cmake 3.7 causes serious regressions in some cmake-based packages,
related to how RPATH is handled.
This reverts commit 1ffcf364b6.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Cc: Samuel Martin <s.martin49@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Jörg Krause <joerg.krause@embedded.rocks>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cmake 3.7 causes serious regressions in some cmake-based packages,
related to how RPATH is handled.
This reverts commit d96fafc3d3.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Cc: Samuel Martin <s.martin49@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Jörg Krause <joerg.krause@embedded.rocks>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cmake 3.7 causes serious regressions in some cmake-based packages,
related to how RPATH is handled.
This reverts commit b754237520.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Cc: Samuel Martin <s.martin49@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Jörg Krause <joerg.krause@embedded.rocks>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cmake 3.7 causes serious regressions in some cmake-based packages,
related to how RPATH is handled.
This reverts commit f8a6990c92.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Cc: Samuel Martin <s.martin49@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Jörg Krause <joerg.krause@embedded.rocks>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
DirectFB is written in C++, but can be linked to by a C library or
program.
When doing shared link, this is fine because the linker gets help from
the DT_NEEDED flags and knows what libraries to pull in during the link.
However, during a static link, the linker does not get such help.
Properly fixing this would require that there is support in pkg-config
and autotools to specify that the C++ runtime must be linked. Alas there
is no sush support. The only option is to add -lstdc++ to the
Libs.Private field in directfb.pc. But this is not upstreamable, because
there are other C++ runtimes in the wild (e.g. -lc++ from llvm/clang).
However, DirectFB in a static scenario is probably not a very common
scenario.
Disable DirectFB for static builds.
Fixes:
http://autobuild.buildroot.org/results/3d3/3d3036d40ddad71d872d910aae7a24975706d2e9/http://autobuild.buildroot.org/results/d1c/d1c35a6003396942b584f2f2a5e8bf4ac2fbe370/http://autobuild.buildroot.org/results/d45/d4504871bd47930e8363032d380cdfcc5bb8aee7/
[...]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The ncurses sub-options BR2_PACKAGE_NCURSES_TARGET_{FORM,MENU,PANEL}
are currently very badly broken: they only control whether the
libform, libmenu and libpanel libraries are installed in
$(TARGET_DIR), but do absolutely nothing about their installation in
$(STAGING_DIR).
This means that when one of those options is disabled, the
corresponding library is indeed not installed in the target, but is
available in staging. It can therefore be detected by the configure
script of another package and used... even though the library will not
be in the target, causing a runtime failure.
Internally, ncurses.mk uses the "make install" logic of ncurses for
the staging installation, but uses a completely hand-written logic for
the target installation, which is the reason for this
desynchronization between what's installed in staging and target.
When BR2_PACKAGE_NCURSES_WCHAR=y, this also causes some build
failures. Indeed, when BR2_PACKAGE_NCURSES_WCHAR=y, Buildroot creates
some symbolic links lib<foo>.so -> lib<foo>w.so in staging and target,
but only for the lib<foo> that have been enabled by
BR2_PACKAGE_NCURSES_TARGET_{FORM,MENU,PANEL}. Due to this, a package
that for example needed the libmenu library but forgot to select
BR2_PACKAGE_NCURSES_TARGET_MENU was:
- Building fine with BR2_PACKAGE_NCURSES_WCHAR disabled (because
libmenu.so exists in staging), but would fail to run at runtime
because libmenu.so is not in the target.
- Fail to build with BR2_PACKAGE_NCURSES_WCHAR=y because only
libmenuw.so exists, and not the libmenu.so symbolic link.
Since those libraries are small (43K for libform, 21K for libmenu and
8.2K for libpanel), this commit takes the very simple approach of
removing those options, and installing the libraries
unconditionally. It therefore uses the "make install" logic for both
the staging *and* target installation.
In detail, this commit:
- Removes the NCURSES_PROGS variable, not needed since
--without-progs already allows to disable the build and
installation of programs.
- Removes the NCURSES_LIBS-y variable, and replaces it with a single
unconditional assignement to NCURSES_LIBS, only used to create the
lib<foo>w.so -> lib<foo>.so symbolic links when wchar support is
enabled.
- Removes NCURSES_INSTALL_TARGET_CMDS and the functions it was
calling: NCURSES_INSTALL_TARGET_LIBS and
NCURSES_INSTALL_TARGET_PROGS.
- Adds a NCURSES_TARGET_SYMLINK_RESET hook to create the reset ->
tset symbolic link, as was done before.
- Adds a NCURSES_TARGET_CLEANUP_TERMINFO to cleanup the terminfo
files in the target, so that we stay in the same situation in terms
of installed terminfo files.
- Removes the BR2_PACKAGE_NCURSES_TARGET_{FORM,MENU,PANEL} options
from the Config.in files: both their definition and usage.
- Simplifies all the symlink dance for lib<foo> -> lib<foo>w, because
as Yann E. Morin suggested, this dance is only needed in staging, not
in the target. Once binaries have been built, they refer to the
SONAME of the library, which is the lib<foo>w variant (for shared
linking). For static linking and .pc files, it's obvious that we
don't care about them on the target. Therefore the
NCURSES_LINK_LIBS_STATIC, NCURSES_LINK_LIBS_SHARED and
NCURSES_LINK_PC functions no longer take any argument: they always
apply to STAGING_DIR only. NCURSES_LINK_TARGET_LIBS is removed.
It is worth mentioning that adding Config.in.legacy support is *NOT*
necessary. Indeed:
- If they were disabled before this patch, having them in
Config.in.legacy would not trigger the legacy warning.
- If they were enabled before this patch, then the behavior is
unchanged: all libraries are now unconditionally installed. So
there is no point in warning the user.
We double-checked the installed size of a filesystem containing just
ncurses before and after this patch, and the only folder that has its
size changed is /usr/lib, growing from 852 KB to 932 KB in the wchar
enabled case. That's a 80 KB system size increase.
This commit fixes the sngrep build failure and potentially numerous
runtime issues with ncurses.
Fixes:
http://autobuild.buildroot.net/results/7b5db21a6c568e6c6c8fe2b5d5a2f5ca24df510c/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since there's not much point in generating missing host keys when the
init script is called with "stop", the call to ssh-keygen should not
be done inconditionally, but in the start function instead.
Signed-off-by: Ignacy Gawędzki <ignacy.gawedzki@green-communications.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
http://autobuild.buildroot.net/results/05b/05bbc22dd6cd5564462226e612ab1e95778fe935/http://autobuild.buildroot.net/results/edf/edfe58749d1b7a1bb2e0184a6824a74b9d38ddb9/http://autobuild.buildroot.net/results/139/1395eca13ca537bde928ddd68a5bc6e130e82ba3/http://autobuild.buildroot.net/results/94a/94ad6e8bbbeb926ea834d9d6e3ba87d0398acb86/
Gcc 6.x defaults to C++14, and the iostream operator bool behaviour changed
in C++11. In previous versions, a somewhat odd operator void* was used to
return the status of the stream as a pointer. Since C++11 a more sensible
operator bool is used to return the stream staus.
For details, see:
http://en.cppreference.com/w/cpp/io/basic_ios/operator_bool
The code in CConfigReadContext assumes the pre-C++11 behaviour and provides
its own operator void overload to return the status of the embedded
iostream. With C++11, iostream no longer provides this overload, breaking
the build:
CConfig.cpp: In member function 'CConfigReadContext::operator void*() const':
CConfig.cpp:1851:9: error: cannot convert 'std::istream {aka std::basic_istream<char>}' to 'void*' in return
return m_stream;
To fix it, backport part of upstream commit 3d963bfbe7897d0a33ad (possible
fix for mavericks) which changes the code to simply provide a getStream()
method which returns a reference to the embedded stream and the calling code
is changed to use operator bool on the returned stream, making the code
compatible with both old and new compilers.
This upstream commit is part of the 1.6.0 release, so can be dropped when
the version is bumped.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The workarounds for kmod/libnss can be removed when the patch is
applied and the autobuilder toolchains got rebuild.
kmod: 0d81107f02
libnss: fceb1afd5d
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
libanl.so is needed for asynchronous network address and service
translation, declared in netdb.h
Signed-off-by: Jesper Bækdahl <jbb@gamblify.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Commit a5015f1025 ("util-linux: security
bump to version 2.29.2") incorrectly removed <pkg>_AUTORECONF = YES.
While the patches touching configure.ac have indeed been removed, there
is still a patch touching a Makemodule.am file, which triggers an
autoreconf a build time, which itself fails because autoconf/automake
are not available.
So re-add <pkg>_AUTORECONF, with a comment pointing specifically at the
patch that makes it necessary.
Fixes:
http://autobuild.buildroot.net/results/309127a532eed00e406bbaf0b1a51b7241a10505/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
configure.ac uses PKG_CHECK_MODULES() so it needs host-pkgconf.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently the host build of Python 2 defaults to narrow unicode (UCS2),
ignoring the BR2_PACKAGE_PYTHON_UCS4 configuration option which may be
set to wide (UCS4).
This results in host and target Python packages which are incompatible
in subtle ways.
For example, installing wheels into the target fails when they are made
with the host python, citing incompatibility (as can be seen by the
package tags which may be "cp27u-manylinux1" instead of
"cp27mu-manylinux1").
Compiling the host Python 2 with the same UCS configuration as the
target ensures that the packages are compatible (and the tags match).
This does not affect Python 3 as support for narrow unicode was
deprecated in version 3.3, see https://www.python.org/dev/peps/pep-0393/
Thanks to Tony Breeds <tony@bakeyournoodle.com> for reporting this.
Signed-off-by: Chris Smart <mail@csmart.io>
[Thomas: add comment in the code.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It updates to the ffmpeg 3.2.4 codebase, fixing several security bugs.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2017-5847 - The gst_asf_demux_process_ext_content_desc function in
gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote
attackers to cause a denial of service (out-of-bounds heap read) via vectors
involving extended content descriptors.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2017-5848 - The gst_ps_demux_parse_psm function in
gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows
remote attackers to cause a denial of service (invalid memory read and
crash) via vectors involving PSM parsing.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It turned out that the troll character U+c2a0 was added by our own
patch.
So fix it amd drop our second patch.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit adds a patch to btrfs-progs that fixes the build of
docker-engine, and possibly other packages including kerncompat.h from
btrfs-progs.
For the btrfs-progs build itself, a --disable-backtrace option allows to
indicate whether backtrace()/<execinfo.h> support should be used or
not. However, once btrfs-progs is installed, it simply looks at whether
__GLIBC__ is defined or not to decide to use backtrace() or not.
However, uClibc defines __GLIBC__ but does not provide backtrace()
functionality. The additional patch tweaks the kerncompat.h to look at
__UCLIBC__ and not use backtrace() functionality in this case.
Fixes:
http://autobuild.buildroot.net/results/9dc9370a79c5c44e6c92be6a44334842c211d923/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
Makefile:532: *** mbedtls is in the dependency chain of bctoolbox that
has added it to its _DEPENDENCIES variable without selecting it or
depending on it from Config.in. Stop.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Acked-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Update the comment about the ARC exception to match the one used in VLC,
so that a 'git grep "ARC toolchain issue"' returns the list of packages
to re-evaluate on ARC when the ARC toolchain gets upgraded.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This package fails when building for ARC due to ARC toolchain issue.
Marking this with special comment "# ARC toolchain issue" as the package
is to be enabled as soon as the issue with the ARC toolchain is
resolved.
Fixes:
http://autobuild.buildroot.net/results/ebae0ed90b88db5a3b34a46f2ca1ff97e01fe83c/
Signed-off-by: Vlad Zakharov <vzakhar@synopsys.com>
[Thomas:
- add autobuilder reference
- propagate dependency to Config.in comment.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It assumes the MIPS target has an FPU and uses FPU assembler
instructions which cause the compilation to fail when building it for
soft-float.
Fixes:
http://autobuild.buildroot.net/results/f40/f407ca9245e2445619420a9dfd595856729a2b2b/
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
[Thomas:
- propagate dependency to Config.in comment
- add comment above the "depends on" to explain why.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Because with libimxvpuapi older than 0.10.3, the gst1-imx-0.12.3 "imxvpu"
plugin will not build.
Changelog:
* properly pass on color format in simplified JPEG encoder interface
* add alternative write-callback-style encoding mode
also add encode example variant which uses write-callback style output
* add support for "fake grayscale mode" in encoders
this is done by using I420 internally and filling the U and V planes
with 0x80 bytes
* make sure JPEG quantization table is copied in standardized zig zag order
the VPU does not, so this has to be done explicitely
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2017-2629 - curl SSL_VERIFYSTATUS ignored
>From the advisory (http://www.openwall.com/lists/oss-security/2017/02/21/6):
Curl and libcurl support "OCSP stapling", also known as the TLS Certificate
Status Request extension (using the `CURLOPT_SSL_VERIFYSTATUS` option). When
telling curl to use this feature, it uses that TLS extension to ask for a
fresh proof of the server's certificate's validity. If the server doesn't
support the extension, or fails to provide said proof, curl is expected to
return an error.
Due to a coding mistake, the code that checks for a test success or failure,
ends up always thinking there's valid proof, even when there is none or if the
server doesn't support the TLS extension in question. Contrary to how it used
to function and contrary to how this feature is documented to work.
This could lead to users not detecting when a server's certificate goes
invalid or otherwise be mislead that the server is in a better shape than it
is in reality.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From https://www.kernel.org/pub/linux/utils/util-linux/v2.29/v2.29.2-ReleaseNotes
This release fixes su(1) security issue CVE-2017-2616:
It is possible for any local user to send SIGKILL to other processes with root
privileges. To exploit this, the user must be able to perform su with a
successful login. SIGKILL can only be sent to processes which were executed
after the su process. It is not possible to send SIGKILL to processes which
were already running.
Drop upstream patches and autoreconf since it's no longer required.
[Peter: extend commit message with CVE info / description]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes#9666 [1]
cp -dpfr .../host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/qml/QtQuick/PrivateWidgets .../target/usr/qml/QtQuick
cp: cannot stat ‘.../host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/qml/QtQuick/PrivateWidgets’: No such file or directory
[1] https://bugs.busybox.net/show_bug.cgi?id=9666
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
By default, bctoolbox adds the rpath to the shared library. Prevent this
by setting `CMAKE_SKIP_RPATH` [1] to a true value.
[1] https://cmake.org/cmake/help/latest/variable/CMAKE_SKIP_RPATH.html
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently we force selection on mbedtls for bctoolbox. If, for whatever
reason, mbedTLS is not found, bctoolbox searches for PolarSSL and, if
not present, fails with:
```
Could NOT find PolarSSL (missing: POLARSSL_INCLUDE_DIRS
HAVE_POLARSSL_SSL_H)
```
This happens because bctoolbox enables support for mbedTLS and PolarSSL
by default, whereas, if both are enabled, mbedTLS is preferred over
PolarSSL.
However, crypto support is not mandatory and support for both libraries
can be turned off. Therefore, optionally depend on mbedTLS or PolarSSL
and enable/disable the library support explicitly.
This fixes the issue of searching for PolarSSL altough the dependency is
not declared in the bctoolbox package.
Note, that this does not fix the issue why mbedtls is not found although
it is enabled. This issue is address in this thread [1].
Fixes:
http://autobuild.buildroot.net/results/cfe/cfeb2f542598e5d450b332fb51a6d79bae24158c/
.. and more.
[1] http://lists.busybox.net/pipermail/buildroot/2017-February/183055.html
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Static linking with bctoolbox fails when using pkg-config as the
generated bctoolbox.pc file only consists of an '-L' string without any
search path or libraries flags:
```
libtool: link: need path for `-L' option
```
That's because of an typo in mbedtls_library_path. However,
mbedtls_library_path contains a string of the mbedtls libraries
concatenated by an ';' which cannot be parsed by pkg-config.
Therefore, use MBEDTLS_LIBRARY instead of MBEDTLS_LIBRARIES to get
the library path.
Furthermore, add the three mbedtls libraries mbedtls, mbedcrypto, and
mbedx509 to LIBS_PRIVATE so these libraries are added to the
Libs.private field of bctoolbox.pc.
Fixes:
http://autobuild.buildroot.net/results/37d5625df4be11ccdc063871e9f6e13d5f59fb52http://autobuild.buildroot.net/results/1999c841fae41f860f00747a362327cb2857e687
.. and many more.
Upstream status: Pending
https://github.com/BelledonneCommunications/bctoolbox/pull/4
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This reverts commit 5c4d3560b9.
Although the patch fixes the build error it does not set the flags for
Libs.private properly. A follow-up patch will provide a better solution
for this issue.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
