CVE-2017-12627: dereference of a NULL pointer while processing the path
to the DTD.
xerces 3.2.1 includes this patch. But this version also added
AC_RUN_IFELSE to its configure script, making cross compilation harder.
Switching to cmake is also problematic since the minimum required cmake
version is 3.2.0. The host dependencies check currently allows minimum
cmake version 3.1.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It seems to be in place for historical reasons since it seems to build
just fine on my test rigs.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit tweaks the Makefile.in to not build and install example
applications.
[Thomas: improve commit log, rebase on top of latest master.]
Signed-off-by: Damien Lanson <damien@kal-host.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit bumps the version of xerces to 3.1.2, changes tarball to
.tar.xz, and adds a hash file.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When curl support is enabled in xerces, and a host curl is available
on the system, it might try to use it, so this patch adds --with-curl=
to the configure options to explicitly indicate where is the curl
library to use.
Should fix:
http://autobuild.buildroot.org/results/c3c/c3c6be45d0f764fb931a46dbf1509ccf2916ecbf/
(We were not able to reproduce specifically this problem, but
another similar problem, where curl was detected, but considered as
non-working because of the compilation failure of a test program.)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.
Sed command used:
find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since the trailing slash is stripped from $($(PKG)_SITE) by pkg-generic.mk:
$(call DOWNLOAD,$($(PKG)_SITE:/=)/$($(PKG)_SOURCE))
so it is redundant.
This patch removes it from $(PKG)_SITE variable for BR consistency.
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch lines up the comments in Config.in files that clarify which
toolchain options the package depends on.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thanks to the pkgparentdir and pkgname functions, we can rewrite the
AUTOTARGETS macro in a way that avoids the need for each package to
repeat its name and the directory in which it is present.
[Peter: pkgdir->pkgparentdir]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Now that those values are passed at the autotools infrastructure
level, there's no need for every package to pass inconsistent values.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
The build system has a race condition causing build failure with high
BR2_JLEVEL values, so ensure make -j1 is used.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
The iconv library can only be present when locale are disabled in the
toolchain. When locale are enabled in the toolchain, iconv is directly
implemented by the C library.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
All "select BR2_PACKAGE_LIBICONV" must use the "if !BR2_ENABLE_LOCALE"
condition, otherwise we can end up with a toolchain suppoting locales
*and* the libiconv package being compiled, which confuses other
packages. Example with glib:
gconvert.c:52:2: error: #error GNU libiconv in use but included
iconv.h not from libiconv
In addition to that, in xerces.mk, we add the dependency on libiconv
when it is available, to make sure it gets compiled before xerces.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
A C library will have been built by the toolchain makefiles, so there is no
need for packages to explicitly depend on uclibc.
Signed-off-by: Will Newton <will.newton@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
