- Jan 08, 2018
-
-
Maxime Hadjinlian authored
This feature is not used by anyone in the core developpers and makes a drastic simplification of the pkg-download infrastructure harder. The future patch will move much of what's in the current pkg-download.mk file into the dl-wrapper which is a shell script. Signed-off-by:
Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Acked-by:
"Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by:
Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-
Peter Seiderer authored
Signed-off-by:
Peter Seiderer <ps.report@gmx.net> Signed-off-by:
-
Fabrice Fontaine authored
Add a patch to avoid failing on a configure error if UI example can't be built if libgtk3 is available but not gst1-plugins-base (gstreamer-video is only needed for UI example, not for rygel UI) Fixes: - http://autobuild.buildroot.net/results/6c659aadfc418c0a27a93284eb34d75e2b0dc169 Signed-off-by:
Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by:
-
Norbert Lange authored
Fails to build, disable powerpc64 until upstream fixed it Fixes: http://autobuild.buildroot.net/results/5088f6efd44ce9b081c2c7825a7005a9cb60799d Signed-off-by:
Norbert Lange <nolange79@gmail.com> Signed-off-by:
-
Peter Korsgaard authored
Fixes the following security issues: * AST-2017-014: Crash in PJSIP resource when missing a contact header A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and using the PJSIP channel driver, it would cause Asterisk to crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled a user would have to first be authorized before reaching the crash point. For more details, see the announcement: https://www.asterisk.org/downloads/asterisk-news/asterisk-13185-1475-1515-and-1318-cert2-now-available-security Signed-off-by:
Peter Korsgaard <peter@korsgaard.com> Signed-off-by:
-
Fabio Estevam authored
Signed-off-by:
Fabio Estevam <festevam@gmail.com> Signed-off-by:
-
Matt Weber authored
sah256 -> sha256 Fixes: http://autobuild.buildroot.net/results/9d0/9d054a26d7833353efbe49c984a7cb66d77b1d0c/ Signed-off-by:
Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by:
-
Peter Korsgaard authored
Fixes #10556 The --with-crypto handling in ntp only works with libopenssl, not with libressl, where it ends up with compilation issues like: ntp_control.c:(.text+0x64): undefined reference to `EVP_MD_CTX_new' ntp_control.c:(.text+0x10c): undefined reference to `EVP_MD_CTX_free' libntpd.a(ntp_crypto.o): In function `bighash': ntp_crypto.c:(.text+0x2e8): undefined reference to `EVP_MD_CTX_new' ntp_crypto.c:(.text+0x328): undefined reference to `EVP_MD_CTX_free' libntpd.a(ntp_crypto.o): In function `crypto_verify': ntp_crypto.c:(.text+0x6cc): undefined reference to `EVP_MD_CTX_new' ntp_crypto.c:(.text+0x710): undefined reference to `EVP_MD_CTX_free' ntp_crypto.c:(.text+0x72c): undefined reference to `EVP_MD_CTX_free' So ensure we only pass --with-crypto when libopenssl is used. Signed-off-by:
-
Yann E. MORIN authored
Instead of limiting it to the package under test, we run it globally. Signed-off-by:
-
- Jan 07, 2018
-
-
Trent Piepho authored
There are three 256 color terminfo files that buildroot only installs if ncurses is configured with wide character support, which also enables ext-color. There is a fourth 256 color terminfo file that does not depend on wchar suport and is always installed. This changes that to always install all four 256 color terminfo files. When ncurses has ext-colors enabled,it allows 256 fg and bg colors at the same time. Without ext-colors, it is still possible to use the 256 color terminfo files and one can get a combination of fb and bg colors that equals up to 256, e.g. 256 fg colors on one background or 16 fg and 16 bg colors. In short, the 256 color files work fine without wchar or ext-color support and support more colors than the normal xterm, etc. terminfo files. It's common today for the default terminal to use xterm-256color and it's nice if thinks like vim and top work out of the box. Signed-off-by:
Trent Piepho <tpiepho@impinj.com> Signed-off-by:
-
Romain Naour authored
See https://www.enlightenment.org/news/e22_release and https://www.enlightenment.org/news/e0.22.1_release Switch to the meson build system. The autotools build system has been removed upstream by commit https://git.enlightenment.org/core/enlightenment.git/commit/?id=bd8828204779509a2f47fffc4031abcab2b34d79 Signed-off-by:
Romain Naour <romain.naour@gmail.com> [Thomas: use --option=value everywhere.] Signed-off-by:
-
Matt Weber authored
No change to the contents but indentation. Fixes: http://autobuild.buildroot.net/results/626/626f01bb2e769914d471e70665f7f2909e1f5fe2/ Signed-off-by:
-
Peter Korsgaard authored
Fixes the following security issues: 14.6.1: * AST-2017-005 (applied to all released versions): The "strictrtp" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The "nat" and "rtp_symmetric" options for chan_sip and chan_pjsip respectively enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received the strict RTPsupport would allow the new address to provide media and with symmetric RTP enabled outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic they would continue to receive traffic as well. * AST-2017-006 (applied to all released versions): The app_minivm module has an “externnotify” program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection. * AST-2017-007 (applied only to 13.17.1 and 14.6.1): A carefully crafted URI in a From, To or Contact header could cause Asterisk to crash For more details, see the announcement: https://www.asterisk.org/downloads/asterisk-news/asterisk-11252-13171-1461-116-cert17-1313-cert5-now-available-security 14.6.2: * AST-2017-008: Insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the “nat” and “symmetric_rtp” options allow redirecting where Asterisk sends the next RTCP report. The RTP stream qualification to learn the source address of media always accepted the first RTP packet as the new source and allowed what AST-2017-005 was mitigating. The intent was to qualify a series of packets before accepting the new source address. For more details, see the announcement: https://www.asterisk.org/downloads/asterisk-news/asterisk-11253-13172-1462-116-cert18-1313-cert6-now-available-security Drop 0004-configure-in-cross-complation-assimne-eventfd-are-av.patch as this is now handled differently upstream (by disabling eventfd for cross compilation, see commit 2e927990b3d2 (eventfd: Disable during cross compilation)). If eventfd support is needed then this should be submitted upstream. Signed-off-by:
-
Peter Korsgaard authored
>From the advisory (https://irssi.org/security/irssi_sa_2018_01.txt ): Multiple vulnerabilities have been located in Irssi. (a) When the channel topic is set without specifying a sender, Irssi may dereference NULL pointer. Found by Joseph Bisch. (CWE-476) CVE-2018-5206 was assigned to this issue. (b) When using incomplete escape codes, Irssi may access data beyond the end of the string. (CWE-126) Found by Joseph Bisch. CVE-2018-5205 was assigned to this issue. (c) A calculation error in the completion code could cause a heap buffer overflow when completing certain strings. (CWE-126) Found by Joseph Bisch. CVE-2018-5208 was assigned to this issue. (d) When using an incomplete variable argument, Irssi may access data beyond the end of the string. (CWE-126) Found by Joseph Bisch. CVE-2018-5207 was assigned to this issue. Signed-off-by:
-
Jan Heylen authored
Signed-off-by:
Jan Heylen <jan.heylen@nokia.com> Signed-off-by:
-
Jan Heylen authored
Verified experimentally by using exception_ptr with m68k_cf5208 and looking at the value of ATOMIC_INT_LOCK_FREE. ATOMIC_INT_LOCK_FREE=1, so the issue is present. Also verified that gcc 7.x fixed it also for cf5208. Signed-off-by:
-
Jan Heylen authored
As BUILD_STATIC_LIBS is not a standard cmake variable (while BUILD_SHARED_LIBS is) we shouldn't add it in pkg-cmake.mk, although for some packages that would make sense. Therefore, add a note so we don't forget about this abnormality. See: https://cmake.org/cmake/help/v3.8/manual/cmake-variables.7.html#variables-that-change-behavior Signed-off-by:
-
Jan Heylen authored
The BUILD_SHARED_LIBS option is already handled by the cmake-package infrastructure, so there is no need to pass it at the package level. Signed-off-by:
-
Sergey Matyukevich authored
Currently in Orange Pi boards post-build script is used only to generate U-Boot boot script and post-image script is used only to generate sdcard image according to genimage configuration. However both those tasks can now be handled by generic Buildroot tools: - BR2_TARGET_UBOOT_BOOT_SCRIPT config options - support/scripts/genimage.sh script This patch drops custom scripts replacing them by generic Buildroot tools. Signed-off-by:
Sergey Matyukevich <geomatsi@gmail.com> Signed-off-by:
-
Sergey Matyukevich authored
Signed-off-by:
-
Eric Le Bihan authored
Signed-off-by:
Eric Le Bihan <eric.le.bihan.dev@free.fr> Signed-off-by:
-
Eric Le Bihan authored
Signed-off-by:
-
Eric Le Bihan authored
Signed-off-by:
-
Eric Le Bihan authored
Signed-off-by:
-
Eric Le Bihan authored
Signed-off-by:
-
Eric Le Bihan authored
Also add license hash. Signed-off-by:
-
Eric Le Bihan authored
Also add license hash. Signed-off-by:
-
Eric Le Bihan authored
Also add license hash. Signed-off-by:
-
Eric Le Bihan authored
Also add license hash. Signed-off-by:
-
Bernd Kuhls authored
Removed patches applied upstream: 0002-Fix-uClibc-build.patch https://github.com/ivmai/bdwgc/commit/047230b71d421407ad2c8641ee4a87a1bd89145b 0003-configure-match-uclinux-pattern.patch https://github.com/ivmai/bdwgc/commit/a628c90bdbf397465ac2ab2b11f14eb2e853651c Renumbered remaining patches, added license hash. Signed-off-by:
Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by:
-
Bernd Kuhls authored
Added upstream to fix http://autobuild.buildroot.net/results/44e/44e29c2fb5d236a66e0466698fbc9201a37dbc63/ Signed-off-by:
-
Bernd Kuhls authored
Patch originates from FreeBSD: https://lists.freebsd.org/pipermail/freebsd-x11/2015-July/016528.html https://svnweb.freebsd.org/ports/head/x11/libXpm/Makefile?r1=384234&r2=391122&pathrev=391122 Fixes http://autobuild.buildroot.net/results/f24/f24dc74c111690f068833ff6fc72df9a0853d210/ Signed-off-by:
-
Bernd Kuhls authored
In commit fa6c7d16 ("libdrm: fix libatomic_ops linking"), a patch was added to switch to PKG_CHECK_MODULES() to detect libatomic_ops instead of AC_CHECK_HEADER. However, as explained in https://autotools.io/pkgconfig/pkg_check_modules.html: "In contrast with almost all of the original macros, though, the default action-if-not-found will end the execution with an error for not having found the dependency." This makes the configure script bail out when libatomic_ops is not available, which is not what we want in libdrm's configure script. This commit adjusts the PKG_CHECK_MODULES() call to avoid failing. Fixes: http://autobuild.buildroot.net/results/cea/cea777dc997f86c1122c8b818d264215a0e77e5a/ Signed-off-by:
-
Bernd Kuhls authored
Added license hashes. Signed-off-by:
-
Bernd Kuhls authored
Fixes http://autobuild.buildroot.net/results/5be/5be1082dee8387b1140d802ac3c788896a4bf980/ Signed-off-by:
-
Yair Ben Avraham authored
This patch contains the following changes: - Remove all three patches, they are included in upstream version - Add locally calculated sha256 hash - Remove <pkg>_STRIP_COMPONENTS = 2, there is no leading directory - Remove <pkg>_AUTORECONF and <pkg>_GETTEXTIZE since all the patches are being removed. Signed-off-by:
Yair Ben Avraham <yairba@tkos.co.il> Signed-off-by:
-
Yann E. MORIN authored
Autotools-based packages that do not need C++ but check for it, and use libtool, will fail to configure on distros that lack /lib/cpp. This is the case for example on Arch Linux, where expat fails to build with: configure: error: in `/home/dkc/src/buildroot/build/build/expat-2.2.4': configure: error: C++ preprocessor "/lib/cpp" fails sanity check This is because libtool uses AC_PROC_CXXCPP, which can not be avoided, and does require a cpp that passes some "sanity" checks (does not choke on valid input, but does choke on invalid input). So we can use neither /bin/false nor /bin/true... We instead need something that can digest some basic C++ preprocessor input. We can't use the target preprocessor: that does not work, because it obviously has no C++ cupport: arm-linux-cpp.br_real: error: conftest.cpp: C++ compiler not installed on this system We can however consider that the host machine does have a C++ compiler, so we use the host' cpp, which is gcc's compiler wrapper that ends up calling the host's C++ preprocessor. That would give us a valid C++ preprocessor when we don't have one, in fact. But autotools will then correctly fail anyway, because there is indeed no C++ compiler at all, as we can see in this excerpt of a configure log from expat: checking whether we are using the GNU C++ compiler... no checking whether false accepts -g... no checking dependency style of false... none checking how to run the C++ preprocessor... cpp checking whether the false linker (/home/ymorin/dev/buildroot/O/host/bin/arm-linux-ld) supports shared libraries... yes libtool.m4: error: problem compiling CXX test program checking for false option to produce PIC... -DPIC checking if false PIC flag -DPIC works... no checking if false static flag works... no checking if false supports -c -o file.o... no checking if false supports -c -o file.o... (cached) no checking whether the false linker (/home/ymorin/dev/buildroot/O/host/bin/arm-linux-ld) supports shared libraries... yes So, using the host's C++ preprocessor (by way of gcc's wrapper) leads to a working situation, where the end result is as expected. Reported-by:Damien Riegel <damien.riegel@savoirfairelinux.com> Signed-off-by:
-
Jörg Krause authored
Signed-off-by:
Jörg Krause <joerg.krause@embedded.rocks> Signed-off-by:
-
Fabrice Fontaine authored
libdnet is an optional dependency, it is only needed if nfq or ipq module are enabled. So, if libdnet and libnetfilter_queue are available, enable nfq module and add a dependency to both packages otherwise disable nfq module. Moreover, always disable ipq module as libipq is deprecated, it isn't enable in iptables. Even if it was enabled, libipq.h can't be included as it makes a reference to linux/netfilter_ipv4/ip_queue.h which is not available anymore Signed-off-by:
-
Gary Bisson authored
Also include new boot scripts to match standard distro uboot commands. Our previous 6x_bootscript and 6x_upgrade used custom variables and their naming don't make sense now that we target more than i.MX6 CPU. Therefore those old scripts are marked as legacy and kept for now but the goal is to deprecate and remove them later. Signed-off-by:
Gary Bisson <gary.bisson@boundarydevices.com> Signed-off-by:
-
