Buildroot package bumps and configuration changes in order to build WPE main-next #557
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- update home page URL (old one is redirected to github) - change download to new location (github) - update license hash because of copyright year update: diff COPING: -Copyright © 2010,2011,2012,2013,2014,2015,2016,2017,2018,2019 Google, Inc. -Copyright © 2019 Facebook, Inc. +Copyright © 2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020 Google, Inc. +Copyright © 2018,2019,2020 Ebrahim Byagowi +Copyright © 2019,2020 Facebook, Inc. note: newer versions (2.7.x) require a migration to meson Signed-off-by: Francois Perrad <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
Signed-off-by: Peter Seiderer <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
- add defaults for all meson options (and order according to meson_options.txt file) - drop pthread linking flags previously needed for the test programs (maybe not needed by meson, tests disabled by option) Signed-off-by: Peter Seiderer <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
Add introspection support to harfbuzz otherwise activation of introspection in pango 1.46.1 will fail on: Couldn't find include 'HarfBuzz-0.0.gir' (search path: '['/home/naourr/work/instance-2/output-1/host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/../share/gir-1.0', '/home/naourr/work/instance-2/output-1/host/share/gir-1.0', '/home/naourr/work/instance-2/output-1/host/share', '/home/naourr/.local/share/flatpak/exports/share/gir-1.0', '/var/lib/flatpak/exports/share/gir-1.0', '/usr/local/share/gir-1.0', '/usr/share/gir-1.0', '/home/naourr/work/instance-2/output-1/host/share/gir-1.0', '/usr/share/gir-1.0']') Fixes: - http://autobuild.buildroot.org/results/3357225ee2d8392bfd57af91cde04a1113e03493 Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
Fixes: - http://autobuild.buildroot.org/results/70c98e89b1d5e5b651d1f6928dc53f465103f57a Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
remove merged patch Signed-off-by: Francois Perrad <[email protected]> Signed-off-by: Yann E. MORIN <[email protected]>
Release notes: http://site.icu-project.org/download/66 http://site.icu-project.org/download/67 Removed patches applied upstream: 0005: unicode-org/icu@4a3a457 0006 - 0008: unicode-org/icu@b7facd4 Reformatted hash file, locally computed tarball hash, upstream does not provide hashes anymore. Updated license hash due to update in copyright years (2019 -> 2020): unicode-org/icu@d95621c Signed-off-by: Bernd Kuhls <[email protected]> [[email protected]: further explain the license hash change] Signed-off-by: Yann E. MORIN <[email protected]>
icu uses std::max_align_t since version 67-1 and unicode-org/icu@a3078fb This raises the following build failure with gcc 4.8: utext.cpp:572:5: error: 'max_align_t' in namespace 'std' does not name a type std::max_align_t extension; ^ This build failure is due to GCC bug 56019: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=56019 Instead of adding BR2_TOOLCHAIN_HAS_GCC_BUG_56019, just bumps gcc dependency from 4.8 to 4.9 As this issue also affects host-icu, add a host gcc >= 4.9 dependency Fixes: - http://autobuild.buildroot.org/results/6d2658a3c165c99df3eae87b2970e738bd386245 - http://autobuild.buildroot.org/results/d204f1a528765d1440620a1eed8c29cbb5ec93c3 Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
Bump icu to the newest release. Tested in conjunction with qt 5.15.1 and a qt-based application. The license file has changed with just URLs changes: - # Project: http://code.google.com/p/lao-dictionary/ - # Dictionary: http://lao-dictionary.googlecode.com/git/Lao-Dictionary.txt - # License: http://lao-dictionary.googlecode.com/git/Lao-Dictionary-LICENSE.txt + # Project: https://github.com/veer66/lao-dictionary + # Dictionary: https://github.com/veer66/lao-dictionary/blob/master/Lao-Dictionary.txt + # License: https://github.com/veer66/lao-dictionary/blob/master/Lao-Dictionary-LICENSE.tx Signed-off-by: Heiko Stuebner <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
cpe:2.3:a:icu-project:international_components_for_unicode is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aicu-project%3Ainternational_components_for_unicode Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Yann E. MORIN <[email protected]>
Release notes: http://site.icu-project.org/download/69 Signed-off-by: Bernd Kuhls <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
Fixes CVE-2021-30535: Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2021-30535 Signed-off-by: Peter Korsgaard <[email protected]>
ICU build scripting adds some host libraries to LD_LIBRARY_PATH by
using constructs of the following form:
LD_LIBRARY_PATH="custom-path:${LD_LIBRARY_PATH}"
If the original LD_LIBRARY_PATH is empty, this causes the last search
directory be an empty string, i.e. the working directory.
ICU build runs some basic host commands (e.g. "rm") in $(TARGET_DIR)/lib
under such an LD_LIBRARY_PATH, causing target libraries (e.g. libc) to
possibly get loaded instead of host system libraries if they are
compatible enough (e.g. arch matches).
Since the target libraries may not actually be ABI compatible with host
system binaries (e.g. target has an old libc), this can cause crashes
or other errors.
Observed errors include:
(1) rm: libc.so.6: version `GLIBC_2.33' not found (required by rm)
(2) sh: line 1: 1362670 Segmentation fault (core dumped) rm -f libicudata.so.65
Workaround the issue by setting a dummy LD_LIBRARY_PATH when it would
otherwise be empty.
https://unicode-org.atlassian.net/browse/ICU-21417
Signed-off-by: Anssi Hannula <[email protected]>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <[email protected]>
Removed patch which was applied upstream: unicode-org/icu@2dc5bea Updated license hash due to typo fixes: unicode-org/icu@73eca0a Updated project URL as recommended in the release notes: https://github.com/unicode-org/icu/releases/tag/release-70-1 Signed-off-by: Bernd Kuhls <[email protected]> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <[email protected]>
Signed-off-by: Norbert Lange <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflow vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
Update libxml2 to version 2.9.11, which incorporates all the patches carried by Buildroot (which are hence removed), and includes fixes for CVE-2020-7595, CVE-2019-20388, CVE-2020-24977, and CVE-2021-3541 (at least), as per https://gitlab.gnome.org/GNOME/libxml2/-/issues/186#note_1104945 Signed-off-by: Adrian Perez de Castro <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
Brown-paper bag release: GNOME/libxml2@b48e77c Update indentation in hash file (two spaces) Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
Signed-off-by: James Hilliard <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]>
Fix the following security issues: - [CVE-2022-23308] Use-after-free of ID and IDREF attributes - Use-after-free in xmlXIncludeCopyRange - Fix Null-deref-in-xmlSchemaGetComponentTargetNs - Fix memory leak in xmlXPathCompNodeTest - Fix null pointer deref in xmlStringGetNodeList - Fix several memory leaks found by Coverity https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.13 Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
spenap
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In order to build WPE
main-next, I had to bump a number of dependencies:In addition, WPE needs to be configured not to use certain unsupported features. @magomez , we had previously discussed we were not sure whether to keep updating buildroot, so we can mark this as a draft / not merge but at least have it as a reference