
brltty has a very inventive buildsystem, where it internall runs
./configure for the build machine In doing so, it generates a list
of make variables to define what the build machine supports, like
it does for the target.
However, the build variables are generated with a convoluted sed
script that scans the target list, and appends _FOR_BUILD to each
target variables. Then, both lists are included from the Makefile,
on the assumption that the build variables will not clash with the
target variables.
Where it gets interesting, is that that sed script considers the
variables names to match '[A-Za-z][A-Za-z0-9_]*'
And there we see why ATSPI2_PACKAGE does not match: it contains a
digit.
So, some build variables will inevitably override target ones.
Fix that by simply expanding the matching regexp to allow digits
in variable names.
Fixes:
http://autobuild.buildroot.org/results/a37/
a37782b3cfc1a96cc129db8fade20a36a7b2d470/
http://autobuild.buildroot.org/results/97e/
97edc6a47d2140968e84b409cdc960604e5896f2/
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Mario Lang <mlang@blind.guru>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yann E. MORIN [Thu, 23 Aug 2018 10:04:33 +0000 (12:04 +0200)]
docs/manual: expand on why using a branch name is not supported
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Brad Love [Fri, 24 Aug 2018 13:54:06 +0000 (08:54 -0500)]
i2c-tools: include LGPL-2.1+ license for libi2c
Extend i2c-tools SPDX identifiers to include the library license.
Also include COPYING.LGPL and README to license files.
The ic2-tools readme states:
LICENSE
Check the documentation of individual tools for licensing information.
The library is released under the LGPL version 2.1 or later, while most
tools are released under the GPL version 2 or later, but there are a few
exceptions.
Signed-off-by: Brad Love <brad@nextdimension.cc>
[Thomas: add hashes for COPYING.LGPL and README.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yann E. MORIN [Thu, 23 Aug 2018 14:40:36 +0000 (16:40 +0200)]
package/mesa3d: vulkan with x11 needs dri3
Vulcan with X11 needs DRI3, which in turn requires xlib-libxshmfence.
Fixes:
http://autobuild.buildroot.org/results/356/
35653fc6f57dc169a8aae6baedb1acd1049b50ec/
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Fri, 24 Aug 2018 12:35:17 +0000 (14:35 +0200)]
rauc: add patch to make it build with Linux < 3.0
This commit adds a patch to RAUC that makes the eMMC boot partition
support optional. This allows RAUC to build successfully on systems
using Linux < 3.0.
Fixes:
http://autobuild.buildroot.net/results/
7e1cbeb458cb6536a36eae0d24cefb36edb22f55/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Mark Corbin [Thu, 23 Aug 2018 16:19:28 +0000 (17:19 +0100)]
package/linux-headers: add help text for manual header selection
Add kconfig help text that explains how to manually specify an
official Linux version to use for the kernel headers.
Signed-off-by: Mark Corbin <mark.corbin@embecosm.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Fri, 24 Aug 2018 16:27:15 +0000 (18:27 +0200)]
mbedtls: security bump to version 2.7.5
Fixes the following security issues:
- CVE-2018-0497: Remote plaintext recovery on use of CBC based ciphersuites
through a timing side-channel
- CVE-2018-0498: Plaintext recovery on use of CBC based ciphersuites through
a cache based side-channel
For more info, see the advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Fri, 24 Aug 2018 15:01:52 +0000 (17:01 +0200)]
linux-headers: bump 4.{4, 9, 14, 17}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 24 Aug 2018 15:01:51 +0000 (17:01 +0200)]
linux: bump default to version 4.17.19
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Fri, 24 Aug 2018 04:56:14 +0000 (07:56 +0300)]
openssh: security bump to version 7.8
Fixes CVE-2018-15473: user enumeration vulnerability due to not delaying
bailout for an invalid authenticating user until after the packet
containing the request has been fully parsed.
Some OpenSSH developers don't consider this a security issue:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2018-August/037138.html
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabio Estevam [Wed, 22 Aug 2018 16:38:39 +0000 (13:38 -0300)]
linux-headers: bump 4.{4, 9, 14, 17}.x series
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabio Estevam [Wed, 22 Aug 2018 16:38:38 +0000 (13:38 -0300)]
linux: bump default to version 4.17.18
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Wed, 22 Aug 2018 20:30:08 +0000 (22:30 +0200)]
mjpegtools: fix build on powerpc without altivec
mpjegtools fails to build on powerpc without altivec:
build_sub44_mests.c: In function 'build_sub44_mests_altivec':
build_sub44_mests.c:268:9: internal compiler error: Segmentation fault
vr1 = vec_ld(rowstride, (unsigned char*)s44blk);
It seems mpjegtools is wrongly detecting altivec support:
configure: - PowerPC Optimizations:
configure: - AltiVec enabled : true
Fix this by adding BR2_PACKAGE_MJPEGTOOLS_SIMD_SUPPORT and setting
--enable-simd-accel / --disable-simd-accel
Fixes:
- http://autobuild.buildroot.net/results/
c9464712f43efb8954fd2e5460126ad193660353
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mirza Krak [Wed, 22 Aug 2018 10:54:49 +0000 (12:54 +0200)]
DEVELOPERS: add mender to Mirza Krak
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Tue, 21 Aug 2018 20:53:25 +0000 (22:53 +0200)]
package/x11r7/xlib_libX11: security bump to version 1.6.6
Fixes CVE-2018-14599, CVE-2018-14600 & CVE-2018-14598:
https://lists.x.org/archives/xorg-announce/2018-August/002915.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Tue, 21 Aug 2018 20:16:17 +0000 (22:16 +0200)]
qt5base: fix double conversion for microblazeel/microblazebe
Fixes [1]:
../3rdparty/double-conversion/include/double-conversion/utils.h:81:2: error: #error Target architecture was not detected as supported by Double-Conversion.
#error Target architecture was not detected as supported by Double-Conversion.
[1] http://autobuild.buildroot.net/results/489/
4891d96f45c64c2e66fe819bd4175cc1d6243a93
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Wed, 4 Jul 2018 21:42:57 +0000 (23:42 +0200)]
toolchain: improve musl check to support static toolchains
The check_musl function currently builds a program and verifies if the
program interpreter starts with /lib/ld-musl. While this works fine
for dynamically linked programs, this obviously doesn't work for a
purely static musl toolchain such as [1].
There is no easy way to identify a toolchain as using the musl C
library. For glibc, dynamic linking is always supported, so we look at
the dynamic linker name. For uClibc, there is a distinctive
uClibc_config.h header file. There is no such distinctive feature in
musl.
We end up resorting to looking for the string MUSL_LOCPATH, which is
used by musl locale_map.c source file. This string has been present in
musl since 2014. It certainly isn't a very stable or convincing
solution to identify the C library as being musl, but it's the best we
could find.
Note that we are sure there is a libc.a file, because the
check_unusable_toolchain function checks that there is a such a file.
[1] http://autobuild.buildroot.net/toolchains/tarballs/br-arm-musl-static-2018.05.tar.bz2
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Baruch Siach [Tue, 17 Jul 2018 11:01:43 +0000 (14:01 +0300)]
busybox: don't clobber dangling symlinks
We sometimes create dangling symlinks in the target directory. That is
because we need canonical targets, as relative targets don't work well
with BR2_ROOTFS_MERGED_USR. For example, the vim package installs the
/bin/vi symlink to /usr/bin/vim. This symlink might be dangling when the
build host has no vim installed there.
Patch the busybox install.sh script to avoid clobber of dangling
symlinks.
Fixes:
http://autobuild.buildroot.net/results/796/
796107430db6545401d9926e84f19eaf2040b756/
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Carlos Santos <casantos@datacom.com.br>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Mon, 20 Aug 2018 14:22:16 +0000 (16:22 +0200)]
pv: fix build failures when building under a path containing 'yes'
Depending on the configuration, the cpp output may contain the string 'yes'
in a comment if built under a path containing 'yes', confusing the _AIX
test:
${CROSS}-cpp conftest.h
\# 1 "conftest.h"
\# 1 "<built-in>"
\# 1 "<command-line>"
\# 31 "<command-line>"
\# 1 "/home/peko/source/buildroot/output-yes/host/x86_64-buildroot-linux-gnu/sysroot/usr/include/stdc-predef.h"
\# 32 "<command-line>" 2
\# 1 "conftest.txt"
If misdetected, the configure script adds -lc128 to LIBS, causing the
AC_CHECKS_FUNCS check for stat64 to fail, which in turn causes compilation
errors about redefinition of symbols:
In file included from ./src/include/pv-internal.h:9:0,
from src/pv/file.c:5:
./src/include/config.h:76:18: error: redefinition of 'struct stat'
# define stat64 stat
^
Fix it by only matching on 'yes' on a line by itself.
As pv doesn't cleanly autoreconf (it doesn't use automake and configure.in
is located in subdir), instead directly patch configure.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Keith Mok [Tue, 21 Aug 2018 01:29:20 +0000 (18:29 -0700)]
systemd: add optional dependency on elfutils
systemd can use elfutils when available, so this commit adds the
detection of this library.
Signed-off-by: Keith Mok <ek9852@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Hollis Blanchard [Wed, 15 Aug 2018 23:44:34 +0000 (16:44 -0700)]
download: fix file:// BR2_PRIMARY_SITE (download cache)
wget is the only downloader currently usable with BR2_PRIMARY_SITE, and that
doesn't work at all for file:// URLs. The symptoms are these:
support/download/dl-wrapper -c '2.4.47' -d '/PATH/build/sw/source/attr' -D '/PATH/build/sw/source' -f 'attr-2.4.47.src.tar.gz' -H 'package/attr//attr.hash' -n 'attr-2.4.47' -N 'attr' -o '/PATH/build/sw/source/attr/attr-2.4.47.src.tar.gz' -u file\|urlencode+file:///NFS/buildroot_dl_cache/attr -u file\|urlencode+file:///NFS/buildroot_dl_cache -u http+http://download.savannah.gnu.org/releases/attr -u http\|urlencode+http://sources.buildroot.net/attr -u http\|urlencode+http://sources.buildroot.net --
file:///NFS/buildroot_dl_cache/attr/attr-2.4.47.src.tar.gz: Unsupported scheme `file'.
ERROR: attr-2.4.47.src.tar.gz has wrong sha256 hash:
ERROR: expected:
25772f653ac5b2e3ceeb89df50e4688891e21f723c460636548971652af0a859
ERROR: got :
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ERROR: Incomplete download, or man-in-the-middle (MITM) attack
In the case of custom Linux kernel versions, this is fatal, because there isn't
necessarily a hash file to indicate that wget's empty tarball is wrong.
This seems to have been broken by commit
c8ef0c03b0b, because:
1. BR2_PRIMARY_SITE always appends "urlencode" (package/pkg-download.mk)
2. Anything with the "|urlencode" suffix in $uri will end up using wget due to
the backend case wildcarding.
3. The wget backend rejects file:/// URLs ("unsupported scheme"), and we end up
with an empty .tar.gz file in the downloads directory.
Fix that by shell-extracting the backend name from the left of "|". I'm not
positive if all URLs will have a "|", so this code only looks for a "|" left of
the "+".
Signed-off-by: Hollis Blanchard <hollis_blanchard@mentor.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Mon, 20 Aug 2018 21:47:40 +0000 (23:47 +0200)]
libssh: fix download location
The current download location fails, and Buildroot falls back to
sources.b.o:
--2018-08-20 23:41:39-- https://red.libssh.org/attachments/download/218/libssh-0.7.5.tar.xz
Resolving red.libssh.org (red.libssh.org)... 78.46.80.163
Connecting to red.libssh.org (red.libssh.org)|78.46.80.163|:443... connected.
The certificate's owner does not match hostname ‘red.libssh.org’
--2018-08-20 23:41:39-- http://sources.buildroot.net/libssh/libssh-0.7.5.tar.xz
Resolving sources.buildroot.net (sources.buildroot.net)... 104.25.211.19, 104.25.210.19, 2400:cb00:2048:1::6819:d313, ...
Connecting to sources.buildroot.net (sources.buildroot.net)|104.25.211.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 351632 (343K) [application/x-xz]
This commit fixes the download location:
--2018-08-20 23:43:04-- https://www.libssh.org/files/0.7/libssh-0.7.5.tar.xz
Resolving www.libssh.org (www.libssh.org)... 87.98.168.187, 2001:41d0:2:f80c::4
Connecting to www.libssh.org (www.libssh.org)|87.98.168.187|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 351632 (343K) [application/x-tar]
This patch is extracted from a contribution from Bernd Kuhls who was
also bumping the package at the same time
(http://patchwork.ozlabs.org/patch/959192/).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Mon, 20 Aug 2018 17:08:07 +0000 (19:08 +0200)]
mutt: fix static build with libidn2 and libunistring
When libidn2 is statically build with libunistring support, mutt needs
to add -lunistring to LIBS.
To do that, add a call to PKG_CHECK_MODULES to retrieve this information
from libidn2.pc
Fixes:
- http://autobuild.buildroot.net/results/
177da8f4798f69298db5385957184f1c53cca923
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Mon, 20 Aug 2018 16:59:29 +0000 (18:59 +0200)]
zeromq: fix build on m68k_cf
An internal compiler error is raised on m68k_cf at dwarf2cfi.c:2752 in
connect_traces. Error can be fixed by adding -fno-defer-pop, see
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58864
Fixes:
- http://autobuild.buildroot.net/results/
dad241acbe59b1c5a24a0a2f3da6b12a553aec84
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Mon, 20 Aug 2018 14:08:12 +0000 (16:08 +0200)]
package/pkg-download: quiet the dl-wrapper call
The download wrapper call is currently always being displayed, even
without V=1, which is a bit annoying. It shows something like this:
thomas@windsurf:~/projets/buildroot (master)$ make tslib-source
>>> tslib 1.16 Downloading
PATH="/home/thomas/projets/buildroot/output/host/bin:/home/thomas/projets/buildroot/output/host/sbin:/usr/local/bin:/usr/bin:/bin:/home/thomas/.rvm/bin:/usr/local/sbin:/usr/sbin:/home/thomas/.rvm/bin:/home/thomas/sys/bin:/home/thomas/.gem/ruby/2.1.0/bin:/home/thomas/.rvm/bin" BR2_DL_DIR=/home/thomas/dl BUILD_DIR=/home/thomas/projets/buildroot/output/build O=/home/thomas/projets/buildroot/output flock /home/thomas/dl/tslib/ support/download/dl-wrapper -c '1.16' -d '/home/thomas/dl/tslib' -D '/home/thomas/dl' -f 'tslib-1.16.tar.xz' -H 'package/tslib//tslib.hash' -n 'tslib-1.16' -N 'tslib' -o '/home/thomas/dl/tslib/tslib-1.16.tar.xz' -u https+https://github.com/kergoth/tslib/releases/download/1.16 -u http\|urlencode+http://sources.buildroot.net/tslib -u http\|urlencode+http://sources.buildroot.net --
Let's silence this dl-wrapper call by prepending with $(Q).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Christopher McCrory [Mon, 20 Aug 2018 11:13:02 +0000 (04:13 -0700)]
oracle-mysql: fix hostname path
MySQL detects on the build machine where the hostname program is
located, and uses this value in a number of configuration files and
scripts that are generated and installed in the target:
output/target$ grep -r "bin/hostname" *
etc/inittab:::sysinit:/bin/hostname -F /etc/hostname
usr/share/mysql/mysql.server: pid_file=$datadir/mysqlmanager-`/usr/bin/hostname`.pid
usr/share/mysql/mysql.server: server_pid_file=$datadir/`/usr/bin/hostname`.pid
usr/bin/mysql_install_db:hostname=`/usr/bin/hostname`
usr/bin/mysqld_safe: err_log=$DATADIR/`/usr/bin/hostname`.err
usr/bin/mysqld_safe: pid_file="$DATADIR/`/usr/bin/hostname`.pid"
However, the hostname on the build machine may not necessarily be at
the same location as the hostname program on the target. Buildroot has
its hostname program (coming from Busybox) in /bin, but some Linux
distributions (such as Fedora) use /usr/bin/hostname, causing the
incorrect hostname paths above.
This commit fixes that by passing the appropriate autoconf cache
variable value.
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
[Thomas: add commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Carlos Santos [Mon, 20 Aug 2018 00:12:08 +0000 (21:12 -0300)]
liburiparser: bump to version 0.8.6
Version 0.8.6 is a bugfix release including a nasty bug that has
potential to crash applications when parsing certain URIs (like
"//:%aa@", excluding quotes).
For more details please check the change log at
https://github.com/uriparser/uriparser/blob/uriparser-0.8.6/ChangeLog
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Frank Hunleth [Mon, 20 Aug 2018 16:08:37 +0000 (12:08 -0400)]
package/libconfuse: security bump to version 3.2.2
Fixes CVE-2018-14447: https://github.com/martinh/libconfuse/issues/109
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gwenhael Goavec-Merou [Mon, 20 Aug 2018 08:39:33 +0000 (10:39 +0200)]
gr-osmosdr: add host-python-cheetah dependency
Since
b7f1b030413a51637323a755cbd985b06026990e host-python-cheetah is no more a
dependency for gnuradio. So this package must be explicitly added for
gr-osmosdr.
Fix : http://autobuild.buildroot.net/results/
aa208a69996548c15d937fc7c97d267162a56c48/
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mirza Krak [Mon, 20 Aug 2018 13:09:11 +0000 (15:09 +0200)]
package/mender: set version in go linker
This is used when calling the mender client with the
-version option and it says "unknown" if not set in
linker.
Now it displays the following:
# mender -version
1.4.0
runtime: go1.10.2
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mirza Krak [Mon, 20 Aug 2018 13:09:10 +0000 (15:09 +0200)]
package/mender: update legal info
Also added license checksums in mender.hash
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mirza Krak [Mon, 20 Aug 2018 13:09:09 +0000 (15:09 +0200)]
package/mender: use inventory and identity script from upstream source
These files are part of Mender sources and no point in keeping duplicate
files locally.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mirza Krak [Mon, 20 Aug 2018 13:09:08 +0000 (15:09 +0200)]
package/mender: remove tenant.conf
Tenant Token is a configuration option that has to do with Hosted Mender,
where you you need to set this for the devices to connect to the
correct organization in a multi-tenant system.
The removal of tenant.conf usage (and /var/lib/mender/authtentoken)
was in Mender client version 1.2.0, where it was switched to be an mender.conf
option instead as the example above demonstrates. As the first version that was
integrated in Buildroot was 1.4.0, the inclusion of tenant.conf and the
creation of the symlink is not necessary.
Now it is specified as such in mender.conf:
Example:
/etc/mender/mender.conf
{
TenantToken: "very long base64 encoded string"
}
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mirza Krak [Mon, 20 Aug 2018 13:09:06 +0000 (15:09 +0200)]
package/mender: select BR2_PACKAGE_UBOOT_TOOLS_FWPRINTENV
The Mender client uses fw_printenv/fw_setenv to manipulate the U-boot
environment, e.g to change the boot candidate after a update has been
done.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mirza Krak [Mon, 20 Aug 2018 13:09:04 +0000 (15:09 +0200)]
package/mender: create directory containing Mender state script
Mender state-scripts are essentially "hooks" that can be provided to
influence the update flow.
They should be placed inside /etc/mender/scripts and the directory must
contain a file containing the current state-script format version. It is
currently "2".
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mirza Krak [Mon, 20 Aug 2018 13:09:02 +0000 (15:09 +0200)]
package/mender: provide sane values in mender.conf
The current values that are in mender.conf will actually
cause the Mender client to fail to start because of invalid
values.
Provide sane default values that at least allow the Mender client
to parse the configuration options and start running.
The values provided will actually work in a "Demo Environment",
see https://docs.mender.io/getting-started/create-a-test-environment.
Though an entry is required in /etc/hosts to resolve the URL to the
local IP address of the running demo server.
Example:
echo "192.168.0.10 docker.mender.io s3.docker.mender.io" >> \
/etc/hosts
Above is required because the demo certificate
(/etc/mender/server.crt) is created for https://docker.mender.io.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mirza Krak [Mon, 20 Aug 2018 13:09:01 +0000 (15:09 +0200)]
package/mender: fix install path for identity and inventory scripts
These scripts are used to generate the device identity and to populate
the the device inventory. The Mender client will call these and at least
the mender-device-identity is required to be present at the correct
location. Inventory scripts are there as an example and not
actually required.
Example output from identity script:
$ ./mender-device-identity
mac=de:ad:ca:fe:00:01
cpuid=
1112233
Example output from inventory script:
$ ./mender-inventory-network
mac_br-
fbfdad18c33c=02:42:7e:74:96:85
network_interfaces=br-
fbfdad18c33c
ipv4_br-
fbfdad18c33c=172.21.0.1/16
mac_enp0s25=de:ad:be:ef:bb:05
network_interfaces=enp0s25
ipv4_enp0s25=123.22.0.197/16
ipv4_enp0s25=10.20.20.105/16
ipv6_enp0s25=fe80::2aad:beff:feef:bb05/64
Inventory and device identity data is presented on the Mender server
front-end.
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yann E. MORIN [Fri, 17 Aug 2018 16:06:53 +0000 (18:06 +0200)]
boot/uboot: needs host-{flex,bison}
Recent U-Boot no longer ship the flex/bison generated kconfig parser, as
of commit
e91610da7c8a9fe42f3e5a75f06c3d1a0cb5f815 (kconfig: re-sync
with Linux 4.17-rc4).
So, add the conditional kconfig dependencies, as we just did for the
kernel.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yann E. MORIN [Fri, 17 Aug 2018 16:06:52 +0000 (18:06 +0200)]
linux: kconfig needs the toolchain
Starting with linux-4.18, the kconfig from the kernel can call
to the compiler to test its capabilities; see:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/scripts/Kconfig.include
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Jan Kundrát <jan.kundrat@cesnet.cz>
Tested-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Reviewed-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yann E. MORIN [Fri, 17 Aug 2018 16:06:51 +0000 (18:06 +0200)]
linux: host-{flex, bison} only needed for DTS
host-{flex,bison} are only needed to generate the dtc parser, so we
don't need them if the kernel does not have support for device tree.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yann E. MORIN [Fri, 17 Aug 2018 16:06:50 +0000 (18:06 +0200)]
linux: kconfig may need host-{flex, bison} to build the configurators
Rely on the system provided ones if avalable, and only resort to use our
owns if the sytem does not provide them.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Jan Kundrát <jan.kundrat@cesnet.cz>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yann E. MORIN [Fri, 17 Aug 2018 16:06:48 +0000 (18:06 +0200)]
support/dependencies: check for system-provided bison and flex
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yann E. MORIN [Sun, 19 Aug 2018 16:59:31 +0000 (18:59 +0200)]
package/bison: fix build on host with glibc-2.28
Similarly to
c48f8a6462 (package/m4: fix build on host with glibc-2.28),
backport the two fixes fromn gnulib upstream, that allows building
host-bison on systems using glibc 2.28.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reported-by: c32 on IRC
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Mon, 20 Aug 2018 08:55:03 +0000 (10:55 +0200)]
Update for 2018.08-rc2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Seiderer [Sat, 18 Aug 2018 22:42:36 +0000 (00:42 +0200)]
qt5base: fix double-conversion for or1k
Fixes [1]:
../3rdparty/double-conversion/include/double-conversion/utils.h:81:2: error: #error Target architecture was not detected as supported by Double-Conversion.
#error Target architecture was not detected as supported by Double-Conversion.
[1] http://autobuild.buildroot.net/results/
a3535cdf5e91df011a59a4b9f60d69195f5efdcb
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Sat, 18 Aug 2018 22:10:19 +0000 (00:10 +0200)]
core: drop useless assignments to BISON and FLEX
They were added back in
5432f26f0 (Adding Central config.cache options),
supposedly to be able to cache the result of configure tests, but they
were never, ever referenced anywhere in our code... Besides, we dropped
the idea of getting a configure cache long ago now (it does not work)...
They are causing spurious error messages on some distros (e.g. Fedora)
which use GNU's which (whatever package that comes from), while it is
silent on other distros (e.g. Ubuntu) which use debianutils' which.
Drop them.
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Sat, 18 Aug 2018 21:02:08 +0000 (23:02 +0200)]
python-pyqt5: add Qt 5.11 compatibility patch
This commit adds a patch to python-pyqt5 to make it build properly
against Qt 5.11.
PyQt5 is using a dual-licensing model, and the commercial company
behind it (RiverBank) only provides release tarballs, and no public
Git repository, so we cannot see the individual changes they make. By
diffing the PyQt5 5.10 and 5.11 releases, we could see that they opted
for dropping entirely support for the waitForEvents() method, rather
than keeping it for Qt < 5.11. We take the same approach in the below
patch, since this is anyway what will happen when we will bump to
PyQt5 5.11.
The patch is not Git-formatted, because there is no upstream Git
repository for this project.
Fixes:
http://autobuild.buildroot.net/results/
1f1e92374fe71a1d4343243db5f530c33db06698/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Vadim Kochan [Sun, 19 Aug 2018 13:46:56 +0000 (16:46 +0300)]
wireless_tools: Fix site URL does not work
Replace broken http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux
by https://hewlettpackard.github.io/wireless-tools.
[Peter: also adjust URL in Config.in]
Signed-off-by: Vadim Kochan <vadim.kochan@petcube.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 19 Aug 2018 13:22:17 +0000 (15:22 +0200)]
package/nodejs: security bump version to 8.11.4
Release notes:
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
Fixes CVE-2018-12115, also CVEs were fixed in included OpenSSL code
which do not use for the target build.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 19 Aug 2018 09:25:34 +0000 (11:25 +0200)]
package/ipsec-tools: add security patch to fix CVE-2016-10396
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 19 Aug 2018 06:59:32 +0000 (08:59 +0200)]
linux-headers: bump 4.{4, 9, 14, 17}.x series
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sun, 19 Aug 2018 06:59:31 +0000 (08:59 +0200)]
linux: bump default to version 4.17.17
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 18 Aug 2018 22:00:13 +0000 (00:00 +0200)]
package/bind: security bump to version 9.11.4-P1
Fixes CVE-2018-5740: https://ftp.isc.org/isc/bind9/9.11.4-P1/CHANGES
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Fri, 17 Aug 2018 16:06:49 +0000 (18:06 +0200)]
core/pkg-kconfig: allow dependencies before configurators
Some users of kconfig need some packages to be built before their
kconfig infra be used.
For example, the linux kernel, starting with 4.16, needs flex and bison
to generate the parser code. Furthermore, starting with 4.18, it will
also need the cross-compiler before parsing the kconfig stuff, because
that calls the compiler to check its features.
Currently, this is broken, even the flex/bison ones, even though they
are listed, because there is no way to define dependencie that are
guaranteed before the (visual) configurators. For example:
$ make distclean
$ make menuconfig
--> enable the linux kernel, choose a defconfig, save, exit
$ make linux-menuconfig
[...]
HOSTCC scripts/basic/fixdep
HOSTCC scripts/kconfig/conf.o
YACC scripts/kconfig/zconf.tab.c
/bin/sh: bison: command not found
LEX scripts/kconfig/zconf.lex.c
scripts/Makefile.lib:196: recipe for target 'scripts/kconfig/zconf.tab.c' failed
make[3]: *** [scripts/kconfig/zconf.tab.c] Error 127
make[3]: *** Waiting for unfinished jobs....
/bin/sh: flex: command not found
scripts/Makefile.lib:188: recipe for target 'scripts/kconfig/zconf.lex.c' failed
make[3]: *** [scripts/kconfig/zconf.lex.c] Error 127
Makefile:528: recipe for target 'rpc_defconfig' failed
make[2]: *** [rpc_defconfig] Error 2
linux/linux.mk:511: recipe for target '/home/ymorin/dev/buildroot/buildroot/output/build/linux-4.17.11/.config' failed
make[1]: *** [/home/ymorin/dev/buildroot/buildroot/output/build/linux-4.17.11/.config] Error 2
Makefile:79: recipe for target '_all' failed
make: *** [_all] Error 2
So, we introduce a new type of dependencies for kconfig-based packages,
that are guaranteed to be built and installed before the (visual)
configurators are called.
Since those dependencies are phony targets and therefore always out of
date, a normal dependency would cause the .config target to be rebuilt
on each invocation of make. So we use an order-only pre-requisite, like
is done for the patch dependency.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Jan Kundrát <jan.kundrat@cesnet.cz>
Tested-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yann E. MORIN [Fri, 17 Aug 2018 16:06:47 +0000 (18:06 +0200)]
linux: explain why we need host-{flex, bison}
The commit that added the dependency on host-{bison,flex} did
so because the pre-generated kconfig parser source files were
removed from the kernel tree, in linux-4.16.
But then, in linux-4.17, the pre-generated dtc parser source
files were in turn removed as well.
So, document the two reasons why they are needed, so we don't
accidentally remove them when we (soon) introduce the kconfig
dependencies.
(Also fix the first assignment to LINUX_DEPENDENCIES to be a
simple assignement, not an append-assignment.)
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sat, 18 Aug 2018 20:10:52 +0000 (22:10 +0200)]
boost: enable back log on powerpc with uclibc
boost-log builds fine with powerpc on uclibc nowadays so enable it back.
By removing this dependency, build failure on azmq is also fixed as this
package is currently selecting boost-log without fulfilling this
dependency
Fixes:
- http://autobuild.buildroot.net/results/
9c373d0b5a1a59e2271d71c480d55a90a67b84cb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sat, 18 Aug 2018 19:47:25 +0000 (21:47 +0200)]
boost: context needs thread without C++11 mutex
Extract from output/build/boost-1.67.0/libs/context/build/Jamfile.v2:
explicit cxx11_hdr_mutex_check ;
local cxx11_mutex = [ check-target-builds
cxx11_hdr_mutex_check "C++11 mutex"
:
: <library>/boost/thread//boost_thread
] ;
So select boost_thread if gcc <= 4.7
Fixes:
- http://autobuild.buildroot.net/results/
fb046c04fe18bec973d120e4ab33971f32ba5769
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 18 Aug 2018 15:27:07 +0000 (17:27 +0200)]
package/mariadb: security bump to version 10.1.35
Fixes CVE-2018-3064, CVE-2018-3063, CVE-2018-3058 & CVE-2018-3066:
https://mariadb.com/kb/en/library/mariadb-10135-release-notes/
Added all hashes provided by upstream.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sat, 18 Aug 2018 19:31:40 +0000 (21:31 +0200)]
libselinux: use correct name and content for patch 0004
Commit
6288409642d8368104f916bd264d2cb042942dfa ("libselinux: add
patch to fix build with gcc < 4.7") introduced a patch, but its file
name was incorrect, so it was never applied. In addition, the patch
was generated against the Git repository of SELinux, which includes
all projects, and therefore it doesn't apply to the libselinux source
code extracted from the tarball: the "libselinux/" component path
needs to be removed from the patch.
This commit fixes both problems, which should finally and really fix:
http://autobuild.buildroot.net/results/
c3272566bb808e43bb77ec59cfe596f7e0fe9a64/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Fri, 17 Aug 2018 22:10:14 +0000 (00:10 +0200)]
boost: thread needs atomic if GCC hasn't lock-free
When gcc has not always lock-free atomic ints:
- lockfree boost::atomic_flag : no
boost thread needs boost atomic:
output/host/usr/bin/nios2-linux-readelf -d output/staging/usr/lib/libboost_thread.so
Dynamic section at offset 0x2cee0 contains 32 entries:
Tag Type Name/Value
0x00000001 (NEEDED) Shared library: [libboost_system.so.1.67.0]
0x00000001 (NEEDED) Shared library: [libboost_atomic.so.1.67.0]
Fixes:
- http://autobuild.buildroot.net/results/
5a7db292f1365f27e32695527701d5b827f60092
- http://autobuild.buildroot.net/results/
413dff87f5329d3c5180167a8711cdedea5dec67
- http://autobuild.buildroot.net/results/
a7eb4cbcdbd9412c344f45336dec58c82e84dab9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Fri, 17 Aug 2018 22:10:13 +0000 (00:10 +0200)]
toolchain: add BR2_TOOLCHAIN_SUPPORTS_ALWAYS_LOCKFREE_ATOMIC_INTS hidden option
Add BR2_TOOLCHAIN_SUPPORTS_ALWAYS_LOCKFREE_ATOMIC_INTS variable and
use it in BR2_TOOLCHAIN_HAS_GCC_BUG_64735.
This new variable will be used to select boost atomic when lock-free
atomic ints are not available
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 18 Aug 2018 08:08:01 +0000 (10:08 +0200)]
package/samba4: Fix uClibc build on 64bit platforms by including stdint.h
Patch needed to be updated for samba-4.8.4
Fixes
http://autobuild.buildroot.net/results/140/
1404a594583ff192d70086ef590f924472465c89/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 18 Aug 2018 09:09:33 +0000 (11:09 +0200)]
package/php: security bump to version 7.2.9
Version 7.2.8 fixed CVE-2018-12882, CVE-2018-14883 & CVE-2018-14851:
http://www.php.net/ChangeLog-7.php#7.2.8
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 18 Aug 2018 09:09:50 +0000 (11:09 +0200)]
package/x11r7/xdriver_xf86-video-ati: fix glamor dependency
Glamor support needs egl, fix dependency after
https://git.buildroot.net/buildroot/commit/?id=
5b4bcbdafbe8e7b42d4e085a0524d70665cdbaf5
Fixes
http://autobuild.buildroot.net/results/6ac/
6acd5ad820a47fc3442d3e3a5d8d72b396fb6e41/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Fri, 17 Aug 2018 15:44:18 +0000 (17:44 +0200)]
ruby: security bump to version 2.4.4
Fixes the following security issues:
CVE-2017-17405: Command injection vulnerability in Net::FTP (2.4.3):
https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/
CVE-2017-17742: HTTP response splitting in WEBrick (2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/
CVE-2018-6914: Unintentional file and directory creation with directory
traversal in tempfile and tmpdir (2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/
CVE-2018-8777: DoS by large request in WEBrick (2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/
CVE-2018-8778: Buffer under-read in String#unpack (2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/
CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
UNIXServer and UNIXSocket (2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/
CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
(2.4.4):
https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/
Multiple vulnerabilities in RubyGems (2.4.4):
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Matt Flax [Thu, 16 Aug 2018 22:16:20 +0000 (08:16 +1000)]
eigen: Fix pkg-config file prefix error
eigen generates a pkg-config file which has a broken prefix
(@CMAKE_INSTALL_PREFIX@). This broken prefix causes an incorrect path when
other packages call pkg-config --cflags eigen.
This patch fixes the prefix in the generated eigen pc file, so projects
which depend on this pc file can now correctly find the eigen include
directory at build time.
Also correct the Cflags output to use the runtime prefix instead of the
build time STAGING_DIR, like we do elsewhere.
[Peter: drop backslashes, tweak commit message]
Signed-off-by: Matt Flax <flatmax@flatmax.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 17 Aug 2018 14:47:36 +0000 (16:47 +0200)]
python-django: security bump to version 1.11.15
Bump to the latest release of the 1.11.x LTS series as 1.10.x is no longer
supported upstream:
https://www.djangoproject.com/download/
Fixes the following security issues:
- CVE-2017-12794: Possible XSS in traceback section of technical 500 debug
page (1.11.5)
- CVE-2018-6188: Information leakage in AuthenticationForm (1.11.10)
- CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc
template filters (1.11.11)
- CVE-2018-7537: Denial-of-service possibility in truncatechars_html and
truncatewords_html template filters (1.11.11)
- CVE-2018-14574: Open redirect possibility in CommonMiddleware (1.11.15)
Also add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Fri, 17 Aug 2018 12:38:03 +0000 (14:38 +0200)]
package/m4: fix build on host with glibc-2.28
glibc-2.28 did quite some lifting in their headers, which breaks the
way some packages were detecting glibc, like gnulib.
However, packages do bundle gnulib (it was meant to be bundled),
and so does m4.
Since m4 hasn't seen the slightest commit since 2017-01-09, it is
bundling an old gnulib version, that predates glibc-2.28, and thus
breaks. It also means that upstream hasn't already fixed the issue.
Furthermore, as upstream is using a git submodule for gnulib, and
that the paths are not the same in the release tarball (in lib/)
and in the git tree (in gnulib/), we can't do a plain backport.
So, we selectively backport the two patches from gnulib upstream,
restricted to only the files that happen to be used in m4.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reported-by: c32 on IRC
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Fri, 17 Aug 2018 09:43:15 +0000 (12:43 +0300)]
dahdi-tools: unify dependencies comments
The threads dependency comment is currently shown even though the
toolchain supports threads, only because kernel build is disabled.
Merge the kernel and threads comments. This is similar to what we have
in other packages that need the kernel.
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Fri, 17 Aug 2018 09:35:44 +0000 (12:35 +0300)]
dbus: bump to version 1.2.10
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Wed, 15 Aug 2018 12:14:09 +0000 (15:14 +0300)]
cryptsetup: fix build with pre C11 toolchains
Add a patch removing a redefined typedef. Redefinition of typedef, even
to the same type, used to be illegal before C11.
Fixes:
http://autobuild.buildroot.net/results/93b/
93b300a62f2ddbad66eab08e25fc3225969f224b/
http://autobuild.buildroot.net/results/6c6/
6c6092d633400498ee5b8090733a949a9632e473/
http://autobuild.buildroot.net/results/f46/
f46ef6123b5fa92753ff534b4ef7bea3f53ac388/
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Tested-by: Hollis Blanchard <hollis_blanchard@mentor.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 17 Aug 2018 07:01:21 +0000 (09:01 +0200)]
libfuse: security bump to version 2.9.8
Fixes CVE-2018-10906 - In fuse before versions 2.9.8 and 3.x before 3.2.5,
fusermount is vulnerable to a restriction bypass when SELinux is active.
This allows non-root users to mount a FUSE file system with the
'allow_other' mount option regardless of whether 'user_allow_other' is set
in the fuse configuration. An attacker may use this flaw to mount a FUSE
file system, accessible by other users, and trick them into accessing files
on that file system, possibly causing Denial of Service or other unspecified
effects.
And additionally:
- libfuse no longer segfaults when fuse_interrupted() is called outside the
event loop.
- The fusermount binary has been hardened in several ways to reduce
potential attack surface. Most importantly, mountpoints and mount options
must now match a hard-coded whitelist. It is expected that this whitelist
covers all regular use-cases.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 16 Aug 2018 22:16:01 +0000 (00:16 +0200)]
orangepi_zero_defconfig: bump linux to 4.17.15 to include latest fixes
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 16 Aug 2018 22:16:00 +0000 (00:16 +0200)]
orangepi_zero_defconfig: bump u-boot to 2018.07 to fix build issue
u-boot 2018.01 now fails to build with the following error:
CC arch/arm/lib/asm-offsets.s
In file included from /builds/buildroot.org/buildroot/output/host/include/libfdt.h:54:0,
from /builds/buildroot.org/buildroot/output/build/uboot-2018.01/scripts/dtc/libfdt/fdt.c:54:
/builds/buildroot.org/buildroot/output/host/include/libfdt_env.h:82:24: error: redefinition of 'fdt16_to_cpu'
static inline uint16_t fdt16_to_cpu(fdt16_t x)
^~~~~~~~~~~~
In file included from /builds/buildroot.org/buildroot/output/build/uboot-2018.01/scripts/dtc/libfdt/fdt.c:51:0:
/builds/buildroot.org/buildroot/output/build/uboot-2018.01/scripts/dtc/libfdt/libfdt_env.h:81:24: note: previous definition of 'fdt16_to_cpu' was here
static inline uint16_t fdt16_to_cpu(fdt16_t x)
https://gitlab.com/buildroot.org/buildroot/-/jobs/
88314891
Fix it by bumping the u-boot version to 2018.07.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 16 Aug 2018 21:31:51 +0000 (23:31 +0200)]
orangepi_pc_defconfig: bump linux to 4.17.15 to include latest fixes
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 16 Aug 2018 21:31:50 +0000 (23:31 +0200)]
orangepi_pc_defconfig: bump u-boot to 2018.07 to fix build issue
u-boot 2018.05 now fails to build with the following error:
HOSTCC scripts/dtc/flattree.o
In file included from /builds/buildroot.org/buildroot/output/host/include/libfdt.h:54:0,
from /builds/buildroot.org/buildroot/output/build/uboot-2018.05/scripts/dtc/libfdt/fdt.c:54:
/builds/buildroot.org/buildroot/output/host/include/libfdt_env.h:82:24: error: redefinition of 'fdt16_to_cpu'
static inline uint16_t fdt16_to_cpu(fdt16_t x)
^~~~~~~~~~~~
In file included from /builds/buildroot.org/buildroot/output/build/uboot-2018.05/scripts/dtc/libfdt/fdt.c:51:0:
/builds/buildroot.org/buildroot/output/build/uboot-2018.05/scripts/dtc/libfdt/libfdt_env.h:81:24: note: previous definition of 'fdt16_to_cpu' was here
static inline uint16_t fdt16_to_cpu(fdt16_t x)
^~~~~~~~~~~~
https://gitlab.com/buildroot.org/buildroot/-/jobs/
88314886
Fix it by bumping the u-boot version to 2018.07.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Thu, 16 Aug 2018 20:45:23 +0000 (22:45 +0200)]
linux: replace shell for loop with make foreach loop
This commit replaces the loop copying out-of-tree DTS into the kernel
tree by a make foreach loop instead of a shell for loop. This allows
to error out if one of the DTS file cannot be copied (for example if
it doesn't exist).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 16 Aug 2018 20:11:39 +0000 (22:11 +0200)]
sheevaplug: add a basic readme
Describing how to update the board.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 16 Aug 2018 20:11:38 +0000 (22:11 +0200)]
sheevaplug_defconfig: bump linux to 4.14.63 to include latest fixes
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 16 Aug 2018 20:11:37 +0000 (22:11 +0200)]
sheevaplug_defconfig: bump u-boot to 2018.07 to fix build issue
u-boot 2016.05 no longer builds with the default gcc/binutils versions:
https://gitlab.com/buildroot.org/buildroot/-/jobs/
88314946
LD u-boot
fs/built-in.o: In function `read_symbol':
/builds/buildroot.org/buildroot/output/build/uboot-2016.05/fs/jffs2/mini_inflate.c:129: undefined reference to `pull_bit'
fs/built-in.o: In function `decompress_huffman':
/builds/buildroot.org/buildroot/output/build/uboot-2016.05/fs/jffs2/mini_inflate.c:159: undefined reference to `pull_bits'
/builds/buildroot.org/buildroot/output/build/uboot-2016.05/fs/jffs2/mini_inflate.c:170: undefined reference to `pull_bits'
..
/builds/buildroot.org/buildroot/output/host/bin/arm-buildroot-linux-uclibcgnueabi-ld.bfd: BFD (GNU Binutils) 2.29.1 assertion fail elf32-arm.c:9509
Makefile:1192: recipe for target 'u-boot' failed
make[1]: *** [u-boot] Error 1
make[1]: Leaving directory '/builds/buildroot.org/buildroot/output/build/uboot-2016.05'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 17 Aug 2018 05:32:07 +0000 (07:32 +0200)]
package/libopenssl: security bump to version 1.0.2p
Fixes CVE-2018-0732 & CVE-2018-0737:
https://www.openssl.org/news/vulnerabilities.html
Added upstream sha1 hash.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>