Fabrice Fontaine [Sun, 17 Feb 2019 10:01:17 +0000 (11:01 +0100)]
 
package/safeclib: fix build with gcc 7
Fixes:
 - http://autobuild.buildroot.org/results/
f4fe6bf54d213ca75bc1f16df61f8f92e648288e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yann E. MORIN [Sat, 16 Feb 2019 18:34:26 +0000 (19:34 +0100)]
 
linux: don't check hashes for user-supplied patches
We have virtually no way to know the hashes for user-supplied patches,
so we should just ignore them.
Reported-by: Simon van der Veldt <simon.vanderveldt@gmail.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Tested-by: Simon van der Veldt <simon.vanderveldt@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Angelo Compagnucci [Fri, 15 Feb 2019 21:44:10 +0000 (22:44 +0100)]
 
package/mender: fix sysv startup script
Mender is a service explicitly written for systemd and so it doesn't
fork on background, doesn't redirect outputs and doesn't create a pid
file by itself.
To make the service running correctly is therefore necessary to use the
-m switch of start-stop-daemon to create the pid file and -b option to
send the process to background.
Logging is preserved because the service will log anyway on syslog.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Angelo Compagnucci [Fri, 15 Feb 2019 21:42:53 +0000 (22:42 +0100)]
 
package/mender: fix missing /var/lib
Mender needs /var/lib directory to be available: on some configurations
/var/lib is not available and thus the mender package installation fails.
This patch does a mkdir to ensure the /var/lib directory is always
available.
Fixes:
  http://autobuild.buildroot.net/results/
d2237083a13ab7688dd2b6dc8dbcd4226ed5651a/
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Tue, 5 Feb 2019 21:41:22 +0000 (22:41 +0100)]
 
package/qt5/qt5base: handle sse2/sse3/ssse3/sse4.1/sse4.2/avx/avx2 configuration
The Qt configure auto detection (and announced runtime detection
feature) failes (see e.g. [1]), so override the configuration
with the buildroot determined settings.
[1] http://lists.busybox.net/pipermail/buildroot/2019-January/241862.html
Reported-by: David Picard <dplamp@gmx.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Wed, 13 Feb 2019 08:48:42 +0000 (09:48 +0100)]
 
DEVELOPERS: add entry for zynq_zybo_defconfig
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Wed, 13 Feb 2019 19:05:47 +0000 (20:05 +0100)]
 
package/pulseaudio: fix S50pulseaudio init script
- fix the following start warnings:
  W: [pulseaudio] main.c: Running in system mode, but --disallow-exit not set.
  W: [pulseaudio] main.c: Running in system mode, but --disallow-module-loading not set.
  N: [pulseaudio] main.c: Running in system mode, forcibly disabling SHM mode.
  N: [pulseaudio] main.c: Running in system mode, forcibly disabling exit idle time.
- fix the following stop error:
  E: [pulseaudio] main.c: Failed to kill daemon: No such process
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Fri, 15 Feb 2019 20:25:04 +0000 (21:25 +0100)]
 
package/qwt: needs qt5base gui support
In commit 
3e99c8418af904b14b01455d68c84d7b5afd261f ("package/qwt:
remove qt4 support"), the following line was incorrectly dropped:
  select BR2_PACKAGE_QT5BASE_GUI if BR2_PACKAGE_QT5
Due to this, qt5base can now be configured with widgets enabled but
gui disabled, causing the following build issue:
  ERROR: Feature 'widgets' was enabled, but the pre-condition 'features.gui' failed.
Re-introduce the proper select, but slightly simplified since only Qt5
is supported now.
Fixes:
  http://autobuild.buildroot.net/results/
c771c2d5aac3e21f908e5a118f3755dbc9301a47
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Thomas: rework commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Tue, 12 Feb 2019 22:45:47 +0000 (23:45 +0100)]
 
package/libcpprestsdk: disable samples
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Seiderer [Tue, 12 Feb 2019 20:42:30 +0000 (21:42 +0100)]
 
package/libv4l: bump version to 1.16.3
Changes since 1.16.2:
  - Makefile.am: don't use relative paths for include
  - keytable: do not install bpf protocols decoders with execute permission
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Thu, 14 Feb 2019 21:43:21 +0000 (22:43 +0100)]
 
package/madplay: add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Thu, 14 Feb 2019 21:43:20 +0000 (22:43 +0100)]
 
package/madplay: needs autoreconf
madplay uses a very old configure script.
When the toolchain lacks C++ and the build machine lacks /lib/cpp, this
old configure script fails because it can't find a C++ preprocessor that
is valid:
    checking for arm-buildroot-linux-uclibcgnueabi-g++... no
    checking whether we are using the GNU C++ compiler... no
    checking whether no accepts -g... no
    checking dependency style of no... none
    checking how to run the C++ preprocessor... /lib/cpp
    configure: error: C++ preprocessor "/lib/cpp" fails sanity check
    See `config.log' for more details.
This is yet another case that was tentatively fixed by 
bd39d11d2e
(core/infra: fix build on toolchain without C++), further amended by
4cd1ab15886 (core: alternate solution to disable C++).
However, this only works on libtool scripts that are recent enough, and
thus we need to autoreconf to get it.
We also need to patch configure.ac so that it does not fail on the
missing, GNU-specific files: NEWS, AUTHORS, and Changelog.
Finally, remove also patch on ltmain.sh and MADPLAY_LIBTOOL_PATCH=NO as
autoreconf will create an up to date ltmain.sh
Fixes:
 - http://autobuild.buildroot.org/results/
fc927de0e9a42095789fb0a631d5facf14076f6e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Fri, 15 Feb 2019 13:32:01 +0000 (14:32 +0100)]
 
package/python-django: security bump to version 2.1.7
Fixes the following security issues:
CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format()
If django.utils.numberformat.format() – used by contrib.admin as well as the
the floatformat, filesizeformat, and intcomma templates filters – received a
Decimal with a large number of digits or a large exponent, it could lead to
significant memory usage due to a call to '{:f}'.format().
To avoid this, decimals with more than 200 digits are now formatted using
scientific notation.
https://docs.djangoproject.com/en/2.1/releases/2.1.6/
2.1.6 contained a packaging error, fixed by 2.1.7:
https://docs.djangoproject.com/en/2.1/releases/2.1.7/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bartosz Golaszewski [Fri, 15 Feb 2019 09:37:56 +0000 (10:37 +0100)]
 
package/libgpiod: bump version to v1.2.1
This is a bugfix release fixing two problems with C++ bindings.
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Thu, 14 Feb 2019 10:36:19 +0000 (11:36 +0100)]
 
support/config-fragments/autobuild: use external toolchains in RISC-V configs
This commit replaces the two RISC-V configurations used for the
autobuilders to use pre-built external toolchains rather than internal
toolchains. This saves quite a bit of build time in the autobuilders,
and also allows people to reproduce build issues in a much more
efficient way, since rebuilding the toolchain is not needed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Mark Corbin <mark.corbin@embecosm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Thu, 14 Feb 2019 10:36:18 +0000 (11:36 +0100)]
 
support/config-fragments/autobuild: update all pre-built Buildroot toolchains
All toolchains have been rebuilt with Buildroot 2019.02-rc1.
Changes:
- Toolchains that were using no-longer maintained kernel headers
  versions have been changed to use a variety of newer kernel headers
  versions (4.4, 4.9 or 4.14).
- Since gcc 7.x is now the default in Buildroot, most toolchains that
  simply use the default gcc version use 7.x instead of 6.x.
- br-arm-cortex-a9-glibc uses gcc 8.x, binutils 2.31 and kernel
  headers 4.20
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Thu, 14 Feb 2019 08:41:16 +0000 (09:41 +0100)]
 
package/mosquitto: bump to version 1.5.7
Bugfix release, fixing a number of issues discovered post-1.5.6.
Drop patches as they are now included upstream.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Wed, 13 Feb 2019 21:12:41 +0000 (22:12 +0100)]
 
package/qemu: fix build of host-qemu on systems with old kernel headers
Qemu assumes that when <linux/usbdevice_fs.h> is available, it can
build its USBFS code. However, some systems have
<linux/usbdevice_fs.h>, but it doesn't provide all the definitions
that Qemu needs, causing a build failure.
In order to fix this, we introduce a Qemu patch that improves the
check that determines whether USBFS support should be enabled or not.
Fixes:
  http://autobuild.buildroot.net/results/
c4af5505f80e1e6185df70d191e85d9393df5795/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Wed, 13 Feb 2019 21:10:53 +0000 (22:10 +0100)]
 
configs/orangepi_one_plus: fix kernel headers option
Contrary to what the comment in the defconfig says, the
orangepi_one_plus_defconfig was not using the "same as kernel" option
for kernel headers, but really selecting explicitly Linux 4.18
headers, independently from the kernel version.
Except that in the mean time, BR2_KERNEL_HEADERS_4_18 has been
removed, causing a build failure due to the legacy checking:
Makefile.legacy:9: *** "You have legacy configuration in your .config! Please check your configuration.".  Stop.
This commit fixes that by using the proper
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_18 option.
Fixes:
  https://gitlab.com/buildroot.org/buildroot/-/jobs/
158295166
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Angelo Compagnucci [Wed, 13 Feb 2019 21:05:04 +0000 (22:05 +0100)]
 
package/mender: change to use release archive
Relase archive is distributed with depencies, this prevents the go
build system to download them.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 13 Feb 2019 17:05:15 +0000 (18:05 +0100)]
 
{linux, linux-headers}: bump 4.{4, 9, 14, 19, 20}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Wed, 13 Feb 2019 08:40:02 +0000 (09:40 +0100)]
 
package/efivar: needs host gcc >= 4.8
The efivar code compiled for the host machine uses
__builtin_bswap16(), which is only available starting from gcc 4.8:
  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=52624
So let's add a dependency on host gcc >= 4.8 to efivar and its unique
reverse dependency, efibootmgr.
Fixes:
  http://autobuild.buildroot.net/results/
48ba906bb6f4dc0c8af43ec11be64f7168dd62fd/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Thu, 14 Feb 2019 08:53:10 +0000 (09:53 +0100)]
 
package/docker-containerd: fix typo in uclibc dependency
Commit 
6e3f7fbc072c88ab344f2ffa39e402464b566f19 ("package/runc: add
upstream security fix for CVE-2019-5736") added a dependency of
docker-containerd to uclibc (inherited from runc), but the depends on
has a typo that makes it ineffective. Due to this, docker-containerd
can still be selected in uClibc configurations, causing runc to be
build, and failing to build due fexecve() being missing in uClibc.
Fixes:
  http://autobuild.buildroot.net/results/
64ecdb1e007106fdb05979b10b42b90591255504/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 13 Feb 2019 10:06:57 +0000 (11:06 +0100)]
 
docs/website/news.html: add 2019.02-rc1 announcement link
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Wed, 13 Feb 2019 08:03:54 +0000 (09:03 +0100)]
 
Update for 2019.02-rc1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gerome Burlats [Tue, 12 Feb 2019 22:24:13 +0000 (23:24 +0100)]
 
configs/qemu: Update defconfigs to Linux 4.19.16
Linux version are changed to 4.19.16 (LTS) for all qemu defconfigs,
except for riscv. riscv defconfigs are left unchanged because they have
a custom Linux repository causing more difficulties when upgrading to
4.19 for riscv32. And for the riscv64, it has been updated recently to
Linux 4.20 by another contributor.
Patch for arm-versatile-nommu is changed into a git format
Add cache attributes for xtensa-lx60-nommu config because the commit
https://github.com/torvalds/linux/commit/
7bb516ca5424e12b42124fab2906b6da9c81ba9c
added a new config variable for memory cache attribute:
CONFIG_MEMMAP_CACHEATTR
All these updated configs have been built successfully.
Signed-off-by: Gerome Burlats <gerome.burlats@smile.fr>
Cc: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 11 Feb 2019 22:22:02 +0000 (23:22 +0100)]
 
utils/scanpypi: protect against zip-slip vulnerability in zip/tar handling
For details, see https://github.com/snyk/zip-slip-vulnerability
Older python versions do not validate that the extracted files are inside
the target directory.  Detect and error out on evil paths before extracting
.zip / .tar file.
Given the scope of this (zip issue was fixed in python 2.7.4, released
2013-04-06, scanpypi is only used by a developer when adding a new python
package), the security impact is fairly minimal, but it is good to get it
fixed anyway.
Reported-by: Bas van Schaik <security-reports@semmle.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Christian Stewart [Tue, 12 Feb 2019 09:35:31 +0000 (01:35 -0800)]
 
docker-engine: fix runc version check warning
Fixes the startup warning from Docker:
failed to retrieve runc version: unknown output format: runc version commit ...
Introduces a patch to replace the faulty version detection logic in the Docker
engine.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Christian Stewart [Tue, 12 Feb 2019 09:35:30 +0000 (01:35 -0800)]
 
docker-engine: bump to v18.09.2
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Christian Stewart [Tue, 12 Feb 2019 09:35:29 +0000 (01:35 -0800)]
 
docker-cli: bump to v18.09.2
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Christian Stewart [Tue, 12 Feb 2019 09:35:28 +0000 (01:35 -0800)]
 
docker-containerd: bump to v1.2.3
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 10 Feb 2019 14:26:19 +0000 (15:26 +0100)]
 
package/mongodb: new package
Here is the list of the changes compared to the removed mongodb 3.3.4
version:
- Remove patch (not applicable anymore)
- Add patch (sent upstream) to fix openssl build with gcc 7 and
  -fpermissive
- Remove 32 bits x86 platforms, removed since version 3.4:
  https://docs.mongodb.com/manual/installation/#supported-platforms
- Change license: since October 2018, license is SSPL:
  - https://www.mongodb.com/community/licensing
  - https://jira.mongodb.org/browse/SERVER-38767
- gcc must be at least 5.3 so add a dependency on gcc >= 6
- Add a dependency on host-python-xxx modules:
  https://github.com/mongodb/mongo/blob/r4.0.6/docs/building.md
- Use system versions of boost, pcre, snappy, sqlite, yaml-cpp and zlib
  instead of embedded mongodb ones
- Add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 10 Feb 2019 14:26:18 +0000 (15:26 +0100)]
 
package/python-typing: add host variant
host-python-typing is needed for mongodb 4.0.6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 10 Feb 2019 14:26:17 +0000 (15:26 +0100)]
 
package/python-pyyaml: add host variant
host-python-pyyaml is needed for mongodb 4.0.6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: s/HOST_PYTHON/HOST_PYTHON_PYYAML/]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 10 Feb 2019 14:26:16 +0000 (15:26 +0100)]
 
package/libyaml: add host variant
host-libyaml is needed for host-python-pyyaml
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 12 Feb 2019 13:15:04 +0000 (14:15 +0100)]
 
package/runc: add upstream security fix for CVE-2019-5736
The vulnerability allows a malicious container to (with minimal user
interaction) overwrite the host runc binary and thus gain root-level
code execution on the host. The level of user interaction is being able
to run any command (it doesn't matter if the command is not
attacker-controlled) as root within a container in either of these
contexts:
  * Creating a new container using an attacker-controlled image.
  * Attaching (docker exec) into an existing container which the
    attacker had previous write access to.
For more details, see the advisory:
https://www.openwall.com/lists/oss-security/2019/02/11/2
The fix for this issue uses fexecve(3), which isn't available on uClibc, so
add a dependency on !uclibc to runc and propagate to the reverse
dependencies (containerd/docker-engine).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 12 Feb 2019 13:15:03 +0000 (14:15 +0100)]
 
support/testing: build a glibc toolchain for docker / docker-compose tests
runc (which is a reverse dependency of docker-engine) is about to gain a
!uclibc dependency, so move to a glibc toolchain instead.
There are currently no prebuilt x86_64 / core2 / glibc toolchains available,
so instead use the internal toolchain backend to build one.
While we are at it, drop the infra.basetest.BASIC_TOOLCHAIN_CONFIG
reference, as that ARM toolchain configuration doesn't make any sense for
this x86-64 based test.
add docker / docker-compose tests
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Tue, 12 Feb 2019 18:42:20 +0000 (20:42 +0200)]
 
package/ghostscript: add upstream security fixes
CVE-2019-6116: Remote code execution.
https://www.openwall.com/lists/oss-security/2019/01/23/5
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Tue, 12 Feb 2019 16:57:29 +0000 (18:57 +0200)]
 
package/libarchive: add upstream security fixes
CVE-2019-
1000019: Crash when parsing some 7zip archives.
CVE-2019-
1000020: A corrupted or malicious ISO9660 image can cause
read_CE() to loop forever.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Grégoire Delattre [Tue, 12 Feb 2019 17:05:15 +0000 (18:05 +0100)]
 
board/pc: fix typo in board/pc/post-build.sh
Signed-off-by: Grégoire Delattre <gregoire.delattre@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Matt Weber [Tue, 12 Feb 2019 14:36:30 +0000 (08:36 -0600)]
 
package/sqlcipher: force libopenssl
v3.2.0 has a bug in the configure step which causes it to fail when being
built against libressl. As libopenssl is selected as the default, the
autobuilders have not uncovered this failure. The issue has been confirmed
in LTS 2018.02.10 (probably broken prior to that as well) and is not
related to the Openssl bump to 1.1.x.
Thread with more details
http://lists.busybox.net/pipermail/buildroot/2019-February/243133.html
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Tue, 12 Feb 2019 13:28:27 +0000 (15:28 +0200)]
 
package/jpeg-turbo: add upstream security fixes
CVE-2018-20330: Integer overflow causing segfault occurred when
attempting to load a BMP file with more than 1 billion pixels using the
`tjLoadImage()` function.
CVE-2018-19664: Buffer overrun occurred when attempting to decompress a
specially-crafted malformed JPEG image to a 256-color BMP using djpeg.
Cc: Murat Demirten <mdemirten@yh.com.tr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach [Tue, 12 Feb 2019 12:13:04 +0000 (14:13 +0200)]
 
openssh: add upstream security fixes
CVE-2019-6109: Due to missing character encoding in the progress
display, a malicious server (or Man-in-The-Middle attacker) can employ
crafted object names to manipulate the client output, e.g., by using
ANSI control codes to hide additional files being transferred. This
affects refresh_progress_meter() in progressmeter.c.
CVE-2019-6111: Due to the scp implementation being derived from 1983
rcp, the server chooses which files/directories are sent to the client.
However, the scp client only performs cursory validation of the object
name returned (only directory traversal attacks are prevented). A
malicious scp server (or Man-in-The-Middle attacker) can overwrite
arbitrary files in the scp client target directory. If recursive
operation (-r) is performed, the server can manipulate subdirectories as
well (for example, to overwrite the .ssh/authorized_keys file).
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 12 Feb 2019 18:57:58 +0000 (19:57 +0100)]
 
CHANGES: add recent changes
In preparation for 2019.02-rc1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Mon, 11 Feb 2019 19:35:16 +0000 (20:35 +0100)]
 
package/libva-utils: fix build failure when x11 support is disabled
Fixes
http://autobuild.buildroot.net/results/2f8/
2f89e41f79e8bec1c0561b486ae5750fc87a6320/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 10 Feb 2019 13:51:30 +0000 (14:51 +0100)]
 
package/sg3_utils: ensure to build against librt when needed
The sg3_utils has provisions to build against librt when needed, but
forgot to use that mechanism for the sg_turs program. This commit
fixes that. The patch has been submitted upstream to the sg3_utils
author.
Fixes:
  http://autobuild.buildroot.net/results/
67b890a41d05497820ea4f44e187257dd6818b0b/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Fri, 8 Feb 2019 20:46:56 +0000 (21:46 +0100)]
 
package/libupnp18: fix static linking with mpd
- Add a call to PKG_CHECK_MODULES in configure.ac to get openssl
  libraries and its dependencies if openssl support is enabled
- Add OPENSSL_LIBS to libupnp.pc.in so that applications linking with
  pupnp (such as mpd) will be able to retrieve openssl libraries
Fixes:
 - http://autobuild.buildroot.org/results/
a4148e516070b79816769f3443fc24d6d8192073
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Matt Weber [Wed, 6 Feb 2019 12:09:18 +0000 (06:09 -0600)]
 
package/sqlcipher: add OpenSSL 1.1.x compatibility
Fixes
http://autobuild.buildroot.net/results/5e2/
5e2c3178d8a6e11b1af1c37144737097730ba222/
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas De Schampheleire [Fri, 8 Feb 2019 20:50:41 +0000 (21:50 +0100)]
 
package/opentracing-cpp: needs dynamic library support
opentracing-cpp requires dlfcn.h from src/dynamic_load_unix.cpp.
This file is compiled unconditionally.
Disable opentracing-cpp on BR2_STATIC_LIBS configurations.
Fixes: http://autobuild.buildroot.net/results/454173aef9ff7c808294a974088d7682cad240a8/
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Sun, 10 Feb 2019 17:27:39 +0000 (18:27 +0100)]
 
package/brcm-patchram-plus: bump to version 
95b7b6916d661a4da3f9c0adf52d5e1f4f8ab042
- Remove patch (already in version)
- Use COPYING as license file as COPYING has been fixed by:
  https://github.com/AsteroidOS/brcm-patchram-plus/commit/
95b7b6916d661a4da3f9c0adf52d5e1f4f8ab042
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yann E. MORIN [Sun, 10 Feb 2019 15:48:15 +0000 (16:48 +0100)]
 
package/googlefontdirectory: better solution to avoid check-package warning
Rather than tell check-package to ignore a false-positive issue, just
avoid the issue to begin with, by using an intermediate variable to
construct the list of licenses.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 10 Feb 2019 13:18:59 +0000 (14:18 +0100)]
 
package/brcm-patchram-plus: fix license file hash
Commit 
684bcc45e52a8300a2115799e96017b180695a14
("package/brcm-patchram-plus: fix build on sparc") added a patch that
modifies the src/main.c file, without paying attention to the fact
that this file is used as the license file for the package, and
therefore the .hash had to be updated at the same time. This commit
updates the license file hash as needed. There are obviously no
licensing related changes in the SPARC build fixes.
Fixes:
  http://autobuild.buildroot.net/results/
083ce1c3100b10e40480e6330ce0c29dde51f5e0/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Mon, 4 Feb 2019 19:13:28 +0000 (20:13 +0100)]
 
package/systemd: add optional bash-completion dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Mon, 4 Feb 2019 19:13:27 +0000 (20:13 +0100)]
 
package/systemd: add optional cryptsetup dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Mon, 4 Feb 2019 19:13:26 +0000 (20:13 +0100)]
 
package/systemd: add optional valgrind dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 9 Feb 2019 16:28:14 +0000 (17:28 +0100)]
 
package/clamav: needs wchar
Fixes
http://autobuild.buildroot.net/results/77c/
77cd536a0fab78eabe27e055d28db2da354008d7/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sun, 10 Feb 2019 10:04:13 +0000 (11:04 +0100)]
 
package/{mesa3d, mesa3d-headers}: bump version to 18.3.3
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sun, 10 Feb 2019 10:03:13 +0000 (11:03 +0100)]
 
package/libva-utils: bump version to 2.4.0
Removed patch 0002, applied upstream.
Follow upstream switch of release tarball to bz2 and new location.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Chris Packham [Sun, 10 Feb 2019 08:07:32 +0000 (21:07 +1300)]
 
package/gst1-shark: select BR2_PACKAGE_GSTREAMER1_GST_DEBUG
gst-shark needs gstreamer to be compiled with debugging support enabled.
Make this selection automatically when the gst-shark package is
selected.
Fixes:
 - http://autobuild.buildroot.net/results/
09b894b0775df2dd87d8fb2d53c6a243d8668aba/
 - and many more
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adrian Perez de Castro [Sat, 9 Feb 2019 14:07:40 +0000 (16:07 +0200)]
 
package/webkitgtk: security bump to version 2.22.6
This is a maintenance release of the current stable WebKitGTK+ version,
which contains security fixes for CVE identifiers: CVE-2019-6212,
CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, CVE-2019-6226,
CVE-2019-6227, CVE-2019-6229, CVE-2019-6233, and CVE-2019-6234.
Additionally, it contains a few minor fixes.
Release notes can be found in the announcement:
  https://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html
More details on the issues covered by securit fixes can be found
in the corresponding security advisory:
  https://webkitgtk.org/security/WSA-2019-0001.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 9 Feb 2019 16:19:53 +0000 (17:19 +0100)]
 
package/libopenssl: add runtime fixes for tor
For details see https://bugs.archlinux.org/task/61623
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sat, 9 Feb 2019 18:20:58 +0000 (19:20 +0100)]
 
package/mosquitto: security bump to version 1.5.6
Fixes the following security issues:
CVE-2018-12551: If Mosquitto is configured to use a password file for
authentication, any malformed data in the password file will be treated as
valid. This typically means that the malformed data becomes a username and
no password.  If this occurs, clients can circumvent authentication and get
access to the broker by using the malformed username.  In particular, a
blank line will be treated as a valid empty username.  Other security
measures are unaffected.  Users who have only used the mosquitto_passwd
utility to create and modify their password files are unaffected by this
vulnerability.  Affects version 1.0 to 1.5.5 inclusive.
CVE-2018-12550: If an ACL file is empty, or has only blank lines or
comments, then mosquitto treats the ACL file as not being defined, which
means that no topic access is denied.  Although denying access to all topics
is not a useful configuration, this behaviour is unexpected and could lead
to access being incorrectly granted in some circumstances.  Affects versions
1.0 to 1.5.5 inclusive.
CVE-2018-12546: If a client publishes a retained message to a topic that
they have access to, and then their access to that topic is revoked, the
retained message will still be delivered to future subscribers.  This
behaviour may be undesirable in some applications, so a configuration option
check_retain_source has been introduced to enforce checking of the retained
message source on publish.
Add two upstream post-1.5.6 patches to fix a build error in the bridge code
when ADNS is enabled and when building with older toolchains not defaulting
to C99 mode.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Sat, 9 Feb 2019 17:25:19 +0000 (18:25 +0100)]
 
package/php: security bump to version 7.3.2
Rebased patch 0004.
This bump fixes https://bugs.php.net/bug.php?id=77369,
status of CVE-ID: needed
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas De Schampheleire [Tue, 5 Feb 2019 16:09:59 +0000 (17:09 +0100)]
 
package/xenomai: move arch restriction to Cobalt core, no restriction for Mercury
Xenomai has two mutually exclusive cores:
- Cobalt: dual-kernel approach: patched kernel + userland
- Mercury: only userland
In the Cobalt core, not all architectures are supported. This is the source
of the existing ARCH_SUPPORTS variable.
In the Mercury core, there is no imposed architecture restriction.
Rename the XENOMAI_ARCH_SUPPORTS flag to XENOMAI_COBALT_ARCH_SUPPORTS and
move its check from the Xenomai package to the Cobalt core.
Nevertheless, even for Mercury, there are some restrictions:
- pthread_atfork is used, which requires an MMU
- sync functions like __sync_sub_and_fetch and __sync_add_and_fetch are
  expected.
As the corresponding 'linux extension' selects Xenomai, we add the
MMU and sync dependencies there too. They may or may not already be covered
by XENOMAI_COBALT_ARCH_SUPPORTS flag.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Sat, 9 Feb 2019 10:11:38 +0000 (11:11 +0100)]
 
package/libopenssl: renumber patches
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Fri, 8 Feb 2019 22:38:56 +0000 (23:38 +0100)]
 
package/brcm-patchram-plus: fix build on sparc
On SPARC, the definitions of 
B2500000, 
B3000000, 
B3500000 and 
B4000000
are not necessarily available, so use those values only if defined in
the kernel headers.
It fixes SPARC build failures such as:
main.c:382:13: error: '
B2500000' undeclared here (not in a function)
  { 
2500000, 
B2500000 },
             ^~~~~~~~
main.c:383:13: error: '
B3000000' undeclared here (not in a function)
  { 
3000000, 
B3000000 },
             ^~~~~~~~
main.c:385:13: error: '
B3500000' undeclared here (not in a function)
  { 
3500000, 
B3500000 },
             ^~~~~~~~
main.c:386:13: error: '
B4000000' undeclared here (not in a function)
  { 
4000000, 
B4000000 }
Fixes:
 - http://autobuild.buildroot.org/results/
f7012c08c935c3a6ccae50b84170190af5cd5cba
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Matt Weber [Fri, 8 Feb 2019 18:46:59 +0000 (12:46 -0600)]
 
package/libopenssl: m68x use SMALL_FOOTPRINT mode
OPENSSL_SMALL_FOOTPRINT mode selects alternate paths in the sha512 and
blake2 algorithms which resolves a assembler issue like the following.
/tmp/ccfnLhKQ.s: Assembler messages:
/tmp/ccfnLhKQ.s:11167: Error: value -32790 out of range
make[2]: *** [crypto/blake2/blake2b.o] Error 1
This issue was found after the OpenSSL1.1.x bump.
Fixes
http://autobuild.buildroot.net/results/
533e817695cde321b725145112cfd83c092d9d75
Upstream ticket
https://github.com/openssl/openssl/issues/8190
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 8 Feb 2019 14:04:11 +0000 (15:04 +0100)]
 
package/mosquitto: fix comments
The toplevel mosquitto comment should go after the sub options to ensure
they get indented, and the broker comment should be hidden if mosquitto
isn't enabled.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Arnout Vandecappelle (Essensium/Mind) [Fri, 8 Feb 2019 12:48:04 +0000 (13:48 +0100)]
 
docs/website: correct association e-mail address
It is buildroot-association@buildroot.org, not @lists.buildroot.org.
Reported-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Thomas Petazzoni [Fri, 8 Feb 2019 12:01:24 +0000 (13:01 +0100)]
 
configs/rock64: needs U-Boot pylibfdt
The build currently fails with:
*** dtoc needs the Python libfdt library. Either
*** install it on your system, or try:
***
*** sudo apt-get install swig libpython-dev
***
*** to have U-Boot build its own version.
Adding BR2_TARGET_UBOOT_NEEDS_PYLIBFDT should fix this build issue,
which was reported at:
  https://gitlab.com/buildroot.org/buildroot/-/jobs/
158295223
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Fri, 8 Feb 2019 12:08:31 +0000 (13:08 +0100)]
 
configs/orangepi_lite2: fix kernel headers option
Contrary to what the comment in the defconfig says, the
orangepi_lite2_defconfig was not using the "same as kernel" option for
kernel headers, but really selecting explicitly Linux 4.18 headers,
independently from the kernel version.
Except that in the mean time, BR2_KERNEL_HEADERS_4_18 has been
removed, causing a build failure due to the legacy checking:
Makefile.legacy:9: *** "You have legacy configuration in your .config! Please check your configuration.".  Stop.
This commit fixes that by using the proper
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_18 option.
Fixes:
  https://gitlab.com/buildroot.org/buildroot/-/jobs/
158295163
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Fri, 8 Feb 2019 10:59:04 +0000 (11:59 +0100)]
 
package/intel-gmmlib: fix license file and add hash
The license file is not named COPYING, but LICENSE.md. While we're at
it, we add the hash of the license file.
Fixes:
  http://autobuild.buildroot.net/results/
09e4c14effe58ec2bc6f3deede7cc17ae6590767/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Matt Weber [Tue, 5 Feb 2019 19:23:38 +0000 (13:23 -0600)]
 
packages: update sysv S* scripts to 644
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Fri, 8 Feb 2019 09:51:16 +0000 (10:51 +0100)]
 
docs/website: fix Paypal account address
As noticed by Yann E. Morin, the address of the Paypal account is
@buildroot.org, not @lists.buildroot.org.
Reported-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yann E. MORIN [Wed, 6 Feb 2019 14:37:51 +0000 (15:37 +0100)]
 
core/pkg-infra: restore completeness of packages files lists
In commit 
7fb6e782542f (core/instrumentation: shave minutes off the
build time), the built stampfile is used as a reference to detect files
installed by a package.
However, packages may install files keeping their mtime intact, and we
end up not detecting this. For example, the internal skeleton package
will install (e.g.) /etc/passwd with an mtime of when the file was
created in $(TOP_DIR), which could be the time the git repository was
checked out; that mtime is always older than the build stamp file, so
files installed by the skeleton package are never accounted for to that
package, or to any other package for that matters.
We switch to an alternate solution, which consists of storing some extra
metadata per file, so that we can more reasily detect modifications to
the files. Then we compare the state before the package is installed (by
reusing the existing list) and after the package is installed, compare
that to list any new file or modified files (in reality, ignoring
untouched and removed files). Finally, we store the file->package
association in the global list and store the new stat list as the global
list.
The format used for the .stat file is:
mtime:inode:perms:filetype:size,filename
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Cc: Trent Piepho <tpiepho@impinj.com>
[Peter: rename files, reformat, only look for files and symlinks and pass
	LC_ALL=C to comm as pointed out by Thomas De Schampheleire]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Thu, 7 Feb 2019 22:09:12 +0000 (23:09 +0100)]
 
docs/website: add page for the Buildroot Association
For about two years, a legal entity called "Buildroot Association" was
created in France to support the Buildroot project. Until fall 2018,
this legal entity has not been used. In fall 2018, we started using it
in order to receive donations from companies in order to organize the
Buildroot Developers Meeting that took place before the Embedded Linux
Conference Europe 2018 in Edinburgh.
This commit creates a new page on our web site that documents the
existence of this Buildroot Association, and details how to become a
member. Both individuals and companies can become members.
It is worth stating that the Buildroot Association does not control
the Buildroot project: it remains a fully open-source and
community-driven project. The Buildroot Association only serves as a
legal entity to handle donations and money needed to organize the
Buildroot Developers Meeting, and pay for a few expenses related to
the project (such as domain names).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Arnout: small improvements]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Matt Weber [Wed, 6 Feb 2019 20:16:03 +0000 (14:16 -0600)]
 
package/gnuradio: disable xml document generation
Fixes
http://autobuild.buildroot.net/results/f94/
f941d84c781b524530770f5b9360863a821e8ba1/
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Carlos Santos [Fri, 31 Aug 2018 02:24:12 +0000 (23:24 -0300)]
 
configs/pc: fix grub-efi.cfg permissions
It does not need the execute bits.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Thu, 7 Feb 2019 20:21:05 +0000 (21:21 +0100)]
 
package/tpm2-tss: fix build with gcc <= 4.8
Fixes:
 - http://autobuild.buildroot.org/results/
8d7b6dad6602fe67338abc696bc4752dda8e9717
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Arnout Vandecappelle (Essensium/Mind) [Thu, 7 Feb 2019 21:04:26 +0000 (22:04 +0100)]
 
support/scripts/pkg-stats: fix flake8 errors
Fixes the following flake8 warnings:
support/scripts/pkg-stats:34:2: W605 invalid escape sequence '\$'
support/scripts/pkg-stats:34:4: W605 invalid escape sequence '\('
support/scripts/pkg-stats:34:11: W605 invalid escape sequence '\$'
support/scripts/pkg-stats:34:13: W605 invalid escape sequence '\('
support/scripts/pkg-stats:34:32: W605 invalid escape sequence '\)'
support/scripts/pkg-stats:34:34: W605 invalid escape sequence '\)'
support/scripts/pkg-stats:35:2: W605 invalid escape sequence '\s'
support/scripts/pkg-stats:35:14: W605 invalid escape sequence '\S'
support/scripts/pkg-stats:35:17: W605 invalid escape sequence '\s'
support/scripts/pkg-stats:42:1: E302 expected 2 blank lines, found 1
support/scripts/pkg-stats:587:133: E501 line too long (157 > 132 characters)
Note that the "invalid escape sequence" errors work because Python
leaves the \ in place if it doesn't recognise the escape sequence. But
it's better practice to use a raw string for regular expressions.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Peter Korsgaard [Thu, 7 Feb 2019 18:50:00 +0000 (19:50 +0100)]
 
package/mongodb: remove package
Fixes:
http://autobuild.buildroot.net/results/dd4/
dd412fae45a84e44e7e6a49f8cdb124d0851c1df/
The mongodb version used (3.3.4) is no longer supported by upstream and
fails to build with openssl 1.1.1x.  On top of that it uses internal copies
of boost, pcre and zlib instead of the system ones.
Bumping the version to 3.4.19 (which is still supported until September
2019) has been tried, but it:
- No longer builds for 32bit ARM
- Doesn't build without extra patches, E.G.:
  https://git.openembedded.org/meta-openembedded/tree/meta-oe/recipes-support/mongodb/mongodb/0002-d_state.cpp-Add-missing-dependenncy-on-local_shardin.patch?h=rocko
- Doesn't build with the system version of boost (1.69.0)
- Also fails to build with openssl-1.1.1x
So it looks like mongodb needs to be bumped to the 3.6.x series (which
changes the license to the SSPL) - Or simply dropped.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Thu, 7 Feb 2019 08:07:35 +0000 (09:07 +0100)]
 
package/googlefontdirectory: silence false positive check-package warning
check-package OverriddenVariable check believes we are overriding the
value of GOOGLEFONTDIRECTORY_LICENSE, but in fact we are not. Let's
tell check-package not to complain about this.
Fixes:
package/googlefontdirectory/googlefontdirectory.mk:28: unconditional override of variable GOOGLEFONTDIRECTORY_LICENSE previously conditionally set
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Wed, 6 Feb 2019 21:22:05 +0000 (22:22 +0100)]
 
package/openocd: fix indentation of Config.in help text
Fixes the following check-package warnings:
package/openocd/Config.in:20: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)
package/openocd/Config.in:21: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Wed, 6 Feb 2019 21:21:15 +0000 (22:21 +0100)]
 
boot/uboot: fix order of Config.in properties
Fixes the following check-package warning:
boot/uboot/Config.in:185: attributes order: type, default, depends on, select, help (http://nightly.buildroot.org/#_config_files)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Michał Łyszczek [Wed, 6 Feb 2019 16:20:34 +0000 (17:20 +0100)]
 
configs/rock64: new defconfig
Configuration contains:
  - building tpl, spl and u-boot (forked u-boot repository)
  - booting from SD card and network via PXE
  - working ethernet, usb and uart
  - minimal rootfs with busybox
  - ready to flash SD card image
Signed-off-by: Michał Łyszczek <michal.lyszczek@bofc.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Wed, 6 Feb 2019 16:54:35 +0000 (17:54 +0100)]
 
package/libcurl: security bump to version 7.64.0
Fixes the following security issues:
CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
https://curl.haxx.se/docs/CVE-2018-16890.html
CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
https://curl.haxx.se/docs/CVE-2019-3822.html
CVE-2019-3823: SMTP end-of-response out-of-bounds read
https://curl.haxx.se/docs/CVE-2019-3823.html
The copyright year changed in the COPYING file, so update the hash.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Wed, 6 Feb 2019 17:45:29 +0000 (18:45 +0100)]
 
package/gerbera: bump to version 1.3.0
- Remove patch (already in version)
- Add a dependency to gcc >= 7 for C++17 optional feature:
  https://github.com/gerbera/gerbera/commit/
ae8192ddf37cec2c78ec578a5d627b2d89fa90f5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Chris Lesiak [Wed, 6 Feb 2019 16:36:39 +0000 (16:36 +0000)]
 
package/openssh: Add sysusers.d snippet
Whether using the new sysusers.d snippet, or adding an entry to
/etc/password, set the service's home directory to /var/empty.
See README.privsep included as part of the openssh distribution.
Signed-off-by: Chris Lesiak <chris.lesiak@licor.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Gary Bisson [Wed, 16 May 2018 15:52:01 +0000 (17:52 +0200)]
 
weston: add weston-imx variant when using imx-gpu-viv
This variant contains various optimizations for i.MX processors.
For instance, on i.MX6/7 devices with GPU, the gl-renderer needs to be
enabled for the fbdev-backend which was removed from upstream weston
long time ago.
Also, weston-imx adds support for G2D which is enabled by default, this
patch makes sure to disable it when imx-gpu-g2d isn't selected.
The tag version rel_imx_4.9.51_8mq_ga proved to work fine on both
i.MX6Q/DL and i.MX8MQ processors.
Here are the commands used to start weston on i.MX6Q:
- Using 3D GPU (gl-renderer):
 # weston --tty=1 --device=/dev/fb0
- Using 2D GPU (G2D):
 # weston --tty=1 --device=/dev/fb0 --use-g2d=1
Upstream repository:
https://source.codeaurora.org/external/imx/weston-imx/
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: add comment why no --enable option is passed]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Carlos Santos [Sat, 29 Sep 2018 03:16:09 +0000 (00:16 -0300)]
 
configs/pc_x86_64_efi: use a GPT partition table
Since all EFI-based systems support GPT, this commit changes
pc_x86_64_efi to use a GPT partition table. It shows an example of how
to craft a disk image with GPT partitioning instead of MBR. This is
achieved by means of a post-image script which uses
mkdosfs+mcopy+sfdisk, since genimage is unable to deal with GPT. Long
term, it would be ideal if genimage had GPT support, but until then,
this script shows how to achieve creating a GPT-based disk image.
The script was kept as simple as possible to make it easy to understand
and adapt for other purposes.
The root filesystem location is passed to the kernel by a partition
UUID, so it is possible to boot on QEMU, directly from the disk image,
or dump the image to a physical device.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Acked-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Lionel Orry [Thu, 11 Oct 2018 09:57:55 +0000 (11:57 +0200)]
 
package/pkg-cmake: <pkg>_SUBDIR cleanup
No functional change is brought by this modification.
This patch removes redundant <pkg>_SRCDIR declaration
  (already defined in pkg-generic.mk)
Signed-off-by: Lionel Orry <lionel.orry@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Lionel Orry [Thu, 11 Oct 2018 09:57:54 +0000 (11:57 +0200)]
 
package/pkg-python: <pkg>_SUBDIR cleanup
No functional change is brought by this modification.
This patch:
* removes redundant <pkg>_SRCDIR and <pkg>_BUILDDIR declarations
  (already defined in pkg-generic.mk)
* documents the usage of <pkg>_SUBDIR in the python-specific section of
  the manual.
Signed-off-by: Lionel Orry <lionel.orry@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Lionel Orry [Thu, 11 Oct 2018 09:57:53 +0000 (11:57 +0200)]
 
package/pkg-meson: <pkg>_SUBDIR cleanup
No functional change is brought by this modification.
This patch:
* removes a redundant <pkg>_SRCDIR declaration (already defined in
  pkg-generic.mk)
* documents the usage of <pkg>_SUBDIR in the meson-specific section of
  the manual.
Signed-off-by: Lionel Orry <lionel.orry@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Lionel Orry [Thu, 11 Oct 2018 09:57:52 +0000 (11:57 +0200)]
 
package/pkg-waf: add support for <pkg>_SUBDIR
In the Buildroot manual, it is specified that the Waf-based
infrastructure supports the <pkg>_SUBDIR variable, which was not true.
This patch:
* makes use of this variable by changing to the given sub-directory
  before executing waf commands,
* documents the usage of <pkg>_SUBDIR in the waf-specific section of
  the manual.
Signed-off-by: Lionel Orry <lionel.orry@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Lionel Flandrin [Tue, 5 Feb 2019 10:28:14 +0000 (11:28 +0100)]
 
package/python-pyzmq: enable draft APIs when supported by ZeroMQ
This doesn't introduce a new config flag, instead it just automatically enables
draft support if it's configured in the zeromq package itself.
Signed-off-by: Lionel Flandrin <lionel@svkt.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Lionel Flandrin [Tue, 5 Feb 2019 10:28:13 +0000 (11:28 +0100)]
 
package/zeromq: allow building with draft APIs enabled
Signed-off-by: Lionel Flandrin <lionel@svkt.org>
[Thomas: add explicit --disable-drafts]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Carlos Santos [Mon, 7 May 2018 14:44:31 +0000 (11:44 -0300)]
 
system: allow selecting merged /usr along with custom rootfs skeleton
If the user is brave enough to use a custom rootfs skeleton then we must
not prevent using merged /usr too. Actually it is already possible to do
this, although indirectly, by selecting BR2_INIT_SYSTEMD.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Carlos Santos [Mon, 7 May 2018 14:44:30 +0000 (11:44 -0300)]
 
Makefile: allow rootfs overlays to override symbolic links
Since commit 
0db34529f48 we use rsync with the --keep-dirlinks option to
prevent overlays from accidentally overwriding /{usr,bin,sbin,lib} links
when BR2_ROOTFS_MERGED_USR option is enabled. Unfortunately this also
prevents replacing a symlink by a directory on purpose (e.g. /var/log,
to persist system logs).
Steps to reproduce:
- enable BR2_ROOTFS_MERGED_USR and BR2_PACKAGE_SKELETON_INIT_SYSV
- mkdir some_path/rootfs-overlay/var/log
- enable BR2_ROOTFS_OVERLAY="some_path/rootfs-overlay"
- run 'make'
- 'target/var/log' is still a symlink to '../tmp', not a directory
The --keep-dirlinks option can be dropped, since we run sanity checks
on overlays. Now the rsync invocation is identical to the SYSTEM_RSYNC
logic we have in system/system.mk, so use that variable.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Carlos Santos [Mon, 7 May 2018 14:44:29 +0000 (11:44 -0300)]
 
Makefile: check rootfs overlays with BR2_ROOTFS_MERGED_USR enabled
Add a step to target-finalize that checks each rootfs overlay, following
the criteria established for custom skeletons and using the same script
uesd by skeleton-custom.mk.
Add a paragraph to the documentation clarifying that rootfs overlays
don't need to contain /bin, /lib or /sbin and must not contain them when
BR2_ROOTFS_MERGED_USR is enabled.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Carlos Santos [Mon, 7 May 2018 14:44:28 +0000 (11:44 -0300)]
 
skeleton-custom: install /bin, /lib, and /sbin
skeleton-custom does not install the required /bin, /lib and /sbin
directories (or symlinks), which may result in an imcomplete tree, The
user could add the required directories/symlinks to the skeleton but
they may be invalid, depending on the state of BR2_ROOTFS_MERGED_USR.
Steps to reproduce:
- Enable BR2_ROOTFS_MERGED_USR and BR2_INIT_SYSTEMD
- Set BR2_ROOTFS_SKELETON_CUSTOM_PATH to "system/skeleton"
- Run "make skeleton"
- target/{bin.lib,sbin} will not exist
Add calls to SYSTEM_USR_SYMLINKS_OR_DIRS to INSTALL_TARGET_CMDS and
INSTALL_STAGING_CMDS, so the required directories or symlinks are
created.
Add a paragraph to the documentation clarifying that custom skeletons
don't need to contain /bin, /lib or /sbin and must not contain them when
BR2_ROOTFS_MERGED_USR is enabled.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>