Fixes the following security issues:
CVE-2016-9577
Frediano Ziglio of Red Hat discovered a buffer overflow
vulnerability in the main_channel_alloc_msg_rcv_buf function. An
authenticated attacker can take advantage of this flaw to cause a
denial of service (spice server crash), or possibly, execute
arbitrary code.
CVE-2016-9578
Frediano Ziglio of Red Hat discovered that spice does not properly
validate incoming messages. An attacker able to connect to the
spice server could send crafted messages which would cause the
process to crash.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2016-0749: The smartcard interaction in SPICE allows remote attackers to
cause a denial of service (QEMU-KVM process crash) or possibly execute
arbitrary code via vectors related to connecting to a guest VM, which
triggers a heap-based buffer overflow.
CVE-2016-2150: SPICE allows local guest OS users to read from or write to
arbitrary host memory locations via crafted primary surface parameters, a
similar issue to CVE-2015-5261.
The pyparsing check has been dropped from configure, and the spice protocol
definition is again included, so the workarounds can be removed.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2015-3247: Race condition in the worker_update_monitors_config function
in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial
of service (heap-based memory corruption and QEMU-KVM crash) or possibly
execute arbitrary code on the host via unspecified vectors.
CVE-2015-5260: Heap-based buffer overflow in SPICE before 0.12.6 allows
guest OS users to cause a denial of service (heap-based memory corruption
and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL
commands related to the surface_id parameter.
CVE-2015-5261: Heap-based buffer overflow in SPICE before 0.12.6 allows
guest OS users to read and write to arbitrary memory locations on the host
via guest QXL commands related to surface creation.
Client/gui support is gone upstream (moved to spice-gtk / virt-viewer), so
add Config.in.legacy handling for them.
Lz4 is a new optional dependency, so handle it.
The spice protocol definition is no longer included and instead used from
spice-protocol. The build system uses pkg-config --variable=codegendir to
find the build time path of this, which doesn't take our STAGING_DIR prefix
into consideration, so it needs some help. The installed protocol
definition will likewise be newer than the generated files, so we need to
workaround that to ensure they are not regenerated (which needs host python
/ pyparsing).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tunneling support is gone upstream, so drop the patch and add
Config.in.legacy handling for the option.
Celt051 is no longer a hard dependency, and opus is a new optional
dependency, so adjust the dependencies to match.
Python / pyparsing are not needed as the tarball contains the generated
files (this should presumably have been host-python in the first place as
these are used at build time), but we need a small workaround to convince
configure that they really aren't needed.
Alsa-lib is only needed for client support, and the configure script checks
for X11/Xext/Xrender, so adjust the dependencies to match.
A user manual is now generated by default if asciidoc is available, so
explicitly disable that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch forces BR2_PACKAGE_LINUXCONSOLETOOLS_INPUTATTACH
to be selected if none of the other sub-options are
selected. This fixes build failures when using
'make randpackageconfig', where selecting
BR2_PACKAGE_LINUXCONSOLETOOLS without selecting any sub-option
would break in the 'install to target' phase.
Fixes:
http://autobuild.buildroot.net/results/94b/94bc050f291cc42a4fdcf02157320576feb03654/http://autobuild.buildroot.net/results/f62/f62c5e8bd63d21211eb0e658c4e84135bd59b8cb/
And many more.
[Peter: add autobuilder references and wrap Config.in line]
Signed-off-by: Koen Martens <koen.martens@transport.alstom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patch 0006 is no longer needed as the fix is already upstream.
Confirmed that the colors are displayed correctly when running the
Qt5CinematicDemo application on i.mx6.
Patch 0007 is already applied upstream.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch adds xradio wireless driver for SDIO WiFi chip XR819.
The out-of-tree driver is sourced from fifteenhex's work
on github https://github.com/fifteenhex/xradio
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[Thomas: add entry in DEVELOPERS file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
[Thomas: "depends on" before "select" in Config.in]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch backports two patches that have been sent upstream as a pull
request in order to fix sshd for MIPS64 n32.
The first patch adds support for detecting the MIPS ABI during the
configure phase.
The second patch sets the right value to seccomp_audit_arch taking into
account the MIPS64 ABI.
Currently seccomp_audit_arch is set to AUDIT_ARCH_MIPS64 or
AUDIT_ARCH_MIPSEL64 (depending on the endinness) when openssh is built
for MIPS64. However, that's only valid for n64 ABI. The right macros for
n32 ABI defined in seccomp.h are AUDIT_ARCH_MIPS64N32 and
AUDIT_ARCH_MIPSEL64N32, for big and little endian respectively.
Because of that an sshd built for MIPS64 n32 rejects connection attempts
and the output of strace reveals that the problem is related to seccomp
audit:
[pid 194] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=57,
filter=0x555d5da0}) = 0
[pid 194] write(7, "\0\0\0]\0\0\0\5\0\0\0Ulist_hostkey_types: "..., 97) = ?
[pid 193] <... poll resumed> ) = 2 ([{fd=5, revents=POLLIN|POLLHUP},
{fd=6, revents=POLLHUP}])
[pid 194] +++ killed by SIGSYS +++
Pull request: https://github.com/openssh/openssh-portable/pull/71
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Updating version to latest as on 26 June 2017 to include kmstest utility
Signed-off-by: Venkateswara Rao Mandela <venkat.mandela@ti.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Upstream uploaded a new tarball with the same version number 2016-09-08,
some time after the update to v2.0.9 in buildroot. Someone noticed, but
upstream set the ticket to wontfix, and promised to do better in the
future: https://sourceforge.net/p/iperf2/tickets/20/
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes the following security issues:
CVE-2017-1000381: The c-ares function `ares_parse_naptr_reply()`, which is
used for parsing NAPTR responses, could be triggered to read memory outside
of the given input buffer if the passed in DNS response packet was crafted
in a particular way.
https://c-ares.haxx.se/adv_20170620.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
remove input-tools, it has been obsoleted by linuxconsoletools
linuxconsoletools uses the same name as upstream and carries
the latest version of the tools installed by input-tools.
Signed-off-by: Koen Martens <gmc@sonologic.nl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2017-3167: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
use of the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may lead to authentication requirements being bypassed.
CVE-2017-3169: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
mod_ssl may dereference a NULL pointer when third-party modules call
ap_hook_process_connection() during an HTTP request to an HTTPS port.
CVE-2017-7659: A maliciously constructed HTTP/2 request could cause
mod_http2 to dereference a NULL pointer and crash the server process.
CVE-2017-7668: The HTTP strict parsing changes added in Apache httpd 2.2.32
and 2.4.24 introduced a bug in token list parsing, which allows
ap_find_token() to search past the end of its input string. By maliciously
crafting a sequence of request headers, an attacker may be able to cause a
segmentation fault, or to force ap_find_token() to return an incorrect
value.
CVE-2017-7679: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26,
mod_mime can read one byte past the end of a buffer when sending a malicious
Content-Type response header.
While we're at it, use the upstream sha256 checksum instead of sha1.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes the following security issues:
CVE-2017-3140 is a denial-of-service vulnerability affecting 9.9.10,
9.10.5, 9.11.0->9.11.1, 9.9.10-S1, and 9.10.5-S1 when configured with
Response Policy Zones (RPZ) utilizing NSIP or NSDNAME rules.
https://kb.isc.org/article/AA-01495/74/CVE-2017-3140
CVE-2017-3141 is a Windows privilege escalation vector affecting
9.2.6-P2+, 9.3.2-P1+, 9.4.x, 9.5.x, 9.6.x, 9.7.x, 9.8.x, 9.9.0->9.9.10,
9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, and 9.10.5-S1. The
BIND Windows installer failed to properly quote the service paths,
possibly allowing a local user to achieve privilege escalation, if
allowed by file system permissions.
https://kb.isc.org/article/AA-01496/74/CVE-2017-3141
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
[Thomas: propagate paho-mqtt dependencies, use alphabetic ordering.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
[Thomas: propagate rabbitmq-c dependency, use alphabetic ordering.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
janus-gateway supports many different transports, and currently there
is no implicit way to turn them off or on. Instead, if the dependency
happens to be built, then the transport is enabled.
Create a transports section in the config file and add
BR2_PACKAGE_JANUS_REST as the first transport.
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
[Thomas: propagate thread dependency.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Such a construct allows to bail out if the installation of one of the
program fails, which the current shell-based for loop doesn't do.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This revision includes:
- Moving from a handwritten makefile to autotools.
- Restructuring and cleaning up the source tree.
- Fixing the problems that the patches in the package/mtd directory fixed.
Changes:
- Move from generic-package to autotools-package in mtd.mk.
- Remove no longer necessary patches.
- Update binary locations in mtd.mk
- Update library/header locations in mtd.mk
- Remove MTD_ADD_MISSING_LINTL definition from mtd.mk, as it's no longer
needed.
Tested with toolchains compiled with musl, uclibc, and glibc.
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
[Thomas: additional improvements
- introduce hidden options BR2_PACKAGE_MTD_JFFS_UTILS,
BR2_PACKAGE_MTD_UBIFS_UTILS and BR2_PACKAGE_MTD_TESTS that match the
./configure options of mtd. Those hidden options select the
appropriate dependencies checked by the configure script, and are
selected by the existing per-tool Config.in options.
- .mk file is changed to handle properly the new hidden options
BR2_PACKAGE_MTD_JFFS_UTILS, BR2_PACKAGE_MTD_UBIFS_UTILS and
BR2_PACKAGE_MTD_TESTS.
- .mk file is changed to properly handle BR2_PACKAGE_ACL, by passing
--with-xattr/--without-xattr.
- remove HOST_MTD_BUILD_CMDS and HOST_MTD_INSTALL_CMDS, those are no
longer needed since we have an autotools-package now.
- MTD_STAGING_y and MTD_INSTALL_STAGING_CMDS are removed, we use the
default staging installation commands, that install everything that
is needed.
- the MTD_TARGETS_UBI_y variable is merged into MTD_TARGETS_y, as we no
longer need to distinguish both.
- integck installation logic is moved into MTD_TARGETS_y.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In buildroot ffmpeg uses x264 as optional dependency if
BR2_PACKAGE_FFMPEG_GPL is enabled at the same time.
If BR2_PACKAGE_FFMPEG_GPL is disabled and ffmpeg is built without x264
support before x264 itself is build, x264 picks up certain ffmpeg libs
as optional dependency leading to build errors because x264 does not
correctly link statically against ffmpeg.
To avoid a circular dependency and to avoid teaching x264 how to
correctly link statically with ffmpeg we just disable all ffmpeg-
related options.
Fixes
http://autobuild.buildroot.net/results/36a/36abb5b8f3aab57fb7b63056b216b4a58143ee3e/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Buildroot no longer supports toolchains with glibc older than 2.17, so there
is no need to check whether librt is required for clock_* system calls.
Cc: Rhys Williams <github@wilberforce.co.nz>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Buildroot no longer supports toolchains with glibc older than 2.17, so there
is no need to check whether librt is required for clock_* system calls.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Buildroot no longer supports toolchains with glibc older than 2.17, so there
is no need to check whether librt is required for clock_* system calls.
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Buildroot no longer supports toolchains with glibc older than 2.17, so there
is no need to link with librt for clock_* system calls.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Buildroot no longer supports toolchains with glibc older than 2.17, so there
is no need to link with librt for clock_* system calls.
The following patches are not renumbered. The noise is too high.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Buildroot no longer supports toolchains with glibc older than 2.17, so there
is no need to link with librt for clock_* system calls.
Cc: Michael Rommel <rommel@layer-7.net>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Buildroot no longer supports toolchains with glibc older than 2.17, so there
is no need to link with librt for clock_* system calls.
Cc: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The CodeSourcery sh toolchain has been removed. Drop negative dependencies on
that toolchain.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add patch to fix following error:
| ../../libtirpc-1.0.1/src/xdr_sizeof.c:93:13: error: 'uintptr_t' undeclared (first use in this function); did you mean '__intptr_t'?
| if (len < (uintptr_t)xdrs->x_base) {
| ^~~~~~~~~
This error occurs with the latest glibc master version (during the testing I had
glibc commit 92bd70fb85bce57ac47ba5d8af008736832c955a), but doesn't occur with
version 2.25.
Patch includes stdint.h to provide uintptr_t.
It has been submitted upstream:
https://sourceforge.net/p/libtirpc/mailman/message/35850276/
Signed-off-by: Dmitrii Kolesnichenko <dmitrii@synopsys.com>
[Thomas: reformat as Git formatted patch.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This package provides a kernel module and utilities in order to use
v4l2loopback virtual devices. This module allows you to create
"virtual video devices" normal (v4l2) applications will read these
devices as if they were ordinary video devices, but the video will not
be read from e.g. a capture card but instead it is generated by
another application.
Signed-off-by: Alexandre Esse <alexandre.esse.dev@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We already have an option for selecting sntp support in ntp that can be
chosen from the menuconfig, and ntp's configure script has a --with-sntp
option (with its --without counterpart) which can be used for disabling
sntp support in ntp. However, we are not using it. This patch will make
use of it.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The configure option --with-ncurses has been removed in version 1.0.0
and thus is no longer needed.
Signed-off-by: Rodrigo Rebello <rprebello@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2017-9468 - Joseph Bisch discovered that Irssi does not properly handle
DCC messages without source nick/host. A malicious IRC server can take
advantage of this flaw to cause Irssi to crash, resulting in a denial of
service.
CVE-2017-9469 - Joseph Bisch discovered that Irssi does not properly handle
receiving incorrectly quoted DCC files. A remote attacker can take
advantage of this flaw to cause Irssi to crash, resulting in a denial of
service.
See https://irssi.org/security/irssi_sa_2017_06.txt for more details.
Remove 0001-Get-back-to-using-pkg-config-to-check-for-OpenSSL.patch as it
applied upstream and drop autoreconf as configure.ac is no longer patched.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
- CVE-2017-9233 - External entity infinite loop DoS. See:
https://libexpat.github.io/doc/cve-2017-9233/
- CVE-2016-9063 -- Detect integer overflow
And further more:
- Fix regression from fix to CVE-2016-0718 cutting off longer tag names.
- Extend fix for CVE-2016-5300 (use getrandom() if available).
- Extend fix for CVE-2012-0876 (Change hash algorithm to William Ahern's
version of SipHash).
Also add an upstream patch to fix detection of getrandom().
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Currently building full gdb for MIPS musl fails because it's trying to
include <sgidefs.h> which is provided by glibc and uClibc, but not by
musl.
However, the kernel headers provide <asm/sgidefs.h> which has the same
definitions, so we can use that one instead.
Backporting a patch that has been sent upstream. Taken from here:
https://sourceware.org/bugzilla/show_bug.cgi?id=21070
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Linuxconsoletools contains the inputattach utility
to attach legacy serial devices to the Linux kernel
input layer and joystick utilities to calibrate and
test joysticks and joypads.
The buildroot package adds options to build only certain
tools.
website: http://sf.net/projects/linuxconsole/
Signed-off-by: Koen Martens <gmc@sonologic.nl>
[Thomas: minor tweaks to Config.in and .mk file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
fcgiwrap's configure script appends -Werror to AM_CFLAGS, then use it
to build the package. This is an issue when Buildroot supports a new
compiler version and this version makes some warnings appear.
Luckily, one can provide CFLAGS=-Wno-error to the configure script so
it appends -Wno-error to AM_CFLAGS.
Fixes:
http://autobuild.buildroot.net/results/8e04bf5a85ecd7f120bc9dedeedc891def6c46c1/
Signed-off-by: Thomas Claveirole <thomas.claveirole@green-communications.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Kvazaar is an open-source HEVC encoder licensed under LGPLv2.1.
This provides tools to encode raw video into HEVC stream.
website: http://ultravideo.cs.tut.fi/
Signed-off-by: Alexandre Esse <alexandre.esse.dev@gmail.com>
[Thomas: add --without-cryptopp to explicitly disable support for this
optional dependency, use SPDX license code, fix Config.in]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
- Update the "basic set" description to include fincore, which is built
by default, and remove tailf, which was removed in this version.
- Add configuration options for the new utilities "chmem" and "lsmem".
- Remove patch already applied upstream.
- Drop autoreconf, since the patch on term-utils/Makemodule.am is gone.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Upstream quickly removes old versions from
http://www.imagemagick.org/download/releases
For our LTS versions we should switch to a stable upstream repo which
provides all released versions.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Allow the i.MX SDMA firmwares to be installed.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The tool was hosted at fedorahosted.org which was shut down in early
2017. According to a private conversation with the upstream maintainer,
the new home for this tool is on infradead.org so far. So the SITE was
adapted accordingly.
Additionally the version was bumped from 1.4 to current master. This
allows to drop one build patch. The other patches were recreated with
Git.
Cc: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
List minimal set of packages needed to be installed alongside to be able
to run IPython 5.2.2 with Python 2/3.
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
[Thomas: use alphabetic ordering.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add 'python-backports-shutil-get-terminal-size'[1] package to
buildroot. Needed by IPython when building against Python2.
[1] https://pypi.python.org/pypi/backports.shutil_get_terminal_size
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add 'pathlib2'[1] package to Buildroot. Needed by 'pickleshare'
package, which is added in the next patch.
[1] https://pypi.python.org/pypi/pathlib2
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Running glmark2 on imx6 with kernel 4.11.4 and Mesa 17.1.2 leads to
a segmentation fault.
Apply Lucas Stach's patch to fix the problem while upstream glmark2
doesn't get fixed.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Recent setuptools versions require bootstrap.py to be invoked
before the standard setup process. So create such pre configure
hooks for both host and target versions.
Change download location to GitHub because setuptools doesn't
provide *.tar.gz any longer.
Fix legal info. setuptools is now licensed under MIT licence.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Building boosts module context is affected by GCC bug 64735 [1]:
```
./boost/context/execution_context_v2.hpp:298:31: error: 'exception_ptr' is not a member of 'std'
auto p = std::make_tuple( std::exception_ptr{}, std::move( data) );
```
This is because `exception_ptr` from libstdc++ is not available for
architectures not supporting always lock-free atomic ints.
Note, that this bug is fixed in GCC 7.
Fixes:
http://autobuild.buildroot.net/results/f4e/f4e8a3727f19f7df4a1c45efe3603422fafd4af5/
[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64735
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also remove patch, as it was committed upstream.
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
HTTPS works better behind certain corporate firewalls.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2017-7507: decoding a status request TLS extension that has a
non-empty responder IDs list could lead to a crash due to a null pointer
dereference.
https://lists.gnupg.org/pipermail/gnutls-devel/2017-June/008446.html
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add new runtime dependencies bcrypt and pynacl.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
