Signed-off-by: Peter Seiderer <ps.report@gmx.net>
----
Changes v1 -> v2:
- use select instead of depends for BR2_PACKAGE_WAYLAND_PROTOCOLS
(suggested by Thomas Petazzoni)
- add select BR2_PACKAGE_WAYLAND_PROTOCOLS to missing second
place (BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_WAYLAND)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5a2d37ca12)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable wayland support (only needed for the interactive-wayland
test program). This fixes a compile failure in case wayland
support is autodetected:
GEN xdg-shell-unstable-v5-protocol.c
/bin/sh: /usr/bin/wayland-scanner: No such file or directory
Makefile:2426: recipe for target 'xdg-shell-unstable-v5-protocol.c' failed
make[3]: *** [xdg-shell-unstable-v5-protocol.c] Error 127
make[3]: *** Waiting for unfinished jobs....
GEN xdg-shell-unstable-v5-client-protocol.h
/bin/sh: /usr/bin/wayland-scanner: No such file or directory
Makefile:2428: recipe for target 'xdg-shell-unstable-v5-client-protocol.h' failed
make[3]: *** [xdg-shell-unstable-v5-client-protocol.h] Error 127
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 7665b58709)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Without this patch, it is not possible to allocate PTYs when a generated
rootfs image with a recent glibc and systemd is launched as a container on
an RHEL7 system via machinectl/systemd-nspawn. The container boots, but
`machinectl login mycontainer` fails. The culprit is /dev/pts/ptmx with
0000 perms.
On a typical system, there are two `ptmx` devices. One is provided by the
devpts at /dev/pts/ptmx and it is typically not directly accessed from
userspace. The other one which actually *is* opened by processes is
/dev/ptmx. Kernel's documentation says these days that /dev/ptmx should be
either a symlink, or a bind mount of the /dev/pts/ptmx from devpts.
When a container is launched via machinectl/machined/systemd-nspawn, the
container manager prepares a root filesystem so that the container can live
in an appropriate namespace (this is similar to what initramfs is doing on
x86 desktops). During these preparations, systemd-nspawn mounts a devpts
instance using a correct ptmxmode=0666 within the container-to-be's
/dev/pts, and it adds a compatibility symlink at /dev/ptmx. However, once
systemd takes over as an init in the container,
/lib/systemd/systemd-remount-fs applies mount options from /etc/fstab to
all fileystems. Because the buildroot's template used to not include the
ptmxmode=... option, a default value of 0000 was taking an effect which in
turn led to not being able to allocate any pseudo-terminals.
The relevant kernel option was introduced upstream in commit 1f8f1e29 back
in 2009. The oldest linux-headers referenced from buildroot's config is
3.0, and that version definitely has that commit. Mount options that are
not understood by the system are anyway ignored, so backward
compatibility is preserved.
Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas: fix commit title, adjust commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8196b299ba)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Recent versions of fakeroot have grown support for acl. We don't really
need this since we don't use acls in Buildroot. However, it turns out
that "cp -a" does something funky with acls, with the result that
fakeroot without acl support looses the ownership and permissions on
the copied file. "cp -a" may be (is even likely to be) used in a
BR2_ROOTFS_POST_FAKEROOT_SCRIPT, so we need to support this.
Note that host-acl itself depends on host-attr, so this pulls in two
extra packages in each build. The impact on build time is about 10s.
Cc: Andreas Naumann <dev@andin.de>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 2a222446b4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The acl build system doesn't use automake, therefore it is broken. It
doesn't use the CFLAGS passed by configure. Work around this by passing
CFLAGS in the environment. The makefiles append to CFLAGS, so this
works.
This issue hasn't led to build failures, but it is visible e.g. when
stack protector is enabled: the stack protector options are not applied
to acl. Also debug and optimisation options aren't applied.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 99c9b0affd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The license is actually closer to ISC than MIT, E.G.:
https://opensource.org/licenses/ISC
vs
https://opensource.org/licenses/MIT
>From COPYING:
Permission to use, copy, modify, and distribute this software and its
documentation for any purpose and without fee is hereby granted,
provided that the above copyright notice appear in all copies and that
both that copyright notice and this permission notice appear in
supporting documentation, and that the names of Digital or MIT not be
used in advertising or publicity pertaining to distribution of the
software without specific, written prior permission.
E.G. this is very similar to the normal ISC text which has been extended
with a BSD-3c style advertisinc clause. Both are permissive licenses, but
it is more correct to call it ISC-like.
Notice: As pointed out by Rahul Bedarkar, this may actually be more closely
related to the OpenBSD template license:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share/misc/license.template?rev=HEAD
But that is also based on the ISC license, so calling it ISC-like is still
correct.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aad1591852)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As noticed by Rahul Bedarkar, the cairo library is LGPLv2.1 only
(not LGPLv2.1+) or MPLv1.1.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0768932a02)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2017-2784 - Freeing of memory allocated on stack when validating a
public key with a secp224k1 curve.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 465ce2ea73)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2017-3302 - C client library for MySQL (libmysqlclient.so) has
use-after-free defect which can cause crash of applications using that MySQL
client.
CVE-2017-3313 - Difficult to exploit vulnerability allows low privileged
attacker with logon to the infrastructure where MySQL Server executes to
compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized access to critical data or complete access to all
MySQL Server accessible data.
And a number of important, but non-security related fixes:
MDEV-11842: Fix a 10.1.21 regression with failed INSERT, BEFORE INSERT
triggers, and columns with no default value
MDEV-12075: Fix a 10.1.21 regression in the InnoDB data file extension code
For details, see the release notes:
https://mariadb.com/kb/en/mariadb/mariadb-10122-release-notes/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 467b38892a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Security fixes:
- Fix several out of bounds reads in the OpenPGP parser
- Fix handling of OpenPGP reserved tag (should be rejected)
- Fix various crashes from malformed packages with invalid tags
Release notes:
http://rpm.org/wiki/Releases/4.13.0.1
This patch also switches from GitHub to rpm.org since the last one seems
to be more up-to-date.
[Peter: use RPM_VERSION_MAJOR as suggested by Jerzy Grzegorek]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7adbcd174a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If building on a machine with MATLAB installed, the MATLAB bindings will
default to ON, which is not the desired behavior for a cross build.
The bindings are designed to be called from within MATLAB, and we are
not currently running MATLAB on buildroot-generated targets.
This does not preclude the use of the bindings from a host connecting
over the network backend (assuming libiio on the host has the bindings
enabled).
Signed-off-by: Matthew Fornero <mfornero@mathworks.com>
Acked-By: Paul Cercueil <paul.cercueil@analog.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit f358078b33)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
According to src/plugins/platforms/eglfs/deviceintegration/deviceintegration.pro
depends on eglfs_gbm which depends according to src/gui/configure.json
on features.eglfs and features.gbm and features.kms, so dependency
on BR2_PACKAGE_MESA3D_OPENGL_EGL which enables mesa3d gbm support
should be sufficient.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5efe07f9af)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add egl config and QT_EGL_NO_X11 define (as all other eglfs project
files do) to src/plugins/platforms/eglfs/eglfs-plugin.pro.
Fixes ([1]):
In file included from .../host/usr/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/EGL/egl.h:39:0,
from ../../../../include/QtEglSupport/5.8.0/QtEglSupport/private/../../../../../src/platformsupport/eglconvenience/qt_egl_p.h:63,
from ../../../../include/QtEglSupport/5.8.0/QtEglSupport/private/qt_egl_p.h:1,
from api/qeglfsglobal_p.h:56,
from api/qeglfsintegration_p.h:54,
from qeglfsmain.cpp:41:
.../host/usr/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/EGL/eglplatform.h:119:22: fatal error: X11/Xlib.h: No such file or directory
compilation terminated.
Makefile.eglfs-plugin:1024: recipe for target '.obj/qeglfsmain.o' failed
make[2]: *** [.obj/qeglfsmain.o] Error 1
make[2]: Leaving directory '.../qt5base-5.8.0/src/plugins/platforms/eglfs'
Makefile:71: recipe for target 'sub-eglfs-plugin-pro-make_first-ordered' failed
make[1]: *** [sub-eglfs-plugin-pro-make_first-ordered] Error 2
[1] http://lists.busybox.net/pipermail/buildroot/2017-March/186158.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5840e8bd50)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is an issue with powerpc64le and boost::uuids::random_generator on the
following line of code (from include/boost/uuid/seed_rng.hpp):
sha.process_bytes( (unsigned char const*)&std::rand, sizeof( void(*)() ) )
This line "inspects the first couple bytes (here eight) of the std::rand
function to seed some rng. Due to the implementation of process_bytes and
inlining happening, it seems that one of the loops therein uses &rand-1 as
some boundary, compiling with -O0 makes that reloc come out as 'rand + 0' and
the link will succeed."
See: https://bugzilla.suse.com/show_bug.cgi?id=955832#c7
Fixes:
- http://autobuild.buildroot.org/results/454c0ea393615bae2d1b44be9920f25b5c49fc33
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 00d2a3da72)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, rpi-userland installs files in $(@D)/../../bin/ which is
entirely stupid, especially in cross-compilation.
Get rid of the dubious, broken, custom install command.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit ffa39b23f7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
fedorahosted.org has closed on March 1st, 2017, and we were anyway
already using github as a source for logrotate. This commit therefore
updates the Config.in help text to also use github as the upstream
site.
Signed-off-by: Julien BOIBESSOT <julien.boibessot@armadeus.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit cdb1ab8ca0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The somewhat complicated sed expression has been removed in commit
06cd604ec6 ("toolchain/external: use
-dumpversion to check gcc version"), so let's remove the comment that
was explaining this sed expression.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d9fee6b286)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, `--version` option is used and later matched with a regex to get
the actual gcc version. There's a dedicated gcc option to do exactly that:
`-dumpversion`.
Also `--version` may return a string customised by a vendor that provides
the toolchain, which makes the current regex approach error prone. In
fact, this situation has been seen with a real customised toolchain.
Signed-off-by: Krzysztof Konopko <kris@youview.com>
Signed-off-by: Tomasz Szkutkowski <tomasz.szkutkowski@youview.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 06cd604ec6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building sngrep with OpenSSL support in static linking configurations
currently fails due to undefined symbols in the OpenSSL library. It's
the usual problem with using AC_CHECK_LIB() to discover libraries
instead of the pkg-config based PKG_CHECK_MODULES().
Therefore, this commit introduces a patch that switches to using
pkg-config to discover OpenSSL. A preliminary patch is needed, without
which appending to LIBS/CFLAGS doesn't work. Both patches have been
submitted upstream.
Fixes:
http://autobuild.buildroot.net/results/911143de823b2c749ac0a59dfa06adb6ddd3de50/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit bfd273d83a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
GNUTLS-SA-2017-3A - Addressed integer overflow resulting to invalid
memory write in OpenPGP certificate parsing.
GNUTLS-SA-2017-3B - Addressed crashes in OpenPGP certificate parsing,
related to private key parser. No longer allow OpenPGP certificates
(public keys) to contain private key sub-packets.
GNUTLS-SA-2017-3C - Addressed large allocation in OpenPGP certificate
parsing, that could lead in out-of-memory condition.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6fdb2b109b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The location at ftp.csx.cam.ac.uk only stores 2 latest versions of PCRE.
This results in old (2015.11 and older currently) buildroot versions
timing out on wget several times and having to retrieve the package
from sources.buildroot.org afterwards.
Signed-off-by: Oleg Kitain <okitain@ya.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 6d7644df70)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
