Actually build fails with musl libc due to missing header inclusion
<unistd.h> (usually included by stdlib.h) in package code which in order
contains type definition of ssize_t.
A Git repository has been setted up for this project as upstream, and
contains a commit which solves build failure removing the use of ssize_t
at all.
No other http tarballs have been released on current site, so
development seems to continue on Git repository.
- Set SITE_METHOD = git
- Switch site to: https://gitlab-ext.sigma-chemnitz.de/ensc/bayer2rgb
- Bump version to latest commit to include commit which fixes build
failure.
package/sane-backends: security bump to version 1.0.27
- Switch site to gitlab
- Remove second patch (already in version)
- Use new --{with,without}-usb option
- Add hash for license file
- Fix CVE-2017-6318
Peter Korsgaard [Wed, 3 Apr 2019 20:13:25 +0000 (22:13 +0200)]
fs/common.mk: disable real chown calls in fakeroot
fakeroot by default forwards {f,l,}chown calls to libc and ignores
permission issues, which may cause issues when building in restricted
environments like user namespaces as set up with bubblewrap where a chown
call with a uid/gid not mapped in the user namespace instead returns EINVAL.
This error is not masked by fakeroot and returned to the caller, causing
failures.
There is no real reason to really perform the *chown calls in the context of
Buildroot (as the calls will likely just fail and files are not accessed
outside the fakeroot environment any way).
This forwarding can be disabled by setting the FAKEROOTDONTTRYCHOWN
environment variable, so set it when fakeroot is executed.
Include upstream commit 193f1e8 "glob: Do not assume glibc glob
internals". Without this if building glibc with host-make it will fail
with a segfault in make:
Fabrice Fontaine [Sun, 31 Mar 2019 15:12:05 +0000 (17:12 +0200)]
package/oniguruma: new package
Oniguruma is a modern and flexible regular expressions
library. It encompasses features from different regular
expression implementations that traditionally exist in
different languages.
package/pkg-autotools: disable NLS for host packages by default
There is no need for language translaion feature for the host
packages, anyway some of them disable it explicitly, so lets do it
automatically at least for the host-autotools- kind of packages.
package/gettext-tiny: bump version to add --template option
Some packages (i.e. rygel) uses the msgfmt tool with its --template
option. However, the current version of gettext-tiny (0.3.1) doesn't
support --template flag and exits giving: "fopen: No such file or
directory".
In upstream gettext-tiny they have added support for --template after
lots of modifications, so it's hard to produce a patch to be applied
against 0.3.1. Therefore, we bump the version to the latest master
branch commit.
Trent Piepho [Fri, 7 Dec 2018 18:13:30 +0000 (18:13 +0000)]
package/libp11: new package
Library for using PKCS#11, which includes an engine for OpenSSL that
lets it use PKCS#11 modules. Which is really what this package is
about, not that libp11 library itself, which has no users outside the
of OpenSSL engine.
If p11-kit is enabled, configure the engine to use that as the default
PKCS#11 module. That module is a sort of multiplexer that allows
multiple modules to be used at once, so it makes sense to use it even
if there are other modules present, e.g. softhsm2, nssckbi,
pkcs11-proxy, ykcs11, etc.
A host package is created too, with a host configuration option.
Since this a dynamically loaded module, there is no build time reason
to select it from a host package. It could be used by host openssl,
to allow host rauc to sign a software update bundle using a key from a
HSM with a PKCS#11 interface.
Signed-off-by: Trent Piepho <[email protected]> Tested-by: Frank Hunleth <[email protected]>
[Thomas:
- add entry in DEVELOPERS file
- add missing !BR2_STATIC_LIBS dependency
- fix license information, as noticed by Frank Hunleth
- add missing dependency on host-pkgconf, needed by the configure
script to detect openssl
- explicitly pass --with-enginesdir as the value returned by
pkg-config is incorrectly prefixed by the sysroot] Signed-off-by: Thomas Petazzoni <[email protected]>
Cameras are complex devices that need heavy hardware image processing
operations. Control of the processing is based on advanced algorithms
that must run on a programmable processor. This has traditionally been
implemented in a dedicated MCU in the camera, but in embedded devices
algorithms have been moved to the main CPU to save cost. Blurring the
boundary between camera devices and Linux often left the user with no
other option than a vendor-specific closed-source solution.
To address this problem the Linux media community has very recently
started collaboration with the industry to develop a camera stack that
will be open-source-friendly while still protecting vendor core IP.
libcamera was born out of that collaboration and will offer modern
camera support to Linux-based systems, including traditional Linux
distributions, ChromeOS and Android.
The project has not made an official release as of yet, so we're
using the latest sha1 from master
We utilise C++ 11 but we mandate GCC5+ due to a bug [0] in earlier
versions which result in compile failures on our code base.
[0] Bug 54316 - [C++11] move constructor for stringstream
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=54316
Documentation and Tests are disabled from the build.
When CONFIG_FIT_SIGNATURE is enabled for building,
CONFIG_FIT_SIGNATURE_MAX_SIZE must be defined since it's a dependency of
CONFIG_FIT_SIGNATURE. Using uboot Kconfig, CONFIG_GIT_SIGNATURE_MAX_SIZE
is set to its default(0x10000000) according to Kconfig, but Buildroot
doesn't use uboot Kconfig, it passes directly CONFIG_* as make
arguments.
Append CONFIG_FIT_SIGNATURE_MAX_SIZE=0x10000000 after
CONFIG_FIT_SIGNATURE=y to UBOOT_TOOLS_MAKE_OPTS and
HOST_UBOOT_TOOLS_MAKE_OPTS.
Peter Korsgaard [Tue, 2 Apr 2019 14:57:53 +0000 (16:57 +0200)]
package/tpm2-tools: bump version to 3.1.4
Fixes a number of issues discovered post-3.1.3, including a completely
broken -T option handling. For details, see:
https://github.com/tpm2-software/tpm2-tools/releases/tag/3.1.4
On version bump to 0.7.3 SITE has been modified to use github
instead of http tarball. Github tarball doesn't contain ./configure file
differently from 0.7.2 http tarball, so need to autoreconf and generate
it.
Add BIOSDEVNAME_AUTORECONF = YES to package recipe.
Peter Korsgaard [Tue, 2 Apr 2019 20:56:02 +0000 (22:56 +0200)]
package/libfuse: bump version to 2.9.9
Contains a number of fixes for issues discovered post-2.9.8. From the
release notes:
- Fixed readdir bug when non-zero offsets are given to filler and the
filesystem client, after reading a whole directory, re-reads it from a
non-zero offset e.g. by calling seekdir followed by readdir.
PIE breaks the build on m68k, so add an upstream patch to disable PIE.
Obviously, when we start seriously testing the BR2_RELRO_FULL option, we
will realize that it is broken on some architectures, and will probably
disable it on m68k.
Peter Korsgaard [Tue, 2 Apr 2019 18:16:16 +0000 (20:16 +0200)]
package/apache: security bump to version 2.4.39
Fixes the following security vulnerabilities:
*) SECURITY: CVE-2019-0197 (cve.mitre.org)
mod_http2: fixes a possible crash when HTTP/2 was enabled for a http:
host or H2Upgrade was enabled for h2 on a https: host. An Upgrade
request from http/1.1 to http/2 that was not the first request on a
connection could lead to a misconfiguration and crash. Servers that
never enabled the h2 protocol or only enabled it for https: and
did not set "H2Upgrade on" are unaffected by this issue.
[Stefan Eissing]
*) SECURITY: CVE-2019-0196 (cve.mitre.org)
mod_http2: using fuzzed network input, the http/2 request
handling could be made to access freed memory in string
comparision when determining the method of a request and
thus process the request incorrectly. [Stefan Eissing]
*) SECURITY: CVE-2019-0211 (cve.mitre.org)
MPMs unix: Fix a local priviledge escalation vulnerability by not
maintaining each child's listener bucket number in the scoreboard,
preventing unprivileged code like scripts run by/on the server (e.g. via
mod_php) from modifying it persistently to abuse the priviledged main
process. [Charles Fol <folcharles gmail.com>, Yann Ylavic]
*) SECURITY: CVE-2019-0196 (cve.mitre.org)
mod_http2: using fuzzed network input, the http/2 request
handling could be made to access freed memory in string
comparision when determining the method of a request and
thus process the request incorrectly. [Stefan Eissing]
*) SECURITY: CVE-2019-0217 (cve.mitre.org)
mod_auth_digest: Fix a race condition checking user credentials which
could allow a user with valid credentials to impersonate another,
under a threaded MPM. PR 63124. [Simon Kappel <simon.kappel axis.com>]
*) SECURITY: CVE-2019-0215 (cve.mitre.org)
mod_ssl: Fix access control bypass for per-location/per-dir client
certificate verification in TLSv1.3.
*) SECURITY: CVE-2019-0220 (cve.mitre.org)
Merge consecutive slashes in URL's. Opt-out with
`MergeSlashes OFF`. [Eric Covener]
For more details, see the CHANGES file:
https://www.apache.org/dist/httpd/CHANGES_2.4.39
Max Filippov [Wed, 3 Apr 2019 02:20:19 +0000 (19:20 -0700)]
package/binutils: fix loops relaxation in xtensa gas
Loop relaxation logic in xtensa gas may produce code in which LEND
register doesn't match actual zero overhead loop end. Fix relaxation
code so that it produces a literal or a pair of const16 instructions
with associated relocation record that works correctly in the presence
of other relaxations. This fixes crash in X11 server caused by window
movement.
Loop relaxation has limited of 32K range, this fix removes this
limitation.
package/netsniff-ng: Fix build caused by extra 'install' target
After commit:
b0f98d5 package/netsniff-ng: allow to build with uclibc but w/o mausezahn
the different build and install targets are specified depending if
masuezahn tool is able to be selected or not. It works for the build
case but for the install the old 'install' target was not removed from
the make invocation and it still forces to install the mausezahn, so fix
it by remove this target.
package/gstreamer1/gst-omx: make variant mutually exclusive
Commit cc419509506 added the GST_OMX_VARIANT option which gets a default
value that gets overridden by subsequent conditions. check-package
doesn't like that, so instead make the three cases explicitly mutually
exclusive.
- Drop patch (already in version)
- Add hash for license file
- Fix around 10 CVEs:
https://www.cvedetails.com/vulnerability-list/vendor_id-2224/product_id-3881/version_id-216413/
- Add an upstream patch for CVE-2019-6128
Norbert Lange [Sun, 17 Mar 2019 21:20:13 +0000 (22:20 +0100)]
package/pkg-generic: depend on host-{xz, lzip} only for fitting archives
Currently, host-xz and host-lzip are built as soon as the
corresponding tools are not provided by the system, independently of
whether they are really needed by the Buildroot configuration. This is
particularly annoying for host-lzip, which is only needed for very few
packages.
This commit modifies the generic package infrastructure to only add
host-lzip and host-xz as dependencies when really needed.
Signed-off-by: Norbert Lange <[email protected]>
[Thomas:
- improve commit log
- as suggested by Yann E. Morin, make the lzip case similar to the xz
case] Signed-off-by: Thomas Petazzoni <[email protected]>
Peter Korsgaard [Mon, 1 Apr 2019 10:11:56 +0000 (12:11 +0200)]
package/gstreamer1/gst-omx: default to pass --with-omx-target=generic
target defaults to none, which isn't a legal target:
configure: Using none as OpenMAX IL target
configure: error: invalid OpenMAX IL target, you must specify one of --with-omx-target={generic,rpi,bellagio,tizonia,zynqultrascaleplus}
Instead default to 'generic', fixing the build with E.G. nvidia-tegra23.
Don't enable openldap in static build because openldap has too many
optional dependencies (gmp, gnutls, nss, openssl, ...) and openldap
doesn't provide a pkg-config file (and does not want to do it:
http://www.openldap.org/lists/openldap-bugs/201406/msg00020.html)
Fabrice Fontaine [Sun, 31 Mar 2019 12:18:10 +0000 (14:18 +0200)]
package/scons: remove python from SCONS
Remove $(HOST_DIR)/bin/python from SCONS variable to allow each scons
package to select their python interpreter. Indeed, most of the scons
packages (alljoyn, benejson, gpsd) only supports python2
configs/engicam_imx6qdl_icore_rqs: fix incorrect use of uboot defconfig file
In u-boot v2017.09 release, configs/imx6qdl_icore_rqs_mmc_defconfig
was renamed to configs/imx6qdl_icore_rqs_defconfig. So use correct
defconfig file name.
configs/engicam_imx6ul_isiot: fix use of incorrect uboot defconfig file
In u-boot v2018.03 release, configs/imx6ul_isiot_mmc_defconfig was
removed and afterwards both emmc and mmc use the same
imx6ul_isiot_emmc_defconfig file so fix the same.
Peter Korsgaard [Mon, 1 Apr 2019 19:52:03 +0000 (21:52 +0200)]
package/live555: security bump to version 2019.03.06
Fixes the following security issues:
- CVE-2019-6256: A Denial of Service issue was discovered in the LIVE555
Streaming Media libraries as used in Live555 Media Server 0.93. It can
cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when
RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in
a GET request and a POST request within the same TCP session. This occurs
because of a call to an incorrect virtual function pointer in the
readSocket function in GroupsockHelper.cpp.
- CVE-2019-7314: liblivemedia in Live555 before 2019.02.03 mishandles the
termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up,
which could lead to a Use-After-Free error that causes the RTSP server to
crash (Segmentation fault) or possibly have unspecified other impact.
- CVE-2019-9215: n Live555 before 2019.02.27, malformed headers lead to
invalid memory access in the parseAuthorizationHeader function.
The normal live555 web site is temporarily unavailable, so use an
alternative _SITE / drop upstream hash.
which forces to use host-gettext-tiny as gnu's host-gettext
replacament if NLS is disabled, and msgfmt from gettext-tiny's package
crashes while processing translation files, so fix it by use
'--disable-nls' for a host-vim because host variant does not require
any tranalations.
Fabrice Fontaine [Sun, 31 Mar 2019 14:49:34 +0000 (16:49 +0200)]
package/rpm: drop binutils optional dependency
Since bump to version 4.14.2.1, binutils is not an optional dependency
anymore as bfd.h has been droped in 4.14.0 with
https://github.com/rpm-software-management/rpm/commit/245b5a3b4b6d616adf47361137987e90f8dab22c
So drop it and manage optional elfutils dependency through a
single line (and drop binutils/elfutils comment)
Yann E. MORIN [Sun, 31 Mar 2019 15:34:29 +0000 (17:34 +0200)]
package/gettext-tiny: fix build of libintl.a
Since libintl.a can be pulled in during the build of other shared libs,
it must be compiled with -fPIC, which is what gettext-tiny's Makefile
would do.
Since we provide our own CFLAGS, they override those in the Makefile.
Fix that by ensuring that -fPIC is used when building the static
library.
Thomas Petazzoni [Sun, 31 Mar 2019 13:23:45 +0000 (15:23 +0200)]
package/gettext-tiny: take GNU gettext from our own directory
Even though gettext-tiny re-uses the gettext-gnu source code, it makes
a separate download in the gettext-tiny download folder, so use this
one, and not the one from the gettext-gnu download folder, which may
not exist.
projects / buildroot-mgba.git / log