eigen generates a pkg-config file which has a broken prefix
(@CMAKE_INSTALL_PREFIX@). This broken prefix causes an incorrect path when
other packages call pkg-config --cflags eigen.
This patch fixes the prefix in the generated eigen pc file, so projects
which depend on this pc file can now correctly find the eigen include
directory at build time.
Also correct the Cflags output to use the runtime prefix instead of the
build time STAGING_DIR, like we do elsewhere.
[Peter: drop backslashes, tweak commit message]
Signed-off-by: Matt Flax <flatmax@flatmax.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e477dc19b5264c8fd01ff235dded4f148fde7a65)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump to the latest release of the 1.11.x LTS series as 1.10.x is no longer
supported upstream:
https://www.djangoproject.com/download/
Fixes the following security issues:
- CVE-2017-12794: Possible XSS in traceback section of technical 500 debug
page (1.11.5)
- CVE-2018-6188: Information leakage in AuthenticationForm (1.11.10)
- CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc
template filters (1.11.11)
- CVE-2018-7537: Denial-of-service possibility in truncatechars_html and
truncatewords_html template filters (1.11.11)
- CVE-2018-14574: Open redirect possibility in CommonMiddleware (1.11.15)
Also add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ae977e942893ac7e5c9b69418f047acae1603c27)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
glibc-2.28 did quite some lifting in their headers, which breaks the
way some packages were detecting glibc, like gnulib.
However, packages do bundle gnulib (it was meant to be bundled),
and so does m4.
Since m4 hasn't seen the slightest commit since 2017-01-09, it is
bundling an old gnulib version, that predates glibc-2.28, and thus
breaks. It also means that upstream hasn't already fixed the issue.
Furthermore, as upstream is using a git submodule for gnulib, and
that the paths are not the same in the release tarball (in lib/)
and in the git tree (in gnulib/), we can't do a plain backport.
So, we selectively backport the two patches from gnulib upstream,
restricted to only the files that happen to be used in m4.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reported-by: c32 on IRC
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c48f8a64626c60bd1b46804b7cf1a699ff53cdf3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The threads dependency comment is currently shown even though the
toolchain supports threads, only because kernel build is disabled.
Merge the kernel and threads comments. This is similar to what we have
in other packages that need the kernel.
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f70b13a7cb6eb01e9d78fddcb695b84a22e5699b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2018-10906 - In fuse before versions 2.9.8 and 3.x before 3.2.5,
fusermount is vulnerable to a restriction bypass when SELinux is active.
This allows non-root users to mount a FUSE file system with the
'allow_other' mount option regardless of whether 'user_allow_other' is set
in the fuse configuration. An attacker may use this flaw to mount a FUSE
file system, accessible by other users, and trick them into accessing files
on that file system, possibly causing Denial of Service or other unspecified
effects.
And additionally:
- libfuse no longer segfaults when fuse_interrupted() is called outside the
event loop.
- The fusermount binary has been hardened in several ways to reduce
potential attack surface. Most importantly, mountpoints and mount options
must now match a hard-coded whitelist. It is expected that this whitelist
covers all regular use-cases.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9c2bbc3fc9a6193ac866c06d474e99f6e428efbc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 6288409642d8368104f916bd264d2cb042942dfa ("libselinux: add
patch to fix build with gcc < 4.7") introduced a patch, but its file
name was incorrect, so it was never applied. In addition, the patch
was generated against the Git repository of SELinux, which includes
all projects, and therefore it doesn't apply to the libselinux source
code extracted from the tarball: the "libselinux/" component path
needs to be removed from the patch.
This commit fixes both problems, which should finally and really fix:
http://autobuild.buildroot.net/results/c3272566bb808e43bb77ec59cfe596f7e0fe9a64/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cb8d1743cab1449b91afbabe38c64cbb85bef6ba)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit adds a patch from Hollis Blanchard on libselinux to fix
build on host machines that have gcc < 4.7.
Fixes:
http://autobuild.buildroot.net/results/a82bb0c0b22ff24263ad7a7d165b21c0df7b3b1d/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6288409642d8368104f916bd264d2cb042942dfa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The bzip.org website is down. Use the Buildroot backup download site.
Remove the website link as there is no clear alternative upstream at
this point.
https://lwn.net/Articles/762264/
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f45976b2c759b1630a2886e75312340b3b511f81)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When using uclibc libdevmapper.so was calling dm_task_get_info_base()
function recursively, leading to segmentation fault. This was
happening because uclibc linker loader just takes first existing
'dm_task_get_info' (which is 'dm_task_get_info_base') symbol in elf
binary, instead of default version.
Add upstreamable lvm2 patch [1], which introduces
--enable-symvers[=STYLE] switch. Use that switch to disable symbol
versions, as we do not plan to support binaries compiled against
old libdevmapper library.
Fixes bug #10781.
[1] https://www.redhat.com/archives/dm-devel/2018-July/msg00187.html
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5313c50aa3c1533c32ecf8d04c0628fbbb14f58d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 70dc00e1c22626a57de383d534f1788a4d44ec47)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Problem starting lighttpd application with systemd.
/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
2018-06-22 11:21:34: (server.c.733) opening errorlog '/var/log/lighttpd-error.log' failed: Permission denied
2018-06-22 11:21:34: (server.c.1420) Opening errorlog failed. Going down.
Lighttpd can not write the 'lighttpd-access.log' and 'lighttpd-error.log' files
to the directory '/var/log/'.
When using systemd the directory '/var/log' does not allow the user www-data to
write.
To correct the problem, we add /usr/lib/tmpfiles.d/lighttpd.conf.
This file create the 'lighttpd-access.log' and 'lighttpd-error.log' files with
the permission
Signed-off-by: Laurent Hartanerot <laurent.hartanerot@atos.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7c2eb68cac14ea1281cfaca6ab81f63e72bc8016)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As noted by Arnout in [1], the logic in mesa3d-headers.mk generates a
bogus dri.pc file, which looks like this:
prefix=/usr
exec_prefix=/usr
libdir=/lib
includedir=/include
dridriverdir=/dri
Indeed, the ${...} are expanded as shell variables when the sed
command is executed, while the intention is that those ${...} should
go in the .pc file. By escaping those using $${...}, we get the
expected .pc file:
prefix=/usr
exec_prefix=/usr
libdir=${exec_prefix}/lib
includedir=${prefix}/include
dridriverdir=${libdir}/dri
This was detected by the not yet committed check-package improvement
from Ricardo that detects bogus ${...} usage to reference make
variables.
[1] http://lists.busybox.net/pipermail/buildroot/2018-July/225402.html
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 98e3c1eee505b6c92c75daa1772ba543936b099f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A regression in the mtd package prevents non-consecutive ubi volume
IDs from working properly. This change backported from upstream
reverts the commit [0]. The issue was originally described on the mtd
mailing list:
http://lists.infradead.org/pipermail/linux-mtd/2018-June/081562.html
[0] http://git.infradead.org/mtd-utils.git/commitdiff/dede98ffb706676309488d7cc660f569548d5930
Signed-off-by: David Owens <david.owens@rockwellcollins.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fd127c8e5962158eb02104d5e41a029ee31967be)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit b35ad5d0b45e (ncurses: make host-ncurses use host terminfo), we
are now pointing host-ncurses to the host terminfo (typically) located in
/usr/share/terminfo.
With this change we are reusing the existing host terminfo database, so
there is no point in trying to install our own on top. The user running
buildroot typically will have no write access to /usr/share/terminfo, but
tic in that case falls back to writing the database to $HOME/.terminfo.
Neither of which are desirable.
In case $HOME/.terminfo also isn't writable, tic fails, breaking the install
step for host-ncurses:
** Building terminfo database, please wait...
Running sh ./shlib tic to install /usr/share/terminfo ...
You may see messages regarding extended capabilities, e.g., AX.
These are extended terminal capabilities which are compiled
using
tic -x
If you have ncurses 4.2 applications, you should read the INSTALL
document, and install the terminfo without the -x option.
"terminfo.tmp", line 21272, terminal 'v3220': /home/peko/.terminfo: permission denied (errno 30)
To fix all of this, simply disable the terminfo database install.
Suggested-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Hollis Blanchard <hollis_blanchard@mentor.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b42fb29048128a432a130c0652e086dfde641d75)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
chrony calls getrandom() at startup if available, so it needs a workaround
for the blocking behaviour on recent (4.14.39+), similar to what was done
for util-linux in commit c4d86707cd6 (util-linux: add two upstream patches
to fix blocking on getrandom() with recent kernels).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d9937b62e0d197644ddf68bde6bcfff6e916ba61)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patch needed to be updated for samba-4.8.4
Fixes
http://autobuild.buildroot.net/results/140/1404a594583ff192d70086ef590f924472465c89/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6d3723147659542ec1cba4139981d75413d89edc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes: https://www.samba.org/samba/history/samba-4.8.4.html
Fixes
o CVE-2018-1139 (Weak authentication protocol allowed.)
o CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.)
o CVE-2018-10858 (Insufficient input validation on client directory
listing in libsmbclient.)
o CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
o CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
server.)
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3d7ce0124aa6ab116f430604db72c99bcd7a299a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes
http://autobuild.buildroot.net/results/3f214cbb1fe2dc2c2cbfb630032e13eba81c1b5a/
and many others
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Thomas: reformat patch as Git formatted]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f38c8d7ed64df008b3a36237d237082eb6ff8995)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 15045fba99a688977dc1aaca01f7f0d42250a4dc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit reformats
0002-patch-source3__libads__kerberos_keytab.c.patch as a Git-formatted
patch.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 90b26f87640c0ebff53a304b15d168b1aca738dd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add patches for the following security issues:
CVE-2017-14501 - An out-of-bounds read flaw exists in parse_file_info in
archive_read_support_format_iso9660.c when extracting a specially
crafted iso9660 iso file.
CVE-2017-14502 - Off-by-one error for UTF-16 names in RAR archives,
leading to an out-of-bounds read in archive_read_format_rar_read_header.
CVE-2017-14503 - Out-of-bounds read within lha_read_data_none() in
archive_read_support_format_lha.c when extracting a specially crafted
lha archive.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 760fbe789c77571b2baf1ddbb3b10207ece7fd7a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
linuxptp missing.h header implements a replacement clock_nanosleep()
function, which was used when the thread implementation was not NPTL,
because uClibc failed to provide clock_nanosleep() in such
configurations.
However, uClibc-ng has fixed this problem upstream, and has backported
this change in Buildroot in patch
package/uclibc/0002-librt-declare-clock_nanosleep-independent-of-thread-.patch
(the code is upstream and will be part of uClibc-ng 1.0.31). Due to
this, there is now a conflicting definition of clock_nanosleep()
between the C library and the linuxptp missing.h code, which manifests
itself by the following build failure:
missing.h:117:19: error: static declaration of 'clock_nanosleep' follows non-static declaration
static inline int clock_nanosleep(clockid_t clock_id, int flags,
^~~~~~~~~~~~~~~
In file included from clockadj.h:24:0,
from clockadj.c:24:
This commit fixes that by adding a patch that removes the replacement
clock_nanosleep() implementation from the linuxptp code base.
Fixes:
http://autobuild.buildroot.net/results/bf400095a853f5beb28c77a50fcffefe52c3d769/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ae2cae70b82bbb1c85307c5947e1b441567038fd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Prevent creating a dangling symlink when vim is not present on the host
machine. With BR2_ROOTFS_MERGED_USR, just link to "vim", since they are
on the same directory, otherwise link to "../usr/bin/vim".
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 52385d789af0d17bf12406e5c028651ccbd841f0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Added sha256 and license hashes, switched _SITE to https.
This bump includes
b4cf0332cc
which fixes a musl build error:
http://autobuild.buildroot.net/results/09d/09d6d5e2d1c50dbd6c026e12aa245fc90687eb19/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 81ea4a243b63d7bb1fec580910c553af4ae072c1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The BR2_PACKAGE_PULSEAUDIO_HAS_ATOMIC dependency of
BR2_PACKAGE_PULSEAUDIO was not properly propagated to reverse
dependencies, causing the following kconfig warning:
warning: (BR2_PACKAGE_ESPEAK_AUDIO_BACKEND_PULSEAUDIO && BR2_PACKAGE_GST_PLUGINS_GOOD_PLUGIN_PULSE && BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_PULSE && BR2_PACKAGE_KODI_PULSEAUDIO && BR2_PACKAGE_MPD_PULSEAUDIO && BR2_PACKAGE_EFL_PULSEAUDIO) selects BR2_PACKAGE_PULSEAUDIO which has unmet direct dependencies (BR2_PACKAGE_PULSEAUDIO_HAS_ATOMIC && BR2_USE_WCHAR && BR2_TOOLCHAIN_HAS_THREADS && !BR2_STATIC_LIBS && BR2_USE_MMU)
This commit fixes that by propagating the dependency as it should have
been done.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 68161802eb53f0af58a274904aebfa115988a468)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When building on a ppc64le host we see this error:
build/genmatch --gimple ../../gcc/match.pd \
> tmp-gimple-match.c
../../gcc/match.pd:120:1 error: expected (, got NAME
negative value by 0 gives -0, not +0. */
This was reported upstream[1] and fixed on the GCC 6 [2] and GCC 7 [3]
branches:
Backport from mainline
2018-01-10 Kelvin Nilsen <kelvin@gcc.gnu.org>
* lex.c (search_line_fast): Remove illegal coercion of an
unaligned pointer value to vector pointer type and replace with
use of __builtin_vec_vsx_ld () built-in function, which operates
on unaligned pointer values.
The patches included in Buildroot contain just the code changes, and not
the changelog, to make it easer to manage backporting.
Tested on Ubuntu Cosmic ppc64le.
[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86162
[2] https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=261621
[3] https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=262243
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 88a161b3886c96b9bd6fc96b8f3850d422af7a5b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
GCC 4.4 and before do not support a message associated to the
"deprecated" gcc attribute. Since such messages are not that useful in
the context of Buildroot, this commit adds a patch that removes them
in the attr source code.
Signed-off-by: Hollis Blanchard <hollis_blanchard@mentor.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f910320143c12b9bed27733640e4c5441afe0f32)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current version of attr uses a canned custom buildsystem, that
is borked in quite a few ways (no support for static, overwrites
destination files without unlinking...)
There has been a release recently-ish, with a complete overhaul of
the buildsystem. We can now drop all our patches.
The option to disable NLS has changed, so update accordingly.
Fixes: #10986
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
[Arnout: use the original SITE instead of a specific mirror]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit b02616cff44258f0386d6572adb9a12dece49509)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
