Fix CVE-2021-3336: DoTls13CertificateVerify in tls13.c in wolfSSL before
4.7.0 does not cease processing for certain anomalous peer behavior
(sending an ED22519, ED448, ECC, or RSA signature without the
corresponding certificate). The client side is affected because
man-in-the-middle attackers can impersonate TLS 1.3 servers.
https://github.com/wolfSSL/wolfssl/releases/tag/v4.7.0-stable
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit b83184de67 (package/libjpeg: switch to s.b.o. as source site)
improperly added a trailing slash '/' at the end of LIBJPEG_SITE,
causing builds to fail:
package/libjpeg/libjpeg.mk:35: *** LIBJPEG_SITE (http://sources.buildroot.org/libjpeg/) cannot have a trailing slash. Stop.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
FOO_CPE_ID_VALID really ought to be an internal implementaion detail.
Packages that really want to trigger their CPE defintitions really
should set one of the actual variables to a meaningful value.
There are two CPE-related variables that we could chose to set to
replace FOO_CPE_ID_VALID: FOO_CPE_ID_VENDOR and FOO_CPE_ID_PRODUCT.
Between those two, _VENDOR more often diverges from the default than
_PRODUCT does, so that's what we use.
---8<------8<------8<------8<------8<---
#!/bin/bash
# Replace FOO_CPE_ID_VALID = YES with FOO_CPE_ID_VENDOR = foo_project
for i in $(git grep -l -E '[^)]_CPE_ID_VALID = YES' package support); do
pkg="$(basename "${i%/*}")"
sed -r -i -e "s/_CPE_ID_VALID = YES/_CPE_ID_VENDOR = ${pkg}_project/" "${i}"
done
---8<------8<------8<------8<------8<---
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: update cpe-test comment to reflect pkg3 change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The CPE variables are derived from the package upstream values, so they
must be set from the package values, not the other way around.
Also drop CPE_ID_VALID as it is implied as soon as at least one CPE
variable is set.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Actually asterisk package gets built with -O3 cflag since it's defaulted
into its sources, but it's not what we want, so let's empty its OPTIMIZE
Makefile variable letting Buildroot CFLAGS to take place instead.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
openblas internally sets -O2, after the flags being passed by Buildroot
(e.g. -Os).
Patch openblas to let the Buildroot-specified flag survive.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
openblas strips off -O1-O3 for certain source files, but forgets to handle
-Os, -Og and -O. This means that the intended effect of 'no optimization' is
not always reached.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Buildroot specifies a value for FFLAGS on the make command-line.
While the openblas makefiles allowed this principle for the most part by
using 'override FFLAGS += ....', the make.inc file generated for the shipped
'lapack' sources just used a 'FFLAGS = ...' statement, whose value is then
eclipsed by the command-line FFLAGS.
This meant that -fPIC may be passed to the link step but not to all relevant
source files, causing relocation failures.
Fixes: http://autobuild.buildroot.net/results/d530db0f37e1e0462e3af1e1787e15f94ff21884/
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes#13581
The tarball for version 9d, released 2020-01-12, has been silently
replaced upstream (a unicode BOM was removed from a few files),
causing hash mismatch.
This means that all our versions since 2020.02 will fail the hash
check, and fallback to using s.b.o. so we can't update the copy we
have on s.b.o.
As a consequence, we can't update the hash in master (soon 2021.02)
otherwise it would not match what we have on s.b.o.
This means that users will see hash mismatch by default, which is not
very nice. Although we can't do anything for all previous releases,
we can still try to paper over the problem for the future ones, like
2021.02, by switching the upstream to be s.b.o.
Sigh... :-(
Reported-by: Nick Shaforostov <mshaforostov@airmusictech.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changes:
* Fix JP2 decoder bug that can cause a null pointer dereference for
some invalid CDEF boxes. (#268)
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cpe:2.3:a:libsdl:sdl_image is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibsdl%3Asdl2_image
Indeed, cpe:2.3:a:libsdl:sdl2_image contains a single CPE entry for
version 2.0.4, all the other entries have been deprecated in favor of
cpe:2.3:a:libsdl:sdl_image:
<cpe-item name="cpe:/a:libsdl:sdl2_image:2.0.3" deprecated="true" deprecation_date="2020-07-28T15:42:37.767Z">
<reference href="https://www.libsdl.org/projects/SDL_image/">Product</reference>
<cpe-23:cpe23-item name="cpe:2.3:a:libsdl:sdl2_image:2.0.3:*:*:*:*:*:*:*">
<cpe-23:deprecated-by name="cpe:2.3:a:libsdl:sdl_image:2.0.3:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>
<cpe-item name="cpe:/a:libsdl:sdl2_image:2.0.4">
<reference href="http://hg.libsdl.org/SDL_image/">Version</reference>
<cpe-23:cpe23-item name="cpe:2.3:a:libsdl:sdl2_image:2.0.4:*:*:*:*:*:*:*"/>
<cpe-item name="cpe:/a:libsdl:sdl2_image:2.0.5" deprecated="true" deprecation_date="2020-07-28T15:42:40.500Z">
<reference href="http://hg.libsdl.org/SDL_image/">Version</reference>
<cpe-23:cpe23-item name="cpe:2.3:a:libsdl:sdl2_image:2.0.5:*:*:*:*:*:*:*">
<cpe-23:deprecated-by name="cpe:2.3:a:libsdl:sdl_image:2.0.5:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>:
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit e5594f7239 fixed privsep for sh,
or1k, microblaze, xtensa, arc, nds32 and nios2, but failed to take into
account that the audit functionality is only available in recent kernels
on those architectures.
Pass the --disable-privsep configure option if the kernel is too old in
those architectures.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
riscv32 is (surprise!) a 32-bit architecture. But it has been Y2038-safe
from its inception. As such, there are no legacy binaries that may use
the 32-bit time syscalls, and thus they are not available on riscv32.
Code that directly calls to the syscalls without using the C libraries
wrappers thus need to handle this case by themselves. That's what
upstream tried to do with:
https://github.com/openssl/openssl/commit/5b5e2985f355c8e99c196d9ce5d02c15bebadfbc
We initially carried that patch with 2bb26c1a1d (package/libopenssl:
fix build on riscv32).
However, as Arnd Bergmann puts it [0]:
The patch looks wrong to me: __NR_io_pgetevents_time64 must be used
whenever time_t is 64-bit wide on a 32-bit architecture, while
__NR_io_getevents/__NR_io_pgetevents must be used when time_t is the
same width as 'long'.
Checking whether __NR_io_getevents is defined is wrong for all
architectures other than riscv
And Arnd agrees that patch should be reverted [1] [2] (there are further
comments in that stream, that are worth reading).
As such, we've reverted 2bb26c1a1d with 6cfb4ad7f7.
This means we have no working solution to enable openssl on riscv32 for
now. So, rather than fail the build, or backport a dysfunctional patch,
let's just forbid openssl on riscv32.
Drop the default from the choice selection; it was anyway superfluous:
the default of a choice, if left unspecified, is the first entry of the
choice. Also, having a default means we'd have to also propagate the
dependencies of the defaulted-to symbol, which is yet a little bit more
maintenance. Since the chances we get a third implementation of openssl
are pretty slim (very, very slim), reasoning about what is the default
is still very easy.
When propagating dependencies to tpm2-tss' users, we've tried to keep
the architecture dependency toward the top when possible, and otherwise
we've added it together with existing arch dependencies (MMU).
While at it, drop a useless redundant comment in ibm-sw-tpm2: if we
select FORCE_LIBOPENSSL, it is obvious that's because libressl is not
supported... Besides none of the other users of FORCE_LIBOPENSSL have
such a comment.
Fixes:
http://autobuild.buildroot.org/results/eb9/eb9a64d4ffae8569b5225083f282cf87ffa7c681/
...
http://autobuild.buildroot.org/results/07e/07e413b24ba8adc9558c80267ce16dda339bf032/
[0] https://github.com/openssl/openssl/commit/5b5e2985f355c8e99c196d9ce5d02c15bebadfbc#commitcomment-44782859
[1] https://github.com/openssl/openssl/commit/5b5e2985f355c8e99c196d9ce5d02c15bebadfbc#commitcomment-47826509
[2] https://github.com/openssl/openssl/commit/5b5e2985f355c8e99c196d9ce5d02c15bebadfbc#commitcomment-47830530
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Mark Corbin <mark@dibsco.co.uk>
cpe:2.3:a:miniupnp_project:miniupnpc is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aminiupnp_project%3Aminiupnpc
Split the _VERSION into the traditional major/minor separation, even
though it is not strictly speaking major/minor. This allows re-using for
the CPE versioning.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- inverse the split: rather than defining _VERSION based on the CPE
values, split the _VERSION and use that to define the CPE variables
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix hash added by commit 28c7ff0bdb:
https://patchwork.ozlabs.org/project/buildroot/patch/20210104101054.5392-1-jubalh@iodoru.org
Says Michael:
> ERROR: libstrophe-0.10.1.tar.gz has wrong sha256 hash:
> ERROR: expected: 4918c47029ecdea2deab4b0f9336ca4a8bb12c28b72b2cec397d98664b94c771
> ERROR: got : 5bf0bbc555cb6059008f1b748370d4d2ee1e1fabd3eeab68475263556405ba39
> ERROR: Incomplete download, or man-in-the-middle (MITM) attack
I'm sorry about that. We had some disagreement at JasPer and we removed
an existing tag and created the same tag on a different commit. Thus
generating a different tarball under the same tag..
I thought I only did the buildroot update after this, but maybe I
remember wrong.
While at it, also update indentation in hash file (two spaces)
Fixes:
- http://autobuild.buildroot.org/results/2f13af96eee20176ccb37ad32ec1472b4c9d6208
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: quote Michael's explanations]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Changes:
* Fixed compilation error when LibreSSL is used
* Fixed crash when NULL is provided as password
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit 2bb26c1a1d.
There was some negative feedback from Arnd Bergmann on that patch:
https://github.com/openssl/openssl/commit/5b5e2985f355c8e99c196d9ce5d02c15bebadfbc#commitcomment-44782859
The patch looks wrong to me: __NR_io_pgetevents_time64 must be used
whenever time_t is 64-bit wide on a 32-bit architecture, while
__NR_io_getevents/__NR_io_pgetevents must be used when time_t is the
same width as 'long'.
Checking whether __NR_io_getevents is defined is wrong for all
architectures other than riscv
And in light of the above, indeed the patch does not look so correct
after all.
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issue:
- wpa_supplicant P2P provision discovery processing vulnerability (no CVE
yet)
A vulnerability was discovered in how wpa_supplicant processes P2P
(Wi-Fi Direct) provision discovery requests. Under a corner case
condition, an invalid Provision Discovery Request frame could end up
reaching a state where the oldest peer entry needs to be removed. With
a suitably constructed invalid frame, this could result in use
(read+write) of freed memory. This can result in an attacker within
radio range of the device running P2P discovery being able to cause
unexpected behavior, including termination of the wpa_supplicant process
and potentially code execution.
For more details, see the advisory:
https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: actually add the patch URL to the patch list]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
kismet embeds its own copy of fmt since version 2019-04-R1 so add a
dependency on wchar to avoid the following build failure when building
the server:
./fmt/core.h:1245:1:
std::wstring vformat(wstring_view format_str, wformat_args args);
^~~
./fmt/core.h:1266:13: error: 'wstring' in namespace 'std' does not name a type
inline std::wstring format(wstring_view format_str, const Args & ... args) {
^~~~~~~
./fmt/core.h:1266:8: note: 'std::wstring' is defined in header '<string>'; did you forget to '#include <string>'?
Fixes:
- http://autobuild.buildroot.org/results/f19b3d080514a799a1c75b38ff5f7ae4e8d2628d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Link with TARGET_NLS_LIBS if needed to avoid the following build failure
with perl in version 5.32:
/home/buildroot/autobuild/instance-3/output-1/host/bin/arm-linux-gcc -lm -Wl,-E -o perl perlmain.o libperl.a -lm -lcrypt -lpthread -ldl
/home/buildroot/autobuild/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/9.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: libperl.a(locale.o): in function `S_emulate_setlocale':
/home/buildroot/autobuild/instance-3/output-1/build/perl-5.32.1/locale.c:1182: undefined reference to `libintl_textdomain'
An upstream issue has been opened in:
https://github.com/Perl/perl5/issues/18467
Fixes:
- http://autobuild.buildroot.org/results/9df8d8d28006845b4f927548f8856dfa8f79802b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2020-14343: A vulnerability was discovered in the PyYAML library
in versions before 5.4, where it is susceptible to arbitrary code
execution when it processes untrusted YAML files through the full_load
method or with the FullLoader loader. Applications that use the library
to process untrusted input may be vulnerable to this flaw. This flaw
allows an attacker to execute arbitrary code on the system by abusing
the python/object/new constructor. This flaw is due to an incomplete fix
for CVE-2020-1747.
Update hash of LICENSE file (update in year:
https://github.com/yaml/pyyaml/commit/58d0cb7ee09954c67fabfbd714c5673b03e7a9e1)
https://github.com/yaml/pyyaml/blob/5.4.1/CHANGES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
gr-qtgui examples needs to have gr-analog enabled, without this dependency
compile crash with:
In file included from
/x/output/build/gnuradio-3.8.1.0/gr-qtgui/examples/c++/display_qt.cc:22:
/x/output/build/gnuradio-3.8.1.0/gr-qtgui/examples/c++/display_qt.h:24:10:
fatal error: gnuradio/analog/noise_source.h: No such file or directory
24 | #include <gnuradio/analog/noise_source.h>
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
make[3]: *** [gr-qtgui/examples/c++/CMakeFiles/display_qt.dir/build.make:67:
gr-qtgui/examples/c++/CMakeFiles/display_qt.dir/display_qt.cc.o] Error 1
make[3]: *** Waiting for unfinished jobs....
In file included from
/somewhere/gnuradio/build/gr-qtgui/examples/c++/moc_display_qt.cpp:10:
/somewhere/gnuradio/build/gr-qtgui/examples/c++/../../../../gr-qtgui/examples/c++/display_qt.h:24:10:
fatal error: gnuradio/analog/noise_source.h: No such file or directory
24 | #include <gnuradio/analog/noise_source.h>
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
GR_ANALOG is not an explicit dependency of GR_QTGUI, so disable c++ examples if
user has not selected this option.
[backported from 7470a7a3771dd90defb826b464dfe62977cb1eb6]
Fixes:
- http://autobuild.buildroot.net/results/fde670499289f3d7d47379eebccf6e0f92c6d200/
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
From the release notes:
(https://github.com/redis/redis/blob/6.0.12/00-RELEASENOTES)
================================================================================
Redis 6.0.11 Released Mon Feb 22 16:13:23 IST 2021
================================================================================
Upgrade urgency: SECURITY if you use 32bit build of redis (see bellow), LOW
otherwise.
Integer overflow on 32-bit systems (CVE-2021-21309):
Redis 4.0 or newer uses a configurable limit for the maximum supported bulk
input size. By default, it is 512MB which is a safe value for all platforms.
If the limit is significantly increased, receiving a large request from a client
may trigger several integer overflow scenarios, which would result with buffer
overflow and heap corruption.
================================================================================
Redis 6.0.12 Released Mon Mar 1 17:29:52 IST 2021
================================================================================
Upgrade urgency: LOW, fixes a compilation issue.
Bug fixes:
* Fix compilation error on non-glibc systems if jemalloc is not used (#8533)
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the release notes:
https://blog.prosody.im/prosody-0.11.8-released/
This release also fixes a security issue, where channel binding, which
connects the authentication layer (i.e. SASL) with the security layer (i.e.
TLS) to detect man-in-the-middle attacks, could be used on connections
encrypted with TLS 1.3, despite the holy texts declaring this undefined.
https://issues.prosody.im/1542
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Peter: mark as security bump, expand commit text]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We have defconfigs for quite a few friendlyarm boards, but the
naming for the defconfigs for those boards is inconsistent: some
start with 'friendlyarm_' while others don't.
Although the number of boards starting with 'friendlyarm_' is
less than those which do not, we still choose to rename the
boards so all have the 'friendlyarm_' prefix.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Chakra Divi <chakra@openedev.com>
Cc: Davide Viti <zinosat@gmail.com>
Cc: Marek Belisko <marek.belisko@open-nandra.com>
Cc: Suniel Mahesh <sunil@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
runuser allows running commands as another user, but needs to run as
root to be able to setuid(). But Buildroot does not require running as
root, and so runuser can't be used.
Incientally, that fixes host build in case unsuitable libs are found on
the system:
http://lists.busybox.net/pipermail/buildroot/2021-February/304261.html
Reported-by: GA K <guyarkam@gmail.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
- expand the commit log with a more fundamental explanation that
runuser can't be used anyway
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Privoxy 3.0.32 fixes a number of security issues:
- Security/Reliability:
- ssplit(): Remove an assertion that could be triggered with a
crafted CGI request.
Commit 2256d7b4d67. OVE-20210203-0001.
Reported by: Joshua Rogers (Opera)
- cgi_send_banner(): Overrule invalid image types. Prevents a
crash with a crafted CGI request if Privoxy is toggled off.
Commit e711c505c48. OVE-20210206-0001.
Reported by: Joshua Rogers (Opera)
- socks5_connect(): Don't try to send credentials when none are
configured. Fixes a crash due to a NULL-pointer dereference
when the socks server misbehaves.
Commit 85817cc55b9. OVE-20210207-0001.
Reported by: Joshua Rogers (Opera)
- chunked_body_is_complete(): Prevent an invalid read of size two.
Commit a912ba7bc9c. OVE-20210205-0001.
Reported by: Joshua Rogers (Opera)
- Obsolete pcre: Prevent invalid memory accesses with an invalid
pattern passed to pcre_compile(). Note that the obsolete pcre code
is scheduled to be removed before the 3.0.33 release. There has been
a warning since 2008 already.
Commit 28512e5b624. OVE-20210222-0001.
Reported by: Joshua Rogers (Opera)
for more details, see the announcement:
https://www.openwall.com/lists/oss-security/2021/02/28/1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix SOAP action responses which are broken since the switch to latest
version of libupnp (1.14.x) in version 2.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2020-15778: scp in OpenSSH through 8.3p1 allows command injection in
the scp.c toremote function, as demonstrated by backtick characters in the
destination argument. NOTE: the vendor reportedly has stated that they
intentionally omit validation of "anomalous argument transfers" because that
could "stand a great chance of breaking existing workflows."
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15778
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
CVE-2021-21330: Open redirect vulnerability in aiohttp
(normalize_path_middleware middleware)
Beast Glatisant and Jelmer Vernooij reported that python-aiohttp, a async
HTTP client/server framework, is prone to an open redirect vulnerability. A
maliciously crafted link to an aiohttp-based web-server could redirect the
browser to a different website.
For more details, see the advisory:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Fix CVE-2021-27218: An issue was discovered in GNOME GLib before
2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called
with a buffer of 4GB or more on a 64-bit platform, the length would be
truncated modulo 2**32, causing unintended length truncation.
- Fix CVE-2021-27219: An issue was discovered in GNOME GLib before
2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an
integer overflow on 64-bit platforms due to an implicit cast from 64
bits to 32 bits. The overflow could potentially lead to memory
corruption.
https://gitlab.gnome.org/GNOME/glib/-/blob/2.66.7/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion
failure in slapd can occur in the issuerAndThisUpdateCheck function via a
crafted packet, resulting in a denial of service (daemon exit) via a short
timestamp. This is related to schema_init.c and checkTime.
For more details, see the bugtracker:
https://bugs.openldap.org/show_bug.cgi?id=9454
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a
denial of service (invalid write access and application crash) or possibly
have unspecified other impact via a crafted UTF-8 character sequence.
For more details, see the oss-security discussion:
https://www.openwall.com/lists/oss-security/2021/02/09/3
So far no fix has been added to upstream git, and a number of early proposed
fixes caused regressions, so pull the security fix from the screen 4.8.0-5
Debian package.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issue:
CVE-2021-20176: A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and
7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file
that is processed by ImageMagick to trigger undefined behavior through a
division by zero. The highest threat from this vulnerability is to system
availability.
For more details, see the bugtracker:
https://github.com/ImageMagick/ImageMagick/issues/3077
- bump version to 7.0.10-62
- update license file hash (copyright year update)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Peter: mention security fix]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As of readline 8.1, "bracketed paste" is enabled by default. However,
the feature causes control characters to appear in captured (telnet)
session output. This can throw off pattern matching if the output is to
be processed by scripts.
Let's keep the previous default of leaving this feature disabled and
provide a configuration option for users to enable it.
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
[yann.morin.1998@free.fr:
- explicit enable/disable
- no indentation in conditional block
- rewrap help text
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
Affected Node.js versions are vulnerable to denial of service attacks when
too many connection attempts with an 'unknownProtocol' are established.
This leads to a leak of file descriptors. If a file descriptor limit is
configured on the system, then the server is unable to accept new
connections and prevent the process also from opening, e.g. a file. If no
file descriptor limit is configured, then this lead to an excessive memory
usage and cause the system to run out of memory.
CVE-2021-22884: DNS rebinding in --inspect
Affected Node.js versions are vulnerable to denial of service attacks when
the whitelist includes “localhost6”. When “localhost6” is not present in
/etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e.,
over network. If the attacker controls the victim's DNS server or can spoof
its responses, the DNS rebinding protection can be bypassed by using the
“localhost6” domain. As long as the attacker uses the “localhost6” domain,
they can still apply the attack described in CVE-2018-7160.
For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2021-23336: urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a
query args separator
https://bugs.python.org/issue42967
And fixes a number of issues. For details, see the changelog:
https://docs.python.org/release/3.9.2/whatsnew/changelog.html
Drop the now upstreamed security patch and update the license hash for a
change of copyright year:
-2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Python Software Foundation;
+2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Python Software Foundation;
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some download backends, like svn, will provide timestamps with a
sub-second precision, e.g.
$ svn info --show-item last-changed-date [...]
2021-02-19T20:22:34.889717Z
However, the PAX headers do not accept sub-second precision, leading to
failure to download from subversion:
tar: Time stamp is out of allowed range
tar: Exiting with failure status due to previous errors
make[1]: *** [package/pkg-generic.mk:148: [...]/build/subversion-1886712/.stamp_downloaded] Error 1
Fix that by massaging the timestamp to drop the sub-second part. We
do that in the generic helper, rather than the svn backend, so that
all callers to the generic helper benefit from this, as this is more
an internal details of the tarball limitations, than of the backends
themselves.
Reported-by: Roosen Henri <Henri.Roosen@ginzinger.com>
Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
[yann.morin.1998@free.fr:
- add Henri as reporter
- move it out of the svn backend, and to the generic helper
- reword the commit log accordingly
- use an explicit time format rather than -Iseconds
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issue:
- CVE-2020-8625: When tkey-gssapi-keytab or tkey-gssapi-credential was
configured, a specially crafted GSS-TSIG query could cause a buffer
overflow in the ISC implementation of SPNEGO (a protocol enabling
negotiation of the security mechanism to use for GSSAPI authentication).
This flaw could be exploited to crash named. Theoretically, it also
enabled remote code execution, but achieving the latter is very difficult
in real-world conditions
For details, see the advisory:
https://kb.isc.org/docs/cve-2020-8625
In addition, 9.11.26-27 fixed a number of issues, see the release notes for
details:
https://downloads.isc.org/isc/bind9/9.11.28/RELEASE-NOTES-bind-9.11.28.html
Drop now upstreamed patches, update the GPG key for the 2021-2022 variant
and update the COPYRIGHT hash for a change of year:
-Copyright (C) 1996-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 1996-2021 Internet Systems Consortium, Inc. ("ISC")
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This release contains a number of bug fixes. There is added support
for the EDNS Padding option (RFC7830 and RFC8467), and the EDNS NSID
option (RFC 5001). Unbound control has added commands to enable and
disable rpz processing. Reply callbacks have a start time passed to
them that can be used to calculate time, these are callbacks for
response processing. With the option serve-original-ttl the TTL served
in responses is the original, not counted down, value, for when in
front of authority service.
https://github.com/NLnetLabs/unbound/releases/tag/release-1.13.1
Signed-off-by: Stefan Ott <stefan@ott.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add patch to fix irqbalance/irqbalance-ui socket communication by
fixing uint64_t printf format usage.
Fixes:
$ irqbalance-ui
Invalid data sent. Unexpected token: (null)TYPE
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
- do an actual backport as upstream applied the patch
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Manually specified version must start with letter 'v',
otherwise, the generated version macro will be zero
in the <build_dir>/src_generated/open62541/config.h file:
#define UA_OPEN62541_VER_MAJOR 0
#define UA_OPEN62541_VER_MINOR 0
#define UA_OPEN62541_VER_PATCH 0
Reference from the following link:
https://open62541.org/doc/current/building.html
Signed-off-by: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As reported on IRC by sephthir, the gitlab test of the defconfig
qemu_sparc_ss10_defconfig doesn't error out while the system
is not working properly.
This is because we explicitly wait for the timeout as an expected
condition, but do not check for it. Indeed, pexpect.expect() returns
the index of the matching condition in the list of expected conditions,
but we just ignore the return code, so we are not able to differentiate
between a successful login (or prompt) from a timeout.
By default, pexepect.expect() raises the pexpect.TIMEOUT exception on a
timeout, and we are already prepared to catch and handle that exception.
But because pexpect.TIMEOUT is passed as an expected condition, the
exception is not raised.
Remove pexpect.TIMEOUT from the list of expected conditions, so that the
exception is properly raised again, and so that we can catch it.
The qemu_sparc_ss10_defconfig is already fixed by
4d16e6f532.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
[yann.morin.1998@free.fr: reword commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
scanpypi is python3 compatible. In addition, it executes the setup.py
of Python modules to extract the relevant information. Since these are
more and more commonly using python3 constructs, using "python" to run
scanpypi causes problems on systems that have python2 installed as
python, when trying to parse setup.py scripts with python3 constructs.
Fixes part of #13516.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Both options where removed in git commit dd846904cbc1ef3ee628d77f0c9df88ef8967816
back in year 2011.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
[yann.morin.1998@free.fr: drop the legacy handling]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 689b9c1a7c (package/cegui: disable xerces support) added
an unconditional assignment to _CONF_OPTS before all the conditional
ones, but used the append-assignment instead of the traditional plain
assignment.
Fix that by removing the append-assignment.
Use that opportunity to also move the first item of this multi-line
assignment, to its own line.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr:
- reference the exact commit that introduce the issue
- also move the first item to its own line
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issue:
- CVE-2021-23336: Web cache poisoning via django.utils.http.limited_parse_qsl()
Django contains a copy of urllib.parse.parse_qsl() which was added to
backport some security fixes. A further security fix has been issued
recently such that parse_qsl() no longer allows using ; as a query
parameter separator by default. Django now includes this fix. See
bpo-42967 for further details.
For more details, see the advisory:
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
v1.0.24 of libusb has a bug in the Linux backend where it fails to
enumerate any device with more than one configuration. Backport the
upstream patch which fixes this as otherwise libusb based applications
are unable to communicate with any devices advertising more than one
configuration.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- CVE-2021-23841: Null pointer deref in X509_issuer_and_serial_hash()
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to
create a unique hash value based on the issuer and serial number data
contained within an X509 certificate. However it fails to correctly
handle any errors that may occur while parsing the issuer field (which
might occur if the issuer field is maliciously constructed). This may
subsequently result in a NULL pointer deref and a crash leading to a
potential denial of service attack.
The function X509_issuer_and_serial_hash() is never directly called by
OpenSSL itself so applications are only vulnerable if they use this
function directly and they use it on certificates that may have been
obtained from untrusted sources.
- CVE-2021-23839: Incorrect SSLv2 rollback protection
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2
with a server that is configured to support both SSLv2 and more recent SSL
and TLS versions then a check is made for a version rollback attack when
unpadding an RSA signature. Clients that support SSL or TLS versions
greater than SSLv2 are supposed to use a special form of padding. A
server that supports greater than SSLv2 is supposed to reject connection
attempts from a client where this special form of padding is present,
because this indicates that a version rollback has occurred (i.e. both
client and server support greater than SSLv2, and yet this is the version
that is being requested).
The implementation of this padding check inverted the logic so that the
connection attempt is accepted if the padding is present, and rejected if
it is absent. This means that such as server will accept a connection if
a version rollback attack has occurred. Further the server will
erroneously reject a connection if a normal SSLv2 connection attempt is
made.
OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable
to this issue. The underlying error is in the implementation of the
RSA_padding_check_SSLv23() function. This also affects the
RSA_SSLV23_PADDING padding mode used by various other functions. Although
1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still
exists, as does the RSA_SSLV23_PADDING padding mode. Applications that
directly call that function or use that padding mode will encounter this
issue. However since there is no support for the SSLv2 protocol in 1.1.1
this is considered a bug and not a security issue in that version.
- CVE-2021-23840: Integer overflow in CipherUpdate
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may
overflow the output length argument in some cases where the input length
is close to the maximum permissable length for an integer on the platform.
In such cases the return value from the function call will be 1
(indicating success), but the output length value will be negative. This
could cause applications to behave incorrectly or crash.
For more details, see the advisory:
https://www.openssl.org/news/secadv/20210216.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add the list of <pkg>_IGNORE_CVES to the json output to show that we have a
known cause (available patch or the CVE is not valid for our package
configuration) that a affected CVE is not reported.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The compiler detection since openblas 0.3.8 added support for gcc 10, but
this broke detection of compilers created with crosstool-ng, or other
toolchains that have a package version containing a version like x.y.z where
at least one of x, y or z have more than one digit, for example
"Crosstool-NG 1.24.0".
See the reported issue for more details [1].
Backport the upstream patch that fixes it.
[1] https://github.com/xianyi/OpenBLAS/issues/3099
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Buildroot would automatically enable multithreading in OpenBLAS if the
architecture supports it. However, one may want to avoid OpenBLAS creating
threads itself and configure single-threaded operation. To accommodate this
use case, add a config option for multithreading.
When multithreading is disabled but OpenBLAS functions are called in the
same application by multiple threads, then locking is mandatory. The
USE_LOCKING flag was added in version 0.3.7 with following release note:
a new option USE_LOCKING was added to ensure thread safety when OpenBLAS
itself is built without multithreading but will be called from multiple
threads.
However, if one knows that OpenBLAS will only be called from single-threaded
applications, then passing USE_LOCKING is not necessary, so make it a config
option too.
When multithreading is enabled, locking is implicitly enabled inside
openblas, so only provide the locking option when multithreading is
disabled.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bugfix release, fixing a number of issues:
- Fix RunLoop objects leaked in worker threads.
- Fix JavaScriptCore AArch64 LLInt build with JIT disabled.
- Use Internet Explorer quirk for Google Docs.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2020-13558: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: A use after free issue in the
AudioSourceProviderGStreamer class was addressed with improved memory
management
For more details, see the advisory:
https://webkitgtk.org/security/WSA-2021-0001.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that gdlib-config is gone, provide the GD options otherwise perl-gd
will assume that everything is available:
$features = 'GD_GIF GD_GIFANIM GD_OPENPOLYGON GD_ZLIB GD_PNG GD_FREETYPE GD_FONTCONFIG GD_JPEG GD_XPM GD_TIFF GD_WEBP';
Also, while at it, also make some of the dependencies as optional as
suggested by François Perrad
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Francois Perrad <francois.perrad@gadz.org> (with
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1019385940
FAIL: test_run (tests.core.test_timezone.TestGlibcNonDefaultLimitedTimezone)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/builds/buildroot.org/buildroot/support/testing/tests/core/test_timezone.py", line 66, in test_run
self.assertEqual(tz[0].strip(), "EST")
AssertionError: '' != 'EST'
Commit 7868289fd5 (package/zic: bump version to 2020f) bumped the zic
version to 2020f, which changed the default output format from the classic
"fat" format to the new "slim" format:
https://github.com/eggert/tz/commit/6ba6f2117b95eab345a7ed9159cef939e30c4cd3
The slim format is unfortunately not supported by glibc < 2.28 or uClibc, so
explicitly request the classic "fat" format.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Currently, the envimage creation logic only depends on u-boot when the
user does not specify a custom envimage source via
BR2_PACKAGE_HOST_UBOOT_TOOLS_ENVIMAGE_SOURCE. This assumes that the
user-provided envimage source is not coming from the u-boot source
tree.
But especially given the fact that the envimage creation logic used to
be part of the u-boot package, this is a realistic scenario: users may
have provided a value of BR2_PACKAGE_HOST_UBOOT_TOOLS_ENVIMAGE_SOURCE
based on $(UBOOT_DIR), e.g.:
$(UBOOT_DIR)/board/foo-vendor/bar-board/env.txt
Therefore, always add the u-boot dependency if u-boot is selected, for
either case of custom or default envimage source.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[Thomas: re-organize code a bit.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
pickle is no longer used since 09a71e6a75
Fixes:
support/scripts/cpedb.py:7:1: F401 'pickle' imported but unused
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The synproxy plugin exists since 5.8.0 and is enabled by default in
collectd.
Add an option in Buildroot, disabled by default.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The logparser plugin is new since 5.11.0 and enabled by default in
collectd.
Add an option in Buildroot, disabled by default.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The mdevents plugin is new since 5.12.0 and enabled by default in
collectd.
Add an option in Buildroot, disabled by default.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The infiniband plugin is new since 5.12.0 and enabled by default in
collectd.
Add an option in Buildroot, disabled by default.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since the upgrade of ebtables from 2.0.10-4 to 2.0.11, there no longer is an
'ebtables' binary. It has been renamed to 'ebtables-legacy' and moved from
'/sbin' to '/usr/sbin'. This change is part of the upstream change to
integrate the functionality of ebtables (and arptables) in the iptables
package, using the nf_tables kernel backend [1].
Unfortunately, the renaming (and move) of the original 'ebtables' binary
breaks existing scripts that are calling 'ebtables' or '/sbin/ebtables'.
Therefore, add a symlink from the original path to 'ebtables-legacy'.
However, do not provide this symlink if BR2_PACKAGE_IPTABLES_NFTABLES is
enabled. In this case, the iptables package will build the new equivalent
of ebtables -- a symlink to ebtables-legacy would cause conflicts.
[1] https://wiki.nftables.org/wiki-nftables/index.php/Legacy_xtables_tools
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Acked-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since tcpdump 4.99.0, the 'tcpdump' binary is no longer installed in
/usr/sbin but in /usr/bin. This change invalidates the Buildroot hook
'TCPDUMP_REMOVE_DUPLICATED_BINARY', causing a fairly large rootfs size
increase as a result.
Update the path inside this hook.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-26528: The mg_http_serve_file function in Cesanta
Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via
connection request after exhausting memory pool.
- Fix CVE-2021-26529: The mg_tls_init function in Cesanta Mongoose HTTPS
server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable
to remote OOB write attack via connection request after exhausting
memory pool.
- Fix CVE-2021-26530: The mg_tls_init function in Cesanta Mongoose HTTPS
server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB
write attack via connection request after exhausting memory pool.
https://github.com/cesanta/mongoose/releases/tag/7.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
<rahul.jain@imgtec.com>: host mxa-00376f01.gslb.pphosted.com[185.132.180.163]
said: 550 5.1.1 User Unknown (in reply to RCPT TO command)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Glibc 2.33 removed `_STAT_VER`. On host machines, which updated to glibc
2.33, building host-fakeroot breaks:
```
In file included from communicate.h:20,
from libfakeroot.c:60:
libfakeroot.c: In function ‘chown’:
libfakeroot.c:99:40: error: ‘_STAT_VER’ undeclared (first use in this function)
99 | #define INT_NEXT_STAT(a,b) NEXT_STAT64(_STAT_VER,a,b)
```
The issue has been discussed on some package maintainer threads, e.g.:
https://bugs.archlinux.org/task/69572https://bugzilla.redhat.com/show_bug.cgi?id=1889862#c13
A patch series was prepared by Ilya Lipnitskiy which included two other
patches not related to the glibc 2.33 compatibility issue and submitted as
merge request for upstream:
https://www.mail-archive.com/openwrt-devel@lists.openwrt.org/msg57280.html
Upstream accepted the merge request:
https://salsa.debian.org/clint/fakeroot/-/merge_requests/10
Note, that this patch series only contains the necessay patches for glibc
2.33 compatibility.
Tested on my Arch Linux machine, building a UBIFS/OverlayFS-based root
filesystem for an i.MX6ULL target board.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Tested-by: Bartosz Bilas <b.bilas@grinn-global.com>
[Peter: drop patch numbering (PATCH x/y) as pointed out by check-package]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Unit tests fail to build with gcc 10 on:
[100%] Linking C executable NE10_dsp_unit_test_smoke
/home/buildroot/autobuild/instance-2/output-1/host/opt/ext-toolchain/bin/../lib/gcc/aarch64-none-linux-gnu/10.2.1/../../../../aarch64-none-linux-gnu/bin/ld: CMakeFiles/NE10_dsp_unit_test_static.dir/__/modules/dsp/test/test_suite_fft_float32.c.o:(.bss+0x0): multiple definition of `seatest_simple_test_result'; CMakeFiles/NE10_dsp_unit_test_static.dir/__/modules/dsp/test/test_main.c.o:(.bss+0x0): first defined here
So just disable them and, while at it, also disable examples which are
also enabled by default
Fixes:
- http://autobuild.buildroot.org/results/c658d52668825c26a15d6ac3ca538472cad5cd78
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changes:
* Fix memory-related bugs in the JPEG-2000 codec resulting from
attempting to decode invalid code streams. (#264, #265)
This fix is associated with CVE-2021-26926 and CVE-2021-26927.
* Fix wrong return value under some compilers (#260)
* Fix CVE-2021-3272 heap buffer overflow in jp2_decode (#259)
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, the CPE XML database is parsed into a Python dict, which is
then pickled into a local file, to speed up the processing of further
invocations.
However, it turns out that since the initial implementation, we have
switched the XML parsing from the out of tree xmltodict module to the
standard ElementTree one, which has made the parsing much faster. The
pickle caching only saves 6 seconds, on something that takes more than
13 minutes total.
In addition, this pickle caching consumes a significant amount of RAM,
causing the Python process to be OOM-killed on a server with 4 GB of
RAM.
So let's just drop this caching entirely.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commits ca1afcb217 (package/ply: needs headers >= 4.14) and
debe9eb13e (package/ply: needs dynamic library) added restrictions
on the availability of ply. The first forgot to add a comment, and
the second mis-handled the dependency on the headers version.
Indeed, we want the comment to show the requirement on the headers
version (since that is not a hardware dependency).
Fix this comment to include the headers version, and fix the condition
accordingly.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Andreas Klinger <ak@it-klinger.de>
ply builds and installs a library. Some objects that go in that library
are tagged with a 'section' attribute (excerpt):
__attribute__((section("providers")))
Later on, it references the bounds of that section, with the canonical
__start and __stop markers, which will eventually be created by the
linker:
extern struct provider __start_providers;
extern struct provider __stop_providers;
Sections only exists in an ELF file, and a static library id not an ELF.
So, when creating a static library, the markers are not created. Thus,
when linking the final executable, the link fails because of missing
symbols:
.../powerpc-buildroot-linux-uclibc/bin/ld: ../libply/.libs/libply.a(libply_la-provider.o): in function `provider_get':
provider.c:(.text+0xe): undefined reference to `__start_providers'
.../powerpc-buildroot-linux-uclibc/bin/ld: provider.c:(.text+0x12): undefined reference to `__stop_providers'
.../powerpc-buildroot-linux-uclibc/bin/ld: provider.c:(.text+0x2a): undefined reference to `__start_providers'
.../powerpc-buildroot-linux-uclibc/bin/ld: provider.c:(.text+0x32): undefined reference to `__stop_providers'
So, conceptually, ply can not build in static-only.
Fixes:
- http://autobuild.buildroot.net/results/3a586241d37614b644ff6c4674ae28df2b22fdf8
Signed-off-by: Andreas Klinger <ak@it-klinger.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Our documentation page already mentions the open-source and freely
available training materials from Bootlin on Buildroot.
It turns out that we now have online training courses accessible to
public registration, which makes them accessible to a wider
audience. It probably makes sense to mention them alongside the
training materials.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
since 2021.01, tools/binman is broken.
tools/binman/control.py imports pkg_resources
the module pkg_resources is supplied by setuptools,
so this new dependency is required.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
CVE-2021-27135: xterm through Patch #365 allows remote attackers to cause a
denial of service (segmentation fault) or possibly have unspecified other
impact via a crafted UTF-8 character sequence.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
CVE-2020-17525: Remote unauthenticated denial-of-service in Subversion
mod_authz_svn
Subversion's mod_authz_svn module will crash if the server is using
in-repository authz rules with the AuthzSVNReposRelativeAccessFile option
and a client sends a request for a non-existing repository URL.
For more details, see the advisory:
https://subversion.apache.org/security/CVE-2020-17525-advisory.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The tool 'protoc' and its associated library libprotoc.so are only
needed during development, to convert a protocol buffer definition in the
associated code for a specific code language.
Buildroot does not officially support creating a development environment on
target, so remove these files to reduce disk usage by more than 1.5 MB
(stripped, uncompressed).
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On install step the host tool syrepoctl is used to install some YANG
modules. Unfortunatly syrepoctl creates some files in /dev/shm folder and
does not cleanup afterwards. This files can be incompatible depending on
the used sysrepo version. This causes autobuilder failures when updating
the package [1].
To make sure we can remove this leftovers of sysrepoctl we specify a
build specific SYSREPO_SHM_PREFIX. With this the files can deleted safely
after installation is completed. This also ensures that concurrent
parallel builds will not affected mutualy.
The prfix must be unique between concurrent builds, so we use the build
directory ($(CONFIG_DIR)) to discriminate builds. It must also be unique
between top-level parallel package builds, so we also use the name of
the current package to discriminate.
Fixes:
[1] http://autobuild.buildroot.net/results/6e559c4f98b7ed93d7b5af638264e907492a6532/
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Co-Developed-by: Yann E. MORIN <yann.morin.1998@free.fr>
[yann.morin.1998@free.fr:
- also use the package name as discriminant
- expand commit log accordingly
- rename the variable to start with the package name
- explain why we clean up before as well
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The sysrepoctl executable from the host-sysrepo package is used to
install YANG modules during installation. So add the dependency here.
Also make sure we use this executable by setting the make environment
variable SYSREPOCTL_EXECUTABLE. Otherwise a system wide installed
sysrepoctl would be used that is not what we want.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Client fixes:
- Check contexts before importing them to reduce risk of extracted files escaping context store
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Security fixes:
- CVE-2021-21285 Prevent an invalid image from crashing docker daemon
- CVE-2021-21284 Lock down file permissions to prevent remapped root from accessing docker state
- Ensure AppArmor and SELinux profiles are applied when building with BuildKit
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When a developer has package/pkg-<infra>.mk assigned to him/her in the
DEVELOPERS file, this has 3 implications:
(1) Patches adding new packages using this infrastructure are Cc'ed
to this developer. This is done by the analyze_patch() function,
which matches the regexp r"^\+\$\(eval
\$\((host-)?([^-]*)-package\)\)$" in the patch, i.e where an
added line contains a reference to the infra maintained by the
developer.
(2) Patches touching the package/pkg-<infra>.mk file itself are Cc'ed
to this developer.
(3) Any patch touching a package using this infra are also Cc'ed to
this developer.
Point (3) causes a significant amount of patches to be sent to
developers who have package/pkg-generic.mk and
package/pkg-autotools.mk assigned to them in the DEVELOPERS
file. Basically, all patches touching generic or autotools packages
get CC'ed to such developers, which causes a massive amount of patches
to be received.
So this patch adjusts the getdeveloperlib.py to drop point (3), but
preserves point (1) and (2). Indeed, it makes sense to be Cc'ed on new
package additions (to make a review that they use the package
infrastructure correctly), and it makes sense to be Cc'ed on patches
that touch the infrastructure code itself.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop patches that are upstream now and fix hash file indentation.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Python 2.7 is EOL, so people should use the python3 package instead if
possible. Make it a bit more obvious that 'python' is not the right package
to use by explicitly mentioning that this is about python 2.7 and that it is
deprecated.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Very similar to the other stm32mp157-based boards, except that we use the
multi_v7 defconfig for ease of maintenance.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The memtester build system does not use CFLAGS/LDFLAGS variables.
Everything should be written to conf-cc and conf-ld.
Use '%' as sed expression delimiter because comma might appear in
LDFLAGS.
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In the output of legal-info, which is JSON-formatted, we include the
CPI_ID (when it is valid).
For xerces, the CPE_ID contains two sequences of \+ (which is exactly
what is present in the NIST DB, [0]).
However, in JSON, like in C, \ escapes the following character; only a
very limited set of characters are valid to escape: " \ / b f n r t u.
Escaping any other character is invalid. Conformant JSON parser will
choke on invalid sequences, and so does not the json python module:
File "/usr/lib/python2.7/json/decoder.py", line 380, in raw_decode
obj, end = self.scan_once(s, idx)
ValueError: Invalid \escape: line 1 column 608554 (char 608553)
We fix that be globally escaping \ in our json output, in the generic
sanitising macro.
[0] https://nvd.nist.gov/products/cpe/detail/645?namingFormat=2.3&orderBy=CPEURI&keyword=xerces&status=FINAL
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes:
We are very sorry to have to report that a problem was found with the
GNU Binutils 2.36 release. It turns out that it contained a small
portion of code that was not covered by an FSF copyright assignment.
So we have created a replacement release - 2.36.1 - with that code
removed.
In addition we found that a fix for a theoretical security
vulnerability[1] was itself broken and could result in the archiver
program "ar" misbehaving. So we have chosen to revert the fix from
the 2.36.1 release whilst the problem is properly resolved.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2021-3177: Python 3.x through 3.9.1 has a buffer overflow in
PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution
in certain Python applications that accept floating-point numbers as
untrusted input, as demonstrated by a 1e300 argument to
c_double.from_param. This occurs because sprintf is used unsafely.
For details, see the advisory:
https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Rebased patches 1 and 4
- Dropped upstreamed patches 5 and 6
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
[yann.morin.1998@free.fr:
- update patches 1-2 with actual backports, as noticed by Stefan
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure on sparc64:
/home/giuliobenetti/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc64-buildroot-linux-gnu/9.3.0/../../../../sparc64-buildroot-linux-gnu/bin/ld: /tmp/ccylTux8.o: in function `find_kaslr_offsets':
/home/giuliobenetti/autobuild/run/instance-0/output-1/build/makedumpfile-1.6.8/makedumpfile.c:4017: undefined reference to `get_kaslr_offset'
Even if this build failure is only raised with version 1.6.8,
get_kaslr_offset was also undeclared on sparc64 in version 1.6.7
Fixes:
- http://autobuild.buildroot.org/results/1421f54f7599bba62c0a4bd5c65ce21c8cc7ee1a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixed the following security issue:
- CVE-2020-6097: An exploitable denial of service vulnerability exists in
the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A
specially crafted sequence of RRQ-Multicast requests trigger an assert()
call resulting in denial-of-service. An attacker can send a sequence of
malicious packets to trigger this vulnerability.
For more details, see the report:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issue:
- wpa_supplicant P2P group information processing vulnerability (no CVE yet)
A vulnerability was discovered in how wpa_supplicant processing P2P
(Wi-Fi Direct) group information from active group owners. The actual
parsing of that information validates field lengths appropriately, but
processing of the parsed information misses a length check when storing a
copy of the secondary device types. This can result in writing attacker
controlled data into the peer entry after the area assigned for the
secondary device type. The overflow can result in corrupting pointers
for heap allocations. This can result in an attacker within radio range
of the device running P2P discovery being able to cause unexpected
behavior, including termination of the wpa_supplicant process and
potentially arbitrary code execution.
For more details, see the advisory:
https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: keep _PATCH near _VERSION and _SITE]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When a armv8 target is used in 32bits mode, xenomai fail to detect the
ARM architecture and abord the build. (__ARM_ARCH_7A__ is not defined
for armv8 cpus).
There are no autobuilder failures for this issue since cobalt is never
selected, but the following defconfig:
BR2_arm=y
BR2_cortex_a53=y
BR2_ARM_FPU_NEON_VFPV4=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_PACKAGE_XENOMAI=y
BR2_PACKAGE_XENOMAI_COBALT=y
This was initialy reproduced using the raspberrypi3_defconfig with
Xenomai package with cobalt selected.
In order to use Xenomai on raspberrypi3 in 32 bits mode, one has to
select BR2_cortex_a7 instead of BR2_cortex_a53 (see a13a388dd4).
See:
https://gitlab.denx.de/Xenomai/xenomai/-/blob/v3.1/lib/cobalt/arch/arm/include/asm/xenomai/features.h#L52
Signed-off-by: Romain Naour <romain.naour@gmail.com>
[yann.morin.1998@free.fr:
- switch to independent conditional 'default y'
- slightly reword the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test RISC-V 64/musl, use a pre-built Bootlin
toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test RISC-V 64/glibc, use a pre-built Bootlin
toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch drops the local syslog.conf in favor of the one shipped with
sysklogd. The upstream syslog.conf sample differs from the Buildroot
one primarily in shifting to /var/log/syslog as the default for log
messages. It also comes with a dedicated /var/log/kern.log and some
commented-out filtering examples.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2020-11105: An issue was discovered in USC iLab cereal through
1.3.0. It employs caching of std::shared_ptr values, using the raw
pointer address as a unique identifier. This becomes problematic if an
std::shared_ptr variable goes out of scope and is freed, and a new
std::shared_ptr is allocated at the same address. Serialization fidelity
thereby becomes dependent upon memory layout. In short, serialized
std::shared_ptr variables cannot always be expected to serialize back
into their original values. This can have any number of consequences,
depending on the context within which this manifests.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump to the latest git commit as this will fix the following CVEs:
git log|grep CVE
sox-fmt: validate comments_bytes before use (CVE-2019-13590) [bug #325]
fix possible null pointer deref in lsx_make_lpf() (CVE-2019-8357)
fft4g: bail if size too large (CVE-2019-8356)
fix possible overflow in lsx_(re)valloc() size calculation (CVE-2019-8355)
fix possible buffer size overflow in lsx_make_lpf() (CVE-2019-8354)
xa: validate channel count (CVE-2017-18189)
aiff: fix crash on empty comment chunk (CVE-2017-15642)
adpcm: fix stack overflow with >4 channels (CVE-2017-15372)
flac: fix crash on corrupt metadata (CVE-2017-15371)
wav: ima_adpcm: fix buffer overflow on corrupt input (CVE-2017-15370)
wav: fix crash writing header when channel count >64k (CVE-2017-11359)
hcom: fix crash on input with corrupt dictionary (CVE-2017-11358)
wav: fix crash if channel count is zero (CVE-2017-11332)
- Tweak configuration options due to
https://sourceforge.net/p/sox/code/ci/6ff0e9322f9891f5a6ac6c9b3bceffbfca16bec3
- libgsm is now an optional dependency since
https://sourceforge.net/p/sox/code/ci/e548827ffcf4dffa7f21709b8e96b04b481c09b8
- Add patch to put back --disable-stack-protector
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop upstream patch.
Use the new mode=release switch, this should automatically
disable features deemed not ready for use.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream changed version scheme: dropped leading 's', reflect it.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
CVE-2020-28473: The package bottle from 0 and before 0.12.19 are vulnerable
to Web Cache Poisoning by using a vector called parameter cloaking. When
the attacker can separate query parameters using a semicolon (;), they can
cause a difference in the interpretation of the request between the proxy
(running with default configuration) and the server. This can result in
malicious requests being cached as completely safe ones, as the proxy would
usually not see the semicolon as a separator, and therefore would not
include it in a cache key of an unkeyed parameter.
In addition, bottle 0.12.18 fixed a compatibility issue with python 3.8+:
https://github.com/bottlepy/bottle/issues/1181
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The mmc probing order has changed since commit 21b2cec61c04bd1 (mmc: Set
PROBE_PREFER_ASYNCHRONOUS for drivers that existed in v4.4), so get rid of
the hardcoded root=/dev/mmcblk1p2. The old vendor U-Boot unfortunately does
not have GPT support, so stick to MBR and use the legacy
root=PARTUUID=<disksignature>-<partition> format and set a fixed disk
signature, similar to how it was done for orangepi-r1 in commit 34cce93adb
(configs/orangepi_r1_defconfig: bump kernel to 5.10.10, u-boot to 2020.10).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In commit 38d04e6b13, I did a last-minute change by adding the comment
to explain where the PARTLABEL was coming from, and introduced a typo in
that comment.
Fix it.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Patch that pins mmc indexes was not accepted to mainline kernel. Drop that
patch and switch to GPT to use partition labels. For GPT the name of the
partition in genimage.cfg is used as the label for that partition. Note
that the default GPT partition table location conflicts with the SPL
location, so move GPT table after bootloaders.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
grpc has plugins for multiple programming languages, which are needed on
development machines only. Examples are grpc_cpp_plugin, grpc_ruby_plugin,
etc.
Even though before commit fedf3318e3,
grpc_cpp_plugin was not installed for target, all other plugins still were.
This causes additional build time and rootfs space.
As Buildroot does not support building a development environment for target,
these tools can be disabled.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In commit fedf3318e3, an obsolete patch to
support cross-compilation was removed, in favor of the upstream solution.
However, this caused a small change in behavior: for the target grpc, the
tool 'grpc_cpp_plugin' is now also built, while before it was not.
This tool is only really needed on development machines. Since Buildroot
does not support compilers and such on target itself, the tool is not
needed.
There exists an option gRPC_BUILD_GRPC_CPP_PLUGIN which can be set to 'OFF',
but disabling it in a cross-compilation context yields build failures.
Add a patch to fix that. This patch is intended to be upstreamed to grpc.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 903de16f5f added passing
'--with-libgrpc++' with the explanation:
"Use --with-libgrpc++ option as otherwise collectd will try to find
grpc++.pc which is not available."
At the time of above commit, grpc version in Buildroot was 1.23.0.
Since grpc 1.25.0, a grpc++.pc file _is_ generated from cmake builds.
Hence, remove passing --with-libgrpc++.
This change fixes a problem introduced by commit
fedf3318e3. As a side effect of that change, a
target version of 'grpc_cpp_plugin' was now created. When collectd was built
after grpc, even without grpc support in collectd enabled, the collectd
configure script would find this target grpc_cpp_plugin and try to use it
(which is not possible because it is built for target).
When not passing '--with-libgrpc++', collectd will instead find the host
version of grpc_cpp_plugin, which works fine.
There are still two underlying problems:
1. the target version of grpc_cpp_plugin is not actually needed. This will
be disabled in a subsequent commit.
2. collectd should not execute any grpc-related action if grpc support for
collectd is disabled. This problem has been reported upstream:
https://github.com/collectd/collectd/issues/3836
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Most of the toolchains now use gcc 9.x and kernel headers 5.9, instead
of gcc 8.x and kernel headers 5.4.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test Xtensa/uclibc, use a pre-built Bootlin toolchain.
To be noted: that fragment was in fact already using a Bootlin
bleeding-edge toolchain, because BR2_TOOLCHAIN_EXTERNAL_CUSTOM=y is
missing from the fragment:
$ cat support/config-fragments/autobuild/br-xtensa-full.config >.config
$ make olddefconfig
$ grep BOOTLIN .config
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_ARCH_SUPPORTS=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_XTENSA_LX60_UCLIBC_BLEEDING_EDGE=y
# BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_XTENSA_LX60_UCLIBC_STABLE is not set
The original fragment was supposed to use a stable toolchain, so we
switch to explictly use a stable Bootlin toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr:
- add blurb about missing BR2_TOOLCHAIN_EXTERNAL_CUSTOM=y
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test x86-64/musl, use a pre-built Bootlin toolchain.
The previous configuration was for an Atom platform, but the Bootlin
toolchains only provide a Core i7 configuration. Since this is close
enough, we change to use this Core i7 configuration.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test x86-64/uclibc, use a pre-built Bootlin toolchain.
The previous configuration was for Core2 platform, but the Bootlin
toolchains only provide a Core i7 configuration. Since this is close
enough, we change to use this Core i7 configuration.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test SPARC64/glibc, use a pre-built Bootlin toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test SPARC/uclibc, use a pre-built Bootlin toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test SH4/uclibc, use a pre-built Bootlin toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: drop BR2_sh4=y which is the default]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test RISC-V 32/glibc, use a pre-built Bootlin
toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test PowerPC e500mc/uclibc, use a pre-built Bootlin
toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test PowerPC64le Power8/glibc, use a pre-built Bootlin
toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test OpenRISC/uclibc, use a pre-built Bootlin
toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test nios2/glibc, use a pre-built Bootlin toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test mipsel/uclibc, use a pre-built Bootlin toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test mipsel32r6/glibc, use a pre-built Bootlin
toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test Microblaze EL/uclibc, use a pre-built Bootlin
toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test m68k 5208/uclibc, use a pre-built Bootlin
toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test m68k 68040/uclibc, use a pre-built Bootlin
toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test ARMv7-M/uclibc, use a pre-built Bootlin
toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test ARMv7/musl, use a pre-built Bootlin toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test ARM Cortex-A9/glibc, use a pre-built Bootlin
toolchain. Since this was meant to test very recent version of
toolchain components, we use the bleeding edge toolchain variant.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test ARMv5/uclibc, use a pre-built Bootlin toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test ARCle HS38/uclibc, use a pre-built Bootlin toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test AArch64/glibc, use a pre-built Bootlin toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This will fix a build failure with libgpiod in version 1.6.2
Even though the examples are not built by default, we explicitly
disable them, to be future-proof in case that default changes in
the future.
Fixes:
- http://autobuild.buildroot.org/results/321004b185213099c7c5633b5ec35ceadd0293bc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- keep dependencies first
- explicitly disable examples
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This reverts commit f2d6c5ff90.
Now that libbsd can't be enabled for static builds, we can drop the
workaround specific to stress-ng.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
For instance on risc-v 64 arch the build would otherwise fail because
of undefined ucontext_t because "-DOPENSSL_NO_ASYNC" would not propagate
through to CFLAGS in the Makefile.
Signed-off-by: Yann Sionneau <ysionneau@kalray.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit f4a61d1ae2 (package/pkg-meson.mk avoid host ccache detection)
forced the host C and C++ compilers so that meson does not try to
autodetect ccache, and instead relies on what we provide.
However, this incorrectly used single-expansion of variables in a
package infra.
For traditional builds, this is OK, because the value does not change
across packages.
However, for builds with per-package directories, this value only refers
to the generic path, which ill not exist until the end of the build when
all packages are aggregated in the host-finalize step.
Fix that by postponing the variable evaluation like all the others.
Reported-by: Xogium on IRC
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit extends pkg-stats to leverage the recently introduced
CPEDB class to verify that the CPEs provided by Buildroot packages are
indeed known in the official CPE dictionnary provided by NVD.
Co-Developed-by: Grégory Clement <gregory.clement@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Python class which consumes a NIST CPE XML and provides helper
functions to access and search the db's data.
- Defines the CPE as a object with operations / formats
- Processing of CPE dictionary
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Co-Developed-by: Grégory Clement <gregory.clement@bootlin.com>
Co-Developed-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When using the headers from the kernel to be built, with the kernel
set to a custom version, and overriding the kernel sources with
LINUX_OVERRIDE_SRCDIR, the linux-headers package is still trying to
download an archive, and fails to validate its hash.
What is going on under the hood is that, with _OVERRIDE_SRCDIR, the
_VERSION of a package is set to 'custom'. Furthermore, the variable
BR_NO_CHECK_HASH_FOR is recursively expanded, so its value is only
evaluated when it is needed.
For linux-headers, we inherit the values from the linux package, and
the LINUX_HEADERS_VERSION takes the value from the configuration.
Thus we end up with the following situation:
LINUX_VERSION=custom
LINUX_HEADERS_VERSION=5.10 # For example
BR_NO_CHECK_HASH_FOR=... linux-custom.tar.gz ...
And thus the archive downloaded by linux-headers will not match any
exclusion, and since there will most probably not be a hash for it,
the download will fail, as was noticed and reported by Jarkko.
But in this case, what we really want is to really use the headers
from the kernel that we build, we do not even want to attempt a
download at all.
So, when using the headers from the kernel to be built, we also
propagate the LINUX_OVERRIDE_SRCDIR to linux-headers, so that we
also use the headers from the overridden sources.
Furthermore, in that configuration, we explicitly disallow
overriding the linux-headers specifically, as it does not make sense
(even though, if they were overridden to the same location, that'd
be OK, but to simplify the condition, we do not even check for that).
Reported-by: Jarkko Sakkinen <jjs@kapsi.fi>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When cross-compiling grpc, a native tool 'grpc_cpp_plugin' is needed.
Patch '0001-target-build-using-host-plugin.patch' in Buildroot provides a
way to pass the path to this tool via a configure option
'gRPC_NATIVE_CPP_PLUGIN'.
In version 1.20.0, the upstream grpc project added better support for
cross-compiling via commit 0d7a0ded [1], searching for the native
grpc_cpp_plugin via PATH (rather than specifying it as configure option as
our patch was doing).
This change renders the mentioned Buildroot patch obsolete, so remove it.
[1] https://github.com/grpc/grpc/commit/0d7a0ded1cc93bb7f4d69a156b0a69829557cbf2
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Reviewed-by: Michael Nosthoff <buildroot@heine.tech>
Tested-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The check for a default route is inverted, causing the script to wait
for the timeout even when a default IPv6 route is available. Fix this up
so that it exits early as expected.
Reported-by: Bhattiprolu RaviKumar <ravikumar.bhattiprolu@gmail.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2021-3281: Potential directory-traversal via archive.extract()
The django.utils.archive.extract() function, used by startapp --template and
startproject --template, allowed directory-traversal via an archive with
absolute paths or relative paths with dot segments.
For details, see the advisory:
https://www.djangoproject.com/weblog/2021/feb/01/security-releases/
Additionally, 3.0.11 fixed a regression:
https://docs.djangoproject.com/en/3.1/releases/3.0.11/
Update indentation in hash file (two spaces).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the announcement:
ChangeLog for Privoxy 3.0.31
--------------------------------------------------------------------
- Security/Reliability:
- Prevent an assertion from getting triggered by a crafted CGI request.
Commit 5bba5b89193fa. OVE-20210130-0001.
Reported by: Joshua Rogers (Opera)
- Fixed a memory leak when decompression fails "unexpectedly".
Commit f431d61740cc0. OVE-20210128-0001.
- Bug fixes:
- Fixed detection of insufficient data for decompression.
Previously Privoxy could try to decompress a partly
uninitialized buffer.
https://www.privoxy.org/announce.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is no need to get both the key and the value out of the dict if the
key is not used, so use dict.values() instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop 0003-rewrite-wcsnrtombs-to-fix-buffer-overflow-and-other-.patch
as it is a backport of upstream commit
3ab2a4e02682df1382955071919d8aa3c3ec40d4 which is part of the 1.2.2
release.
1.2.2 release notes
major changes:
- child restrictions lifted after fork of multithreaded parent
new features:
- _Fork function (POSIX-future)
- reallocarray function (extension from OpenBSD, now widespread)
- gettid function (kernel tid as supported concept)
- SIGEV_THREAD_ID sigevent API (Linux extension)
- tcgetwinsize and tcsetwinsize functions (POSIX-future)
performance:
- faster software sqrt on archs without native sqrt instruction
compatibility:
- realpath no longer depends on procfs availability & accuracy
- time zone parser now always prefers 64-bit tables if present
- crypt_blowfish now supports $2b$ prefix
- res_query now reports errors via h_errno
- set*id and setrlimit are now safe in vforked/cloned child
- setgroups now applies to all threads
- dlopen debugger notification is improved, should work with lldb
- setrlimit no longer needs __synccall broadcast on linux 2.6.36+
- faccessat with AT_EACCESS no longer needs child process on linux 5.8+
bugs fixed:
- buffer overflow and infinite loop errors in wcsnrtombs (CVE-2020-28928)
- sem_close unmapped still-referenced semaphores
- fork of process with active aio could deadlock or crash paren
- pthread_cond_wait was broken with priority-inheritance mutex
- getgrouplist wrongly failed when nscd reported an empty list
- abort could leak modified SIGABRT disposition to fork or posix_spawn child
- regression with mallocng: malloc_usable_size(0) crashed
- readlink wrongly gave EINVAL on zero length dest buffer
- sqrtl was severely inaccurate (not correctly rounded) on ldquad archs
- assert failure wrongly flushed stdio (possible deadlock)
- MUSL_LOCPATH search was broken with multiple components
- missing newline in herror output
- possible deadlock in pthread_exit with pshared mutex or barrier usage
- pthread_mutexattr_getprotocol didn't read back protocol
- v4l2 ioctl translation for pre-time64 kernels didn't work
arch-specific bugs fixed:
- x86_64 longjmp failed to handle 0 argument reliably
- i386 __set_thread_area fallback for pre-2.6 kernels didn't work
- missing O_LARGEFILE macro value on x86_64, x32, mips64
- unpredictable s390x breakage from failure to preserve call-saved registers
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that 2.36.x has been added, that 2.35.x is the default version,
drop support for 2.33.x.
Note that we keep binutils 2.32.x as it is the latest version that
works for FLAT binaries (used on noMMU platforms).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that 2.36 has been released, let's use 2.35.x as the default
binutils version.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When BR2_PACKAGE_XENOMAI_CUSTOM_TARBALL is selected, the xenomai package
declared an empty version, which among others means that the build directory
becomes output/build/xenomai without any version specification, and empty
version information in 'xenomai-show-info'.
Other packages that allow a custom tarball, like 'linux' and
'arm-trusted-firmware', specify 'custom' as version in this case.
Adapt the xenomai package accordingly.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Version 1.6.2 now builds against headers >= 4.8.x. (Previously 5.5 was
required). Functionality might still be limited depending on the kernel version.
* altered note on updating
* disable building of tests
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Major Behavior Changes
- As a reminder for those upgrading from older releases, as of FRR 7.4
and beyond:
RFC 8212 is now enabled by default. BGP will not advertise or use
routes unless explicitly configured to do so with an export or import
policy.
All daemons
Minimum libyang version is now 1.0.184
bfdd
Profile support
Minimum TTL support
bgpd
RPKI now has support for VRFs
Add wide option to route show commands
Add ability to count filtered prefixes when using maximum-prefix
with new force option
Add ability to show selected bestpath routes for a given neighbor
with bestpath-routes option to neighbor show command
Add ability to specify message when admin downing a session with bgp
shutdown message MSG... command
Add IPv6 support for Flowspec
Add ability to shut down neighbor if RTT is too high with neighbor
<neigh> shutdown rtt command
Allow update-delay to be applied globally
Graceful Restart fixes
Stability and performance fixes
EVPN
Beginning of MultiHoming support; stay tuned
isisd
Add VRF support
Add support for Anycast-SIDs
Fix adjacency timer display overflow
ospfd
Segment Routing support for ECMP
Prevent crash if transferring config amongst instances
Various LSA-related fixes
pbrd
Add JSON support to commands
Add ability to match on DSCP/ECN fields
pimd
Add more JSON support to commands
Add support for MSDP SA forwarding
(s,g,rpt) ifchannel is now cleared when (*, G) prune is received
Fix IGMP querier election and IP address mapping
Fix missing mesh-group commands
Fix crash when RP is removed
staticd
Add support for Northbound API
zebra
Nexthop group support for FPM
Netlink batching support
Northbound support for RIB model
Backup nexthop support
Allow upper level protocols to request ARP
Add json output for zebra ES, ES-EVI and access vlan dumps
vtysh
Speed up output across daemons
Fix build-time errors for some --enable flags
Northbound / YANG
Filter and route-map support
OSPF model definition
BGP model definition
RPM Packaging
Moved RPKI to subpackage
Added SNMP subpackage
Signed-off-by: Vadym Kochan <vadym.kochan@plvision.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update to use the official linux kernel v5.10 instead of an
out-of-tree kernel, and use the official U-Boot v2021.01 as the
bootloader. Provide two configuration files of genimage for different
boot flows:
- Boot from SD card (default)
- Boot from SPI flash
A boot script is generated to automatically boot the distro.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop dependency on gcc >= 4.8 for efl options as it is guaranted since
commit dbe2d2e686 which added a dependency
on gcc >= 4.9 for efl
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Both S40xorg and S90nodm tries to run an Xserver on vt1, causing the nodm
one to fail. If nodm is enabled, then that is likely what the user wants to
run, so skip installing S40xorg.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In commit 7a607dab33
("support/scripts/pkg-stats: support generating stats based on
configured packages"), we added a -c option to pkg-stats to generate a
report based on the list of packages enabled in the configuration,
rather than for all packages.
This is done based on the list of packages returned in JSON format by
"make show-info". However, we use the keys of the JSON dict returned
by "make show-info", which include the host- prefix of host
packages. Due to this, none of the host packages are currently
matching and therefore they are not reported in the pkg-stats -c
output.
This commit fixes that by using the recently introduced "name"
property in the "make show-info" JSON dict.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: use anonymous '_' for unused variable]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The keys of the JSON dict returned by "make show-info" is the package
name, including the "host-" prefix for host packages.
However, it is sometimes useful to get the actual name of the package,
without the "host-" prefix, so we add a "name" property that holds the
"raw name" of the package.
Suggested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
So the normal DHCP-on-eth0 logic works for the graphical defconfig where
eudev is used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Explicitly enable PCI support in the kernel after commit eb01d42a77785 (PCI:
consolidate PCI config entry in drivers/pci) and change to GPT partitions /
root=PARTLABEL to find the rootfs instead of hardcoding /dev/mmcblk2p2 as
the mmc probing order has changed since commit 21b2cec61c04bd1 (mmc: Set
PROBE_PREFER_ASYNCHRONOUS for drivers that existed in v4.4).
This has the additional advantage that the same image will work when written
to a USB drive instead of a microsd.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libgeos unconditionally uses wstring which raises the following build
failure:
In file included from /srv/storage/autobuild/run/instance-3/output-1/build/libgeos-3.9.0/tools/astyle/ASLocalizer.cpp:40:
/srv/storage/autobuild/run/instance-3/output-1/build/libgeos-3.9.0/tools/astyle/ASLocalizer.h:72:34: error: 'wstring' does not name a type; did you mean 'stdin'?
string convertToMultiByte(const wstring& wideStr) const;
^~~~~~~
stdin
Fixes:
- http://autobuild.buildroot.org/results/e97d03848d9bbf1845b994f391679a1dbf49f61e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump version and drop local patches already merged upstream. Add Linux
option needed by Linux version >= 4.20 package documentation and to .mk
file that automatically adds it to Linux config when building.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The --cpeid option was mistakenly introduced by commit
92e7089a8c ("support/script/pkg-stats:
show CPE ID in results") but is in fact not necessary.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit bd665d182c
("support/scripts/pkg-stats: improve rendering of CVE information"),
we have better reporting of CVE related information, based on
pkg.status['cve']. However, this commit broke pkg-stats when the
--nvd-path option is not passed, and therefore no CVE information is
available.
This commit fixes that, by making use of the is_status_ok(),
is_status_error() and is_status_na() methods recently introduced.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Make is_status_ok() work when the given status name is not even listed
in the status dict. This will be necessary for following commits.
Introduced similar methods for the error and na status, which will be
used in following commits.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Force Release build to remove -Werror and avoid the following build
failure:
/home/giuliobenetti/autobuild/run/instance-3/output-1/build/open62541-1.0/arch/network_tcp.c: At top level:
cc1: error: unrecognized command line option '-Wno-static-in-inline' [-Werror]
cc1: all warnings being treated as errors
Fixes:
- http://autobuild.buildroot.org/results/24b429ce0ae2b33e72bb6a0f523c3906e539a4fd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2021-3181: rfc822.c in Mutt through 2.0.4 allows remote attackers to
cause a denial of service (mailbox unavailability) by sending email
messages with sequences of semicolon characters in RFC822 address fields
(aka terminators of empty groups). A small email message from the
attacker can cause large memory consumption, and the victim may then be
unable to see email messages from other persons.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Main reason is to fix the issue when secure_getenv() is missing
in older toolchain, but it was fixed in this version by using
getenv() as alternative.
Signed-off-by: Vadym Kochan <vadym.kochan@plvision.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump Linux to 5.10.10 and U-Boot to 2020.10. In the new kernel sunxi-mmc
driver has been switched to asynchronous probe. As a result, mmc indexes
can be shuffled breaking board boot. Add patch that pins mmc indexes to
their original ordered values.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump Linux to 5.10.10 and U-Boot to 2020.10.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump Linux to 5.10.10 and U-Boot to 2020.10.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The 'ubi' collectd plugin was added in 5.11.0.
Add options in Buildroot to enable it.
Based on code by Bart De Vos.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Switch to meson-package
- Drop GDK_PIXBUF_DISABLE_TESTS as it is not needed anymore (meson
doesn't build tests when cross-commpiling)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 4fea71ac78 (package/sudo: security bump to version 1.9.5p2)
removed the patch, but forgot to remove the now unneeded autoreconf. Fix
that.
Reported-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The host build of uboot-tools can occur early in the build process and may
require the creation of BINARIES_DIR before generation of an enabled envimage
and/or boot script binary. So to resolve this in proper way, separated the
build and installation part of uboot env/script in their respective commands.
Signed-off-by: Kalpesh Panchal <kalpesh.panchal@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Major changes between sudo 1.9.5p2 and 1.9.5p1
* Buildroot: dropped a patch that was included in the release.
* Fixed sudo's setprogname(3) emulation on systems that don't
provide it.
* Fixed a problem with the sudoers log server client where a partial
write to the server could result the sudo process consuming large
amounts of CPU time due to a cycle in the buffer queue. Bug #954.
* Added a missing dependency on libsudo_util in libsudo_eventlog.
Fixes a link error when building sudo statically.
* The user's KRB5CCNAME environment variable is now preserved when
performing PAM authentication. This fixes GSSAPI authentication
when the user has a non-default ccache.
* When invoked as sudoedit, the same set of command line options
are now accepted as for "sudo -e". The -H and -P options are
now rejected for sudoedit and "sudo -e" which matches the sudo
1.7 behavior. This is part of the fix for CVE-2021-3156.
* Fixed a potential buffer overflow when unescaping backslashes
in the command's arguments. Normally, sudo escapes special
characters when running a command via a shell (sudo -s or sudo
-i). However, it was also possible to run sudoedit with the -s
or -i flags in which case no escaping had actually been done,
making a buffer overflow possible. This fixes CVE-2021-3156.
https://www.sudo.ws/stable.html#1.9.5p2
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
opentracing-cpp fails to build if clang-tidy is installed:
...
-- clang-tidy found: /usr/lib/llvm/11/bin/clang-tidy
-- Configuring done
-- Generating done
...
[ 25%] Building CXX object CMakeFiles/opentracing.dir/src/propagation.cpp.o
.../buildroot/output/build/opentracing-cpp-1.5.1/include/opentracing/string_view.h:5:10: error: 'algorithm' file not found [clang-diagnostic-error]
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:3:11: warning: '__llvm_libc' needs to be the outermost namespace [llvmlibc-implementation-in-namespace]
namespace opentracing {
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:11:3: warning: use '= default' to define a trivial default constructor [hicpp-use-equals-default,modernize-use-equals-default]
PropagationErrorCategory() {}
^ ~~
= default;
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:13:15: warning: use a trailing return type for this function [modernize-use-trailing-return-type]
const char* name() const noexcept override {
~~~~~~~~~~~ ^
auto -> const char*
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:13:15: warning: method 'name' can be made static [readability-convert-member-functions-to-static]
const char* name() const noexcept override {
^ ~~~~~~
static
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:17:24: warning: use a trailing return type for this function [modernize-use-trailing-return-type]
std::error_condition default_error_condition(int code) const
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:37:15: warning: use a trailing return type for this function [modernize-use-trailing-return-type]
std::string message(int code) const override {
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:58:28: warning: use a trailing return type for this function [modernize-use-trailing-return-type]
const std::error_category& propagation_error_category() {
^
226 warnings and 1 error generated.
Error while processing .../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp.
Suppressed 218 warnings (218 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
Found compiler error(s).
make[3]: *** [CMakeFiles/opentracing.dir/build.make:83: CMakeFiles/opentracing.dir/src/propagation.cpp.o] Error 1
make[3]: *** Waiting for unfinished jobs....
.../buildroot/output/build/opentracing-cpp-1.5.1/include/opentracing/string_view.h:5:10: error: 'algorithm' file not found [clang-diagnostic-error]
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/dynamic_load.cpp:4:
Disable the 'ENABLE_LINTING' option to avoid this influence.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We have three conditions under which some tests may get removed:
uClibc, musl, static libraries. All three use the same mechanism
to exclude those test-cases: remove the files.
The first two use a common variable to list the affected files,
and share the same hook of their own to iterate over that list,
while the third has its own hook.
This is not very clean, so switch to using a single variable and
a single hook for all three conditions.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Petr Vorel <petr.vorel@gmail.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Compile getdents0{1,2}.c which has been fixed in upstream in commit
8a85a2d61 ("getdents: update to the new api, don't mix libc and kernel
types").
Fixes: 84968aa495 ("package/ltp-testsuite: bump version to 20210121")
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As suggested by Yann E. Morin, switch to an active fork with all our
patches as upstream seems pretty dead, and they even acknowledge that
status:
https://ushare.geexbox.org/
By lack of spare time, motivation and interest, uShare development
is currently discontinued (this may change though). Don't expect
release anytime soon :-(
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop libupnp18 as libupnp has been bumped to 1.14.x and 1.8.x will not
been fixed against CallStranger a.k.a. CVE-2020-12695
mpd and vlc are already compliant with libupnp 1.14.x (i.e those
packages use UpnpInit2 instead of the deprecated UpnpInit)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Move site to Orange-OpenSource
- Drop patch (already in version)
- This version is compatible with libupnp 1.14.x to fix
CallStranger a.k.a. CVE-2020-12695
- Add threadutil license (BSD-3-Clause)
- Update hash in license file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Fix CallStranger a.k.a. CVE-2020-12695 as well as CVE-2020-13848
- Update indentation in hash file (two spaces)
- Backport all changes from libupnp18 to libupnp:
- Use COPYING instead of LICENSE (no license change)
- Add host-pkgconf dependency
- Add --enable-reuseaddr
- Add openssl optional dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
If Target u-boot is not available, the host build of uboot-tools
requires user to provide u-boot environment source file.
This change resolves a missing parentheses and updates the comment
for the same.
Signed-off-by: Kalpesh Panchal <kalpesh.panchal@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit adds support for Sinovoip's Banana Pi
M1+. It is mostly based on bananapro_defconfig
but with appropriate device tree and minor tweaks:
- apply bananapi-m1-plus device tree in linux
- apply bananapi_m1_plus defconfig for uboot
- apply patch for OOB IRQs on new device tree
- update device tree name in boot.cmd, genimage.cfg
- update symlink for BRCM driver in rootfs_overlay
- overall clean-up of the config
Tested on BPI-M1+ V1_1.
Signed-off-by: Filip Skoneczny <fskoneczny@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Postgresql includes some extra additional loadable modules.
We need just to pass "world/install-world" as make/install targets
to build this modules.
As a side effect documentation will also be built by "make world".
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some external packages call pg_config to determine the installed
PostgreSQL options. Add this output to Buildroots own pg_config,
so these packages correctly compile.
Added options:
--pkgincludedir
--pgxs
--cflags
--cc
--pkglibdir
--bindir
--sharedir
--localedir
--docdir
--mandir
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
GPT provides partition labels, which can be used to tell the kernel to find
the rootfs based on it (root=PARTLABEL=rootfs) as a nicer/more extensible
solution than the MBR disk signature / PARTUUID.
When using GPT, the name of the partition in genimage.cfg is used as the
label for that partition.
The default GPT partition table location unfortunately conflicts with the
SPL location, so move the 16KB GPT table after it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: add the comment about 'rootfs']
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The probing order of the two mmc controllers (sdcard and sdio wifi) has
changed in kernel 5.10 since commit 21b2cec61c04bd1 (mmc: Set
PROBE_PREFER_ASYNCHRONOUS for drivers that existed in v4.4), so change to
root=PARTUUID=.. instead of hardcoding /dev/mmcblkXp2.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: use feedc0de as magic]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Small (35k), and stand-alone, SSDP responder with built-in web server
(on port 1901) for serving description.xml when Windows scans for any
network devices on the LAN. Also includes ssdp-scan (31k), similar to
the mdns-scan tool, to probe for SSDP capable devices.
Although it does not use fork(), it still fails to build on noMMU: lots
of missing function declarations, and lots of multicast-related structs
definitions, causing warnings like:
ssdp-scan.c:57:12: warning: implicit declaration of function ‘strdup’; did you mean ‘strcmp’? [-Wimplicit-function-declaration]
ssdp-scan.c:57:10: warning: assignment to ‘char *’ from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
and errors like:
ssdp.c:357:17: error: storage size of ‘imr’ isn’t known
struct ip_mreq imr;
^~~
Finding the root cause why those get not defined in MMU on uClibc is
quite a head-scratching, so let's just disablessdp-responder for noMMU
architectures.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr: extend commit log to explain noMMU state]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Replace --exec-prefix, which applies to both sbin and bin, with the more
granular --bindir for logger and --sbindir for syslogd. This because
BusyBox installs its syslgod in /sbin and its logger in /usr/bin.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr: add comment, split one-option-per-line]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Installs to /usr/bin and thus replaces the BusyBox logger if enabled.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr: use usual ifeq-else-endif block]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As is done with the init script, parse the system-level customisation
file, if it exists, from the systemd service unit, to allow users to
provide extra arguments passed to the daemon.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr; offload to its own commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Prefer maintainer provided package, not GitHub generated archive
- Local backport of O_CLOEXEC patch not needed anymore, in v2.2.0
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr:
- keep the exec-prefix and without-logger option
- offload the systemd service changes to its own commit
- adapt commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
ply is a light-weight dynamic tracer for Linux. By means of using the
BPF it can attach probes to the linux kernel (e. g. kprobes).
It's a small alternative to LLVM based tracers for embedded systems.
Project page:
https://github.com/wkz/ply/releases
Documentation can be found here:
https://wkz.github.io/ply/
Tested with beaglebone_defconfig (uClibc-ng as well as glibc)
Signed-off-by: Andreas Klinger <ak@it-klinger.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
GEOS (Geometry Engine - Open Source) is a C++ port of the JTS Topology
Suite (JTS). It aims to contain the complete functionality of JTS in
C++. This includes all the OpenGIS Simple Features for SQL spatial
predicate functions and spatial operators, as well as specific JTS
enhanced functions.
https://trac.osgeo.org/geos
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
[yann.morin.1998@free.fr:
- wrap long lines in Config.in
- wrap long lines in commit log
- drop "invsible characters" <200b>
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr:
- split long lines in help text
- use traditional ifeq-else-endif block
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The upstream mrouted package comes with its own systemd unit file, but
no SysV init script. This script is a modified copy of the sysklogd
init script, but set to start after networking.
Note: for mrouted to start it requires at least two MULTICAST capable
interfaces that are UP. This is why an added startup delay of 30
seconds (-w 30) was added, in case the system has DHCP enabled.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
IP_MULTICAST depends on CONFIG_NET and CONFIG_INET, but those are really
depp-core symbols, and anyone enabling mrouted will be expected to
already have networking and TCP/IP supports enabled already in their
kernel configuraiton.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr:
- add comment about NET and INET,
- update commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
See also commit 4ff6e52392 which describes the
problem in detail.
The same problem now arises again, because syslog-ng renamed the
--enable-snmp-dest option into --enable-afsnmp. See syslog-ng commit
4537938474771673ef5bd4a9cad7c9a7dc20b7c1, first part of 3.27.1.
Update the configure options passed from Buildroot accordingly.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
HDMI support is enabled by default in sunxi_defconfig since commit
c822a3ec17 (ARM: configs: sunxi: Add DRM output-related options), so drop
from fragment.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
arm64 / riscv supports building a gzip compressed 'Image' format kernel,
which is sometimes useful. From arch/arm64/Makefile:
all: Image.gz
Image: vmlinux
$(Q)$(MAKE) $(build)=$(boot) $(boot)/$@
Image.%: Image
$(Q)$(MAKE) $(build)=$(boot) $(boot)/$@
(and similar logic for riscv)
Future architectures may or may not copy this logic, so for robustness add
an explicit Image.gz format rather than copying both Image and Image.gz when
the Image format is used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 40bb37bd70 refactored get-developers, and now the 'os' module is
no longer needed, but still imported:
utils/get-developers:6:1: F401 'os' imported but unused
1 F401 'os' imported but unused
Drop it now.
Reported-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add --disable-metadata configure option. Buildroot by default disable
packages' doc generation. Also generating LTP metadata documentation
would require have host package, which could be complicated since the
LTP build system is autoconf but not automake based.
Drop cacheflush01 patch (from this release) and rebase musl workaround
patch.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop upstream security patch.
Rename --with-system-libpcap to --disable-local-libpcap following
upstream change.
The configure scripts uses pkg-config to find libpcap, add host-pkgconf
dependency.
pkg-config handles static build for us. Remove explicit static build
handling.
Use https for SITE to save redirect.
Update license file hash due to whitespace changes.
Format hashes with two space delimiters.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
configure script now uses pkg-config. Add host-pkgconf dependency.
pkg-config should provide necessary info for libnl build/link. Don't
pass paths to configure.
Add --without-dpdk to make sure we don't link with host installed
libraries.
Format hashes with two space delimiters.
Use https for SITE to save redirect.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add patches needed for compatibility with Postgresql 13, which are
still under review upstream.
Debug builds (BR2_ENABLE_DEBUG=y) fails because of warnings, so
disable WARNINGS_AS_ERRORS.
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The vuejs developers have changed the way this package is distributed.
The tarball containing the dist files does not contain anymore the
LICENSE file. The license remains MIT but until it is reintroduced in
the tarball, we have to skip the license file hash verification.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 6a91580c11 added the hash of
0001-Define-_GNU_SOURCE_required_for_O_CLOEXEC_on_uClibc.patch but this
is not needed as this file is included in buildroot and not downloaded
While at it, update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
meson will by default try to detect the presence of ccache, and if
found, will use it unconditionally.
However, using a system-wide ccache, which would be using our own cache
directory, may very well conflict with our own ccache.
But there is no option to disable that meson behaviour. The only
workaround that is even the official documented way to do so, is to
actually pass environment variables that point to the compiler:
https://mesonbuild.com/Feature-autodetection.html#ccache
For the host variants, we pass $(HOST_CONFIGURE_OPTS) in the environment,
and this contains correct settings for CC and CXX, so meson does not try
and detect ccache; it uses exactly what we tell it to use.
For the target variant, the settings for the cross-compiler are defined
in the cross-compilation file, and so meson just abides by our will. But
for the compiler-for-build, there is no way to specify the CC_FOR_BUILD
or CXX_FOR_BUILD via a cross-compilation file:
https://mesonbuild.com/Machine-files.htmlhttps://mesonbuild.com/Cross-compilation.html
We could pass the full TARGET_CONFIGURE_OPTS in the environment, like we
do for the host variant, but this contains a lot more variables that are
supposed to be covered by the cross-compilation file.
So, we stay safe and just provide the exact two variables that meson
will use to avoid detecting ccache.
If the current configuration defines the use of ccache, then these two
variables will be properly setup to use our own ccache.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Gleb Mazovetskiy <glex.spb@gmail.com>
Cc: James Hilliard <james.hilliard1@gmail.com>
Cc: Norbert Lange <nolange79@gmail.com>
As reported on IRC by sephthir, the qemu_sparc_ss10_defconfig doesn't
work as expected: the system generated when booted under Qemu produces
illegal instruction messages.
gcc 8.3, 9.2 are the latest working gcc version. git bisect between
gcc 8.3 and 8.4 allowed to identify the commit that introcuced the
regression.
Reverting this patch allowed to produce a working rootfs.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/786589934
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- cmd/go: packages using cgo can cause arbitrary code execution at build time
The go command may execute arbitrary code at build time when cgo is in use
on Windows. This may occur when running “go get”, or any other command
that builds code. Only users who build untrusted code (and don’t execute
it) are affected.
In addition to Windows users, this can also affect Unix users who have “.”
listed explicitly in their PATH and are running “go get” or build commands
outside of a module or with module mode disabled.
Thanks to RyotaK (https://twitter.com/ryotkak) for reporting this issue.
This issue is CVE-2021-3115 and Go issue golang.org/issue/43783.
- crypto/elliptic: incorrect operations on the P-224 curve
The P224() Curve implementation can in rare circumstances generate
incorrect outputs, including returning invalid points from ScalarMult.
The crypto/x509 and golang.org/x/crypto/ocsp (but not crypto/tls) packages
support P-224 ECDSA keys, but they are not supported by publicly trusted
certificate authorities. No other standard library or golang.org/x/crypto
package supports or uses the P-224 curve.
The incorrect output was found by the elliptic-curve-differential-fuzzer
project running on OSS-Fuzz and reported by Philippe Antoine (Catena cyber).
This issue is CVE-2021-3114 and Go issue golang.org/issue/43786.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add optional lttng-libust support and enable tracing support
in case.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- add new host-python3-jinja2 and host-python3-ply dependencies
- change android, documentation options from boolean to feature
- disable new tracing option (needs lttng-ust)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- fixes: sysklogd 1.6 klogd with newer glibcs: kernel messages are
logged to user facility
- sysklogd removed klogd, functionality has been moved to syslogd
- now supports config fragments in /etc/syslog.d
- disabled sysklogd logger to not interfere with other loggers
- license has changed from GPL-2.0+ to BSD-3-Clause
Signed-off-by: Andreas Hilse <andreas.hilse@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
https://sources.debian.org/data/main/u/unzip/6.0-25 is unreachable so
switch to the debian archive provided by snapshot.debian.org to retrieve
all debian patches at once.
While at it, also update indentation in hash file and add
UNZIP_IGNORE_CVES entries.
The Debian patch archive we refernce brings in a large set of patches,
some of them fixing CVEs. Since we only cary the Debian patch archive
as a single entity, just refer to it to identify all the CVEs the
individual patches there in are fixng.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- don't wrap _SITE line that is anyway too long even when wrapped
- don't enumerate Debian patches one by one, just refere to them
globally
- as a consequence, reorder CVEs
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Use github as a source site, to get a newer version than 4.5, which
was released in May 2011
- Add upstream link to patch
- Use the new COPYING file
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update chrony to version 4.0 and add/remove configuration of
features as necessary.
Remove support for readline. Add support for nettle and
gnutls (required for NTS support). Add pkg-config support (for
nss, nettle and gnutls).
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
CVE-2020-7746 (https://nvd.nist.gov/vuln/detail/CVE-2020-7746)
The options parameter is not properly sanitized when it is processed.
When the options are processed, the existing options (or the defaults
options) are deeply merged with provided options. However, during this
operation, the keys of the object being set are not checked, leading to
a prototype pollution.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
chartjs 2.9.3 has a security vulnerability (CVE-2020-7746) which is not
detected by the CVE scripts, presumably because our version variable starts
with a 'v'.
Move that 'v' prefix out of the version variable to fix that.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since 2.0.0, pyjwt has dropped Python 2.x support, so Python 3.x is
mandatory.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 5b95a5dc2 (support/download: change format of archives generated
from git) changed the way the archives generated from git repositories
are named, adding a "format-version" identifier right between the
package version and the file extension.
Commit c043ecb20 (support/download: change format of archives generated
from svn) did so for archives generated from a subversion checkout.
However, for a few packages, we manually force the _SOURCE variable,
because we want to share the archive with another package, to avoid
downloading and storing those archives twice. This is the case for:
- linux-headers and linux
- barebox-aux and barebox
When the generated tarballs were renamed with the aforementioned
commits, those packages were not updated accordingly.
Fix that by manually propagating the per-site-method format-version.
Reported-by: "Stephane Viau (OSS)" <stephane.viau@oss.nxp.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: "Stephane Viau (OSS)" <stephane.viau@oss.nxp.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit dfcc18f84b cmake-package
_INSTALL_STAGING_OPTS/_INSTALL_TARGET_OPTS use 'install/fast'
instead of 'install', adjust documentation accordingly.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Due to libabseil dependencies the host gcc is at least 4.9.
So the fix for host gcc 4.8 is no longer needed.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Under the assumption that all Buildroot build hosts nowadays are
multithreaded, we can boost performance of host-zstd by enabling
multithreaded operation.
See also commit 52154e5206.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following linking error with uClibc-ng:
/nvme/rc-buildroot-test/scripts/instance-1/output-1/host/bin/arc-buildroot-linux-uclibc-gcc -o/nvme/rc-buildroot-test/scripts/instance-1/output-1/build/coremark-pro-1.1.2743/builds/linux/gcc/bin/cjpeg-rose7-preset cjpeg-rose7-preset.o /nvme/rc-buildroot-test/scripts/instance-1/output-1/build/coremark-pro-1.1.2743/builds/linux/gcc/obj/bench/consumer_v2/cjpeg/*.o /nvme/rc-buildroot-test/scripts/instance-1/output-1/build/coremark-pro-1.1.2743/builds/linux/gcc/obj/mith.a -lm -lpthread -lrt
/nvme/rc-buildroot-test/scripts/instance-1/output-1/host/lib/gcc/arc-buildroot-linux-uclibc/10.2.0/../../../../arc-buildroot-linux-uclibc/bin/ld: /nvme/rc-buildroot-test/scripts/instance-1/output-1/host/lib/gcc/arc-buildroot-linux-uclibc/10.2.0/libgcc.a(unwind-dw2-fde-dip.o): in function `_Unwind_Find_FDE':
/nvme/rc-buildroot-test/scripts/instance-1/output-1/build/host-gcc-final-arc-2020.09-release/build/arc-buildroot-linux-uclibc/libgcc/../../../libgcc/unwind-dw2-fde-dip.c:469: undefined reference to `dl_iterate_phdr'
/nvme/rc-buildroot-test/scripts/instance-1/output-1/host/lib/gcc/arc-buildroot-linux-uclibc/10.2.0/../../../../arc-buildroot-linux-uclibc/bin/ld: /nvme/rc-buildroot-test/scripts/instance-1/output-1/build/host-gcc-final-arc-2020.09-release/build/arc-buildroot-linux-uclibc/libgcc/../../../libgcc/unwind-dw2-fde-dip.c:469: undefined reference to `dl_iterate_phdr'
/nvme/rc-buildroot-test/scripts/instance-1/output-1/host/lib/gcc/arc-buildroot-linux-uclibc/10.2.0/../../../../arc-buildroot-linux-uclibc/bin/ld: GOT and PLT relocations cannot be fixed with a non dynamic linker
/nvme/rc-buildroot-test/scripts/instance-1/output-1/host/lib/gcc/arc-buildroot-linux-uclibc/10.2.0/../../../../arc-buildroot-linux-uclibc/bin/ld: final link failed: bad value
collect2: error: ld returned 1 exit status
/nvme/rc-buildroot-test/scripts/instance-1/output-1/build/coremark-pro-1.1.2743/workloads/cjpeg-rose7-preset//Makefile:65: recipe for target '/nvme/rc-buildroot-test/scripts/instance-1/output-1/build/coremark-pro-1.1.2743/builds/linux/gcc/bin/cjpeg-rose7-preset' failed
Since uClibc-ng 1.0.18 a circular dependency between libc and libgcc
exist, when static linking is used. It can be resolved by the compiler
when -static is correctly passed in the linking step.
So use TARGET_LDFLAGS to pass LDFLAGS
Fixes:
- http://autobuild.buildroot.org/results/ca86624b09fed961d2b9086fee8b2029845746ea
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fixes CVE-2021-23239, a potential information leak in sudoedit that
could be used to test for the existence of directories not normally
accessible to the user in certain circumstances. When creating a new
file, sudoedit checks to make sure the parent directory of the new
file exists before running the editor. However, a race condition
exists if the invoking user can replace (or create) the parent
directory. If a symbolic link is created in place of the parent
directory, sudoedit will run the editor as long as the target of the
link exists. If the target of the link does not exist, an error
message will be displayed. The race condition can be used to test for
the existence of an arbitrary directory. However, it cannot be used to
write to an arbitrary location.
- Fixes CVE-2021-23240, a flaw in the temporary file handling of
sudoedit's SELinux RBAC support. On systems where SELinux is enabled,
a user with sudoedit permissions may be able to set the owner of an
arbitrary file to the user-ID of the target user. On Linux kernels
that support protected symlinks setting
/proc/sys/fs/protected_symlinks to 1 will prevent the bug from being
exploited. For more information, see Symbolic link attack in
SELinux-enabled sudoedit.
- Update license hash:
- copyright of python bindings added with
https://github.com/sudo-project/sudo/commit/6c1b155fed23348c58a03f6c1193922132b5b66a
- a few other files (ISC licenced) added with
https://github.com/sudo-project/sudo/commit/d4b2db9078bd54f158261017dcb4d1340398a5fa
- year updated with
https://github.com/sudo-project/sudo/commit/9e111eae57524ca72002ad1db36eb68ccd50b167
- Update indentation in hash file (two spaces)
https://www.sudo.ws/stable.html#1.9.5p1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
First patch is not needed since commit
7b3ac6d24d which adds a dependency on
headers >= 4.12
It should also be noted that upstream didn't merge it either
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Using absolute paths within getdeveloperlib isn't very sensible, it
makes a lot more sense to handle everything as relative paths from the
top-level Buildroot source directory.
parse_developers() is changed to no longer take the base path as
argument: it is automatically calculated based on the location of
utils/getdeveloperlib.py. Then, the rest of the logic is adjusted to
use relative paths, and prepend them with the base "brpath" when
needed.
This commit allows pkg-stats to report correct developers information
even when executed from an out of tree directory.
Before this patch:
$ ~/buildroot/support/scripts/pkg-stats -p ipmitool --json out.json
$ cat out.json | jq '.packages.ipmitool.developers'
[]
$ cat out.json | jq '.defconfigs.stm32f469_disco'
{
"name": "stm32f469_disco",
"path": "configs/stm32f469_disco_defconfig",
"developers": []
}
After this patch:
$ ~/buildroot/support/scripts/pkg-stats -p ipmitool --json out.json
$ cat out.json | jq '.packages.ipmitool.developers'
[
"Floris Bos <bos@je-eigen-domein.nl>",
"Heiko Thiery <heiko.thiery@gmail.com>"
]
$ cat out.json | jq '.defconfigs.stm32f469_disco'
{
"name": "stm32f469_disco",
"path": "configs/stm32f469_disco_defconfig",
"developers": [
"Christophe Priouzeau <christophe.priouzeau@st.com>"
]
}
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With Python 3.8, the following deprecation warnings are emitted:
/home/thomas/projets/buildroot/./support/scripts/pkg-stats:418: DeprecationWarning: The explicit passing of coroutine objects to asyncio.wait() is deprecated since Python 3.8, and scheduled for removal in Python 3.11.
/home/thomas/projets/buildroot/./support/scripts/pkg-stats:536: DeprecationWarning: The explicit passing of coroutine objects to asyncio.wait() is deprecated since Python 3.8, and scheduled for removal in Python 3.11.
The correct way to pass coroutines is to use asyncio.create_task(),
but this is rather new method (Python 3.7), and using it breaks
compatibility with older Python versions. As suggested at
https://docs.python.org/3/library/asyncio-task.html#asyncio.create_task,
use the more cryptic, but also more compatible asyncio.ensure_future()
method.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The cve module needs ijson, which may not be installed. Since cve
matching is only enabled when --nvd-path is passed, it is a bit silly
to error out about ijson being missing if it's not used.
So instead of unconditionally importing the cve module, only do it
conditionally.
However, instead of doing it right at the point where it is used, we
do it at the beginning of the main() function. Indeed, if the cve
module is needed but cannot be imported, we want to error out
immediately rather than doing a whole bunch of things, and failing on
the user later on in the middle of the pkg-stats execution.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libzstd.so is built without multi-threading support by default.
The 'HAVE_THREAD' flag is not respected by lib/Makefile, only by
programs/Makefile.
Use the %-mt recipe in lib/Makefile to enable multithreading.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As reported on the mailing list [1], the imx sdma firmwares for
imx[6,7,8] are provided by two packages: firmware-imx and
linux-firmware
$ sha256sum ./firmware-imx-8.10/firmware/sdma/sdma-imx6q.bin
7790c161b7e013a9dbcbffb17cc5d4cb63d952949a505647e4679f02d04c4784
./firmware-imx-8.10/firmware/sdma/sdma-imx6q.bin
$ sha256sum ./linux-firmware-20201022/imx/sdma/sdma-imx6q.bin
7790c161b7e013a9dbcbffb17cc5d4cb63d952949a505647e4679f02d04c4784
./linux-firmware-20201022/imx/sdma/sdma-imx6q.bin
firmware-imx also has firmwares for older variants as well, so this is
what we keep as the only imx sdma firmware provider.
[1] http://lists.busybox.net/pipermail/buildroot/2021-January/300938.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Stephane Viau <stephane.viau@oss.nxp.com>
Cc: Gary Bisson <gary.bisson@boundarydevices.com>
[yann.morin.1998@free.fr: explain why we keep firmware-imx]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Christian Stewart <christian@paral.in>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: rename package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Until now the bootlin-x86-64-glibc was using a Bootlin toolchain as a
custom external toolchain. However, now that we have the
toolchain-external-bootlin package explicitly supporting Bootlin
toolchains as known toolchain profiles, it makes sense to use
that. Indeed, this will ensure that this autobuilder configuration
will use the latest available version of the Buildroot toolchain for
x86-64 glibc.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Adding these patches brings our ffmpeg package to the same level as the
kodi-provided ffmpeg package allowing us to switch the kodi build to
use the system-provided ffmpeg instead of its internal build when kodi
is bumped to version 19.0-Matrix.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bump ATF, U-Boot and Linux kernel to the NXP BSP 5.4.70_2.3.0 versions.
Note for configs/freescale_imx8mmevk:
On 5.4.70_2.3.0 the default "i.MX8MM LPDDR4 EVK RevB board" support is
removed and replaced by "i.MX8MM LPDDR4 EVK with QCA WIFI revB board".
In case an older revB board is used, then the following step in U-Boot is
needed:
=> setenv fdt_file imx8mm-evk-revb-qca-wifi.dtb
=> saveenv
=> reset
Build- and run-tested on:
o i.MX8MN DDR4 EVK
o i.MX8MQ EVK
Build-tested only for other configs.
Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Tested-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
I do not have access to MacchiatoBin hardware anymore.
So remove its BSP components from my watch list.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix U-Boot config snippet in TestATFAllwinner. Bump U-Boot
version to fix DTC build on hosts with gcc 10 and add
pylibfdt dependency.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There were only two users of Marvell ATF: SolidRun MacchiatoBin board
and ClearFrog GT 8k board. After mv-ddr-marvell package update both
boards switched to upstream ATF. Remove tests for now unused
Marvell ATF.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump U-Boot and Linux kernel versions. Fix recent build failures caused
by mv-ddr-marvell package update. Marvell ATF does not provide a version
compatible with up-to-date mv-ddr-marvell. According to commit log,
Marvell developers are now contributing directly to upstream ATF. So
switch to upstream ATF instead of using older Marvell ATF versions.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/938922500
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
mesa3d should only need expat for a limited set of drivers. However,
the condition in their meson.build is borked:
required: not with_platform_android or with_any_broadcom or with_any_intel
So, as soon as the platform is not android, expat is required. If it
is not already present in the configuraiotn, then meson will try to be
helpful and will try to download its own copy under the table:
Run-time dependency expat found: NO (tried pkgconfig and cmake)
Looking for a fallback subproject for the dependency expat
Downloading expat source from https://github.com/libexpat/libexpat/releases/download/R_2_2_5/expat-2.2.5.tar.bz2
<urlopen error unknown url type: https>
A fallback URL could be specified using source_fallback_url key in the wrap file
../O/build/mesa3d-20.3.3/meson.build:1366:2: ERROR: could not get https://github.com/libexpat/libexpat/releases/download/R_2_2_5/expat-2.2.5.tar.bz2 is the internet available?
Ideally, we would like to fix the condition in the meson.build, to drop
the spurious and dubious condition on the android platform. However it
is not totally obvious what the prupose was, and expat compiles quikly,
so we just add expat as an unconditional mandatory dependency.
Fixes:
http://autobuild.buildroot.org/results/f71865771482b1d71d12e77767d236ca693785d5/http://autobuild.buildroot.org/results/98290b9681a38b3be820017823a4a4196d474476/
....
Reported-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
[yann.morin.1998@free.fr:
- make it a generic fix, not tied to freedreno, reported by Fabio
- rewrite commit log to explain the root cause
- also reported about virgl, by Titouan
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Hard-float support is pretty stable, so make that default for HSDK
boards.
The hard-float setting is a bit convulated since current ARC gcc lacks
--with-fpu - so this is done with BR2_TARGET_OPTIMIZATION
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
[yann.morin.1998@free.fr: split off into its own commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We are no longer actively working on uClibc, so make that default
for HSDK boards.
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
[yann.morin.1998@free.fr: drop enabling hard float]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
No config changes done
| make snps_archs38_hsdk_defconfig
| make savedefconfig
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
For the HS48 processor, BR currently builds with -mcpu=hs4x_rel31 which
generates suboptimal code as it inhibits delay slot and back-back ST and so on.
Enable a new variant to build with -mcpu=hs4x for normal codegen.
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
[yann.morin.1998@free.fr:
- simplify dependencies on MMU page size
- wrap long lines
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This definition is useless, because it is equal to the default value
of <pkg>_CPE_ID_NAME as calculated by generic-package.
Before and after this patch, the CPE ID calculated for the linux-pam
package is exactly the same, according to "make linux-pam-show-info".
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As we discussed on the mailing list, using $(<pkg>_NAME) when defining
CPE ID variables feels a bit odd and needlessly complicated. Just use
the package name directly.
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cpe:2.3:a:ntp:ntp is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Antp%3Antp
The specification of the version needs to be reworked a little
bit. Indeed, versions look like 4.2.8p15. For the download, we need to
extract 4.2 as the folder is named ntp-4.2. However, for the CPE ID we
need to extract 4.2.8 and p15 into two separate fields.
So, we set:
NTP_VERSION_MAJOR = 4.8
NTP_VERSION_MINOR = 2
NTP_VERSION_POINT = 15
and construct the version:
NTP_VERSION = $(NTP_VERSION_MAJOR).$(NTP_VERSION_MINOR)p$(NTP_VERSION_POINT)
Note that the choice of "point" comes from
http://support.ntp.org/bin/view/Main/ReleaseNumberingScheme, which
states "The letter p followed by an increasing number indicates a
Point (i.e. incremental) Release.".
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- minor maintainence release mainly to address exist build issues;
- remove the following patches since all have been upstreamed:
0001-erofs-utils-fix-multiple-definition-of-sbi.patch;
0002-erofs-utils-fuse-fix-linking-when-using-with-selinux.patch;
0003-erofs-utils-fuse-disable-backtrace-if-unsupported.patch.
Signed-off-by: Gao Xiang <hsiangkao@aol.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop upstream patch which is included in the new version.
Add additional config option `--enable-a2dpconf` to build small (13 kB)
utility `a2dpconf` which does not depend on any external dependencies.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Integrate the RCW into the storage device image, so the image can also
be used a boot source. The SoC expects the RCW at offset 4096 of the SD
card or eMMC.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* add option for new library Boost.JSON
* drop patch 0001 as it's applied upstream
* host: disable options that were added over time but never disabled for the host-build
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When a package has both a target and a host variant, and uses git
submodules, and the host variant is downloaded before the target one, we
end up with the generated archive missing the submodules.
This happens in exactly one package in our tree: c-capnproto.
This issue was not caught before because after a few days, the full
sources are added to sources.buildroot.net. So when the hash check
fails, the full tarball is simply downloaded from there.
Propagate the git submodule setting from the target variant to the host
variant, unless the host variant explicitly opted-out.
Fixes:
http://autobuild.buildroot.org/results/2de9c6c8ce83569d18cc7140ebc60d6fe1aadcbf/
Reported-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Commit 37a909cacf (package/tar: drop specific version for host variant)
updated the host variant from 1.29 to 1.32.
However, because there is no longer any upper-limit to the version of
tar accepted from the system, and because tests were conducted on a
recent distribution, there was no need to build the host variant of tar.
As a consequence, updating the hash file was missed.
Do so now.
Also switch to using the new two-space separators.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Use the COREMARK_PRO_MARKS definition from the build recipe to
generate the coremark-pro.sh
- Use %x:%X as the date stamp in the results file.
Suggested-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
nvidia-modprobe package adds a utility and headers for probing the NVIDIA
hardware at runtime.
https://github.com/NVIDIA/nvidia-modprobe
Signed-off-by: Christian Stewart <christian@paral.in>
[Arnout:
- use upstream Makefile instead of building directly;
- don't install to staging;
- remove dependency on host-pkgconf;
- correct license to GPL-2.0;
- remove dependency on threads and glibc;
- add dependency on MMU.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop 5.9 stable (EOL).
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
[Peter: add Config.in.legacy handling for 5.9]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that we can generate reproducible archives, with all known tar
versions starting with 1.27, we don't need to clamp the host-tar
version to the old 1.29, and can now bump to any later version.
Drop the host-tar version, and use the same as the target variant.
Note that we still need the _SOURCE trick, to avoid depending on tar
to extract the tar tarball...
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
So far, we checked that the tar present on the host was at most tar
1.29, because tar 1.30 changed the way it generates archives.
Having a maximum tar version requirement meant that we would eventually
always have to build our own host-tar, as distributions are updating
the version they use.
But now, we have found a way to generate reproducible archives starting
with tar 1.27 onward, so we no longer need the check for a maximum tar
version, so we can drop that requirement.
Note: this is semantically a revert of b8fa273d50 (check-host-tar.sh:
blacklist tar 1.30+), but keeping the new, mostly-linear code-path.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
Like we recently did for git, switch the archives generated from
subversion to be reproducible whatever the tar version.
We have no in-tree users of the svn backend which also has hashes,
so no hash to update.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Heiko Thiery <heiko.thiery@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
Commit 89f5e9893 (support/download/svn: generate reproducible svn
archives) did what it said, but can be siplified a bit.
Indeed, we are doing an svn export, so we won't have any of the .svn
directories, neither at the root of the extract, nor in any of the
sub-directories.
As such, we do not need to filter them out when we generate the list
of files to include in the archive.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Heiko Thiery <heiko.thiery@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
Switch to using the tarball helper, that can generate reproducible
archives whatever the tar version >= 1.27.
However, those archives are not identical to the previous ones generated
in the (now-broken) gnu format.
To avoid any clashing between old and new archives, and new and old
Buildroot versions, we need to name the new generated archives
differently from the existing ones.
So, we bump the git-specific format-version to -br1.
The %ci date has been supported by git back to 1.6.0, released August
2008); it is not strictly ISO8601, but is still accepted as a PAX date
header. The strict ISO8601 placeholder, %cI, was only introduced with
2.2.0, release in November 2014, so too recent to be widely available.
As the format and the names of the archives changes, we need to update
all the hash files with the new names and hashes.
Of all the bootloaders that have a git download method, vexpress-firmware
is the only one to have a hash. Others have no hash files, or they have
explicitly set BR_NO_CHECK_HASH_FOR.
For the packages, linux-headers is the special snowflake, as the git
download is only for custom git tree, so it is excluded from the hash
verification with BR_NO_CHECK_HASH_FOR.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
---8<------8<------8<------8<---
#!/bin/sh
# Find and download all packages using git as backend.
# Manually fix hashes for affected packages.
# Packages that only have a host variant
HOST_ONLY='imx-mkimage|mxsldr|netsurf-buildsystem|opkg-utils|prelink-cross|qoriq-rcw|vboot-utils'
# Packages that have a non-git main _SOURCE, and/or which
# have BR_NO_CHECK_HASH_FOR for the git _SOURCE
NOT_GIT='aufs|aufs-util|xenomai|linux-headers'
export BR2_DL_DIR=$(pwd)/temp-dl-dir
make defconfig
make $( git grep -l -E 'SITE_METHOD[[:space:]]*:?=[[:space:]]*git\>|_SITE[[:space:]]*:?=[[:space:]]*git:' \
boot/vexpress-firmware/ package/ \
|sed -r -e 's,.*/([^/]+)\.mk,\1,' \
|sed -r -e '/^('"${NOT_GIT}"')$/d;' \
-e 's/^('"${HOST_ONLY}"')/host-\1/;' \
-e 's/$/-legal-info/;'
)
---8<------8<------8<------8<---
We currently need to generate reproducible archives in at least two
locations: the git and svn download backends. We also know of some
future potential use (e.g. the other download backends, like cvs, or
in the upcoming download post-processors for vendoring, like cargo
and go).
However, we are currently limited to a narrow range of tar versions
that we support, to create reproducible archives, because the gnu
format we use has changed with tar 1.30.
As a consequence, and as time advances, more and more distros are,
or will eventually start, shipping with tar 1.30 or later, and thus
we need to always build our on host-tar.
Now, thanks to some grunt work by Vincent, we have a set of options
that we can pass tar, to generate reproducible archives back from
tar-1.27 and up through tar-1.32, the latest released version.
However, those options are non-trivial, so we do not want to have
to repeat those (and maintain them) in multiple locations.
Introduce a helper that can generate a reproducible archive from
an input directory.
The --pax-option, to set specific PAX headers, does not accept
RFC2822 timestamps which value are too away from some fixed point
(set atcompile-time?):
tar: Time stamp is out of allowed range
However, the same timestamps passed as strict compliant ISO 8601 are
accepted, so that's what we expect as a date format.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
---8<------8<------8<------8<---
# Here is a Makefile used to test all the versions of tar, with
# different output formats and different sets of options:
# Versions prior to 1.27 do not build on recent machines, because
# 'gets()' got removed (rightfully so), so don't count them as
# candidates.
VERSIONS = 1.27 1.27.1 1.28 1.29 1.30 1.31 1.32
DATE = Thu 21 May 2020 06:44:11 PM CEST
TARS = \
$(patsubst %,test_gnu_%.tar,$(VERSIONS)) \
$(patsubst %,test_posix_%.tar,$(VERSIONS)) \
$(patsubst %,test_posix_paxoption_%.tar,$(VERSIONS))
all: $(TARS)
sha1sum $(^)
.INTERMEDIATE: test_%.tar
test_gnu_%.tar: tar.% list
./$(<) cf - -C test \
--transform="s#^\./#test-version/#" \
--numeric-owner --owner=0 --group=0 \
--mtime="$(DATE)" \
--format=gnu \
-T list \
>$(@)
test_posix_%.tar: tar.% list
./$(<) cf - -C test \
--transform="s#^\./#test-version/#" \
--numeric-owner --owner=0 --group=0 \
--mtime="$(DATE)" \
--format=posix \
-T list \
>$(@)
test_posix_paxoption_%.tar: tar.% list
./$(<) cf - -C test \
--transform="s#^\./#test-version/#" \
--numeric-owner --owner=0 --group=0 \
--mtime="$(DATE)" \
--format=posix \
--pax-option='delete=atime,delete=ctime,delete=mtime' \
--pax-option='exthdr.name=%d/PaxHeaders/%f,exthdr.mtime={$(DATE)}' \
-T list \
>$(@)
list: .FORCE
list: test
(cd test && find . -not -type d ) |LC_ALL=C sort >$(@)
LONG = L$$(for i in $$(seq 1 200); do printf 'o'; done)ng
test: .FORCE
test:
rm -rf test
mkdir -p test/bar
echo foo >test/Foo
echo bar >test/bar/Bar
ln -s bar/Bar test/buz
echo long >test/Very-$(LONG)-filename
ln test/Very-$(LONG)-filename \
test/short
.PRECIOUS: tar.%
tar.%: tar-%
cd $(<) && ./configure
$(MAKE) -C $(<)
install -m 0755 $(<)/src/tar $(@)
.PRECIOUS: tar-%
tar-%: tar-%.tar.gz
tar xzf $(<)
.PRECIOUS: tar-%.tar.gz
tar-%.tar.gz:
wget "https://ftp.gnu.org/gnu/tar/$(@)"
.FORCE:
clean:
rm -rf tar-* tar.* test_* test list
---8<------8<------8<------8<---
When we want to change the format of an archive we generate (e.g. those
we generate from git trees), the hashes of those archives will change.
To avoid any issue (e.g. an older Buildroot using newer archives, or the
other way around) that would conclude that the hashes do not match, we
want to change the filenames of the generated archives whenever we
change their format.
Introduce a new internal variable, specific to each site method, that we
can set to include a "format version" for the archives generated from
that site method.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
The .tar.gz default extension is historical, and we initially used
to only fetch tarballs from remote sites.
When we introduced downloads from VCS repositories, we kept that
extension, and kept compressing with gz, by lack of good reason to
switch to some other compression scheme.
However, nowadays, we will want to change the way we construct the
tarballs we generate from VCS. This will de facto change the hashes
of those tarballs.
So we will want that the archives we generate do not clash with the
existing ones, so we need another filename. Thus, we need a way to
be able to use a different extension when we generate archives from
VCS.
Use a macro as suggested by Arnout.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
The LLVM project has switched to using a monorepo to host all their
components. The separate, individual repositories have been closed
late 2020 / early 2021. The libclc repository is no longer.
Switch to using the libclc source from the llvm legacy and frozen
mirror.
Even though we could switch over to using the github helper, we just
keep using the git download method: it is a small repository, and it
will not impact people that were already using it.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Valentin Korenblit <valentinkorenblit@gmail.com>
Cc: Michael Opdenacker <michael.opdenacker@bootlin.com>
Acked-by: Romain Naour <romain.naour@gmail.com>
---
Changes v1 -> v2:
- keep everything as-is, just switch to the frozen mirror
The following commits:
- 7868289fd5 package/zic: bump version to 2020f
- c99374ecbb package/tzdata: bump version to 2020f
bumped the tzdata from version 2020a to 2020f. However, in 2020b, the
zic option '-y' was removed, and so was the yearistype.sh script [0].
This now spews annoying warnings:
warning: -y ignored
Fortunately, it still consumes its argument, so the missing yearistype.sh
is simply ignored.
Drop that option.
[0] https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
As stated in README.md, multipath-tools is covered by several licenses
and LGPL-2.0 is "just" the default license:
- GPL-2.0+ (e.g. libmultipath/alias.c)
- GPL-3.0+ (e.g. libdmmp/libdmmp.c)
- LGPL-2.1+ (e.g. libmpathcmd/mpath_cmd.c)
So replace COPYING (which is a symlink to LICENSES/LGPL-2.0) by the
approriate license files in LICENSES directory
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: further split long lines]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yair Ben-Avraham <yairba@protonmail.com>
[yann.morin.1998@free.fr:
- correctly fix build without lzma in an upstreamable fashion
- actually fix the build without udev
- depend on udev, not libudev (which does not exist)
- don't use += for the first variable assignment to _CONF_OPTS
- explicitly disable unsupported fuzz options
- add explicit optiopnal support for bash-completion
- drop useless comments about "features" and "booleans"
- fix alphabetical order in DEVELOPERS
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions
are vulnerable to a use-after-free bug in its TLS implementation. When
writing to a TLS enabled socket, node::StreamBase::Write calls
node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first
argument. If the DoWrite method does not return an error, this object is
passed back to the caller as part of a StreamWriteResult structure. This
may be exploited to corrupt memory leading to a Denial of Service or
potentially other exploits
- CVE-2020-8287: HTTP Request Smuggling in nodejs Affected versions of
Node.js allow two copies of a header field in a http request. For
example, two Transfer-Encoding header fields. In this case Node.js
identifies the first header field and ignores the second. This can lead
to HTTP Request Smuggling
- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js.
You can read more about it in
https://www.openssl.org/news/secadv/20201208.txt
Update the license hash for the addition of the (MIT licensed)
cjs-module-lexer module:
https://github.com/nodejs/node/commit/9eb1fa19248949dfc716807b1dc97dedf36da14e
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In libIEC61850 before version 1.4.3, when a message with COTP message
length field with value < 4 is received an integer underflow will happen
leading to heap buffer overflow. This can cause an application crash or
on some platforms even the execution of remote code. If your application
is used in open networks or there are untrusted nodes in the network it
is highly recommend to apply the patch. This was patched with commit
033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when
available. As a workaround changes of commit 033ab5b can be applied to
older versions.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Frotz is an interpreter for old Infocom adventures and other Z-code
games.
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes build error
output/host/opt/ext-toolchain/bin/../lib/gcc/aarch64-amd-linux-gnu/4.9.1/../../../../aarch64-amd-linux-gnu/bin/ld:
cannot find -latomic
using this defconfig
BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_AARCH64=y
BR2_PACKAGE_OPENSSL=y
libopenssl is only used here as an example: all packages adding -latomic
if BR2_TOOLCHAIN_HAS_LIBATOMIC=y are broken, like dav1d, ffmpeg, gnutls,
kodi and vlc.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
XorCurses is a remake of the 8-bit game 'Xor' by Astral Software.
Your task is to roam around a series of mazes where you have to
collect all blue masks before finding the exit. You have two 'shields'
(players) and you can use either one at any time and switch between
them. While the first level is simply a matter of navigation, the
following levels introduce further objects like bombs and teleports,
which have to be used right to solve the puzzles.
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Switch to upstream ATF of recent version to fix build with recently
updated mv-ddr. The vendor does not provide public access to newer ATF
versions anymore.
Bump U-Boot and kernel to fix dtc build on hosts with gcc 10.
Increase rootfs size. The default 60MB is not enough.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/948622614
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Don't add mbedtls support since it require a bundled and specific
version.
Keep experimental Python binding support disabled for now.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit switches the luasyslog package to use a fork of the
project that has good Lua 5.3 support.
This fork has a public repository on Github
(https://github.com/ntd/luasyslog/), and is available as a Lua Rock
(https://luarocks.org/modules/ntd/luasyslog), but unfortunately the
rockspec uses a build method that is not supported by the Buildroot
luarocks infrastructure. Therefore, we used the autotools build system
provided by this fork.
Because this fork has good support for Lua 5.3, the "Lua 5.3
compatibility" patch becomes useless and can be dropped.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The manual incorrectly refers to the script file as `setup-environment';
it is actually called `environment-setup'.
Signed-off-by: Konrad Schwarz <konrad.schwarz@siemens.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
linux-*/arch/arm/boot/dts/imx6ul.dtsi
requires the install of the sdma-imx6q.bin as stated in
line 727: fsl,sdma-ram-script-name = "imx/sdma/sdma-imx6q.bin";
without the BR2_PACKAGE_FIRMWARE_IMX_SDMA_FW_NAME being set to "imx6q"
line 102 of firmware-imx.mk does not install the firmware to to target
Signed-off-by: Rob Mellor <Rob.Mellor@ultra-pals.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Changes:
* Add JAS_VERSION_MAJOR, JAS_VERSION_MINOR, JAS_VERSION_PATCH for
easier access to the JasPer version.
* Fixes stack overflow bug on Windows, where variable-length
arrays are not available. (#256)
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
support/scripts/pkg-stats:81:22: E211 whitespace before '('
support/scripts/pkg-stats:404:1: E305 expected 2 blank lines after class or function definition, found 1
support/scripts/pkg-stats:561:12: E713 test for membership should be 'not in'
support/scripts/pkg-stats:567:1: E302 expected 2 blank lines, found 1
support/scripts/pkg-stats:595:1: E302 expected 2 blank lines, found 1
support/scripts/pkg-stats:1051:1: E302 expected 2 blank lines, found 1
support/scripts/pkg-stats:1057:1: E302 expected 2 blank lines, found 1
Also fix:
support/scripts/pkg-stats:1054:5: E722 do not use bare 'except'
found by a more recent flake8 version. The exception may be either
IndexError or AttributeError, so use Exception to catch either.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
move
http-client-body-temp-path
http-proxy-temp-path
http-fastcgi-temp-path
http-scgi-temp-path
http-uwsgi-temp-path
from /var/tmp/nginx to /var/cache/nginx
this allows the use of systemd constructs
LogsDirectory=nginx
CacheDirectory=nginx
to replace
ExecStartPre=/usr/bin/mkdir -p /var/log/nginx /var/tmp/nginx
as there isn't a similar construct for /var/tmp.
Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit improves pkg-stats to fill in pkg.status['cve'] depending
on the situation for CVEs affecting this package. They are then used
in the HTML rendering.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Virtual packages (with in pkg-stats speak have "no valid
infrastructure") and packages that have no version specified cannot be
used for CVE checking. They trigger a bunch of warnings from the CVE
checking code, as it cannot parse their version: they don't have any
version. So instead, we simply skip those packages.
A follow-up commit will improve the reporting to be able to
distinguish those packages from packages that have seen their CVEs
checked and don't have any reported.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit modifies cve.py, as well as its users cve-checker and
pkg-stats to support CPE ID based matching, for packages that have CPE
ID information.
One of the non-trivial thing is that we can't simply iterate over all
CVEs, and then iterate over all our packages to see which packages
have CPE ID information that match the CPEs affected by the
CVE. Indeed, this is an O(n^2) operation.
So instead, we do a pre-filtering of packages potentially affected. In
check_package_cves(), we build a cpe_product_pkgs dict that associates
a CPE product name to the packages that have this CPE product
name. The CPE product name is either derived from the CPE information
provided by the package if available, and otherwise we use the package
name, which is what was used prior to this patch.
And then, when we look at CVEs, we only consider the packages that
have a CPE product name matching the CPE products affected by the
CVEs. This is done in check_package_cve_affects().
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit improves the pkg-stats script to show the CPE ID of
packages, if available. For now, it doesn't use CPE IDs to match CVEs.
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Link with libatomic if available.
Fixes:
- http://autobuild.buildroot.net/results/e0766eef95a2559d51e58d1a81a9c40df84ae509
.../build/quickjs-2020-11-08/quickjs.c:12229: undefined reference to `__atomic_fetch_xor_1'
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
- make it a generic variable, not tied to -latomic
- pass it in all step, like CROSS_PREFIX
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Set CMAKE_BUILD_TYPE to Release to avoid the following build failure
with glibc < 2.12:
/home/buildroot/autobuild/run/instance-1/output-1/build/libmdbx-0.9.2/mdbx.c:487:5: error: #warning "libmdbx was only tested with GLIBC >= 2.12." [-Werror=cpp]
# warning "libmdbx was only tested with GLIBC >= 2.12."
^~~~~~~
cc1: all warnings being treated as errors
Fixes:
- http://autobuild.buildroot.org/results/1a60b2c3d2f276f99a22da48e8e16fcf5744eba0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Leonid Yuriev <leo@yuriev.ru>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since its introduction in Buildroot in 2013 with commit 07203d78c2
(trace-cmd: new package), trace-cmd has declared installing in staging.
But trace-cmd is a generic-package, and has never, ever provided any
commands for staging installation.
Drop this declaration.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
rpcbind is only used by nfsd to export nfs share supporting older
v2, v3 protocols.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
- move the select to the corresponding symbol
- tweak the commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The layout of the pacakge direcotry has changed, as upstream has added
more than just trace-cmd in the repository (e.g. kernel-shark).
However, the buildsystem for trace-cmd is... unconventional:
- the top-level Makefile will recurse into the trace-cmd/
sub-directory, but does not pass any variable on the $(MAKE) command
line; instead, it exports them in the environment, e.g.:
export CFLAGS
- the top-level Makefile appends some definitions to CFLAGS et al.,
sometimes with a simple append-assignment, sometimes with an
overriden append-assignment, e.g.:
CFLAGS += -DVSOCK
override CFLAGS += -DNO_PTRACE
- the top-level Makefile does not export all the variables. For
example, LDFLAGS is not exported;
- the Makefile in the trace-cmd/ sub-directory expects some variables
to be set, which is done by the top-level Makefile.
As a consequence, we can no longer pass our variable definitions as make
variable defintions on the command line; we must pass them in the
environment. Note that for some, like CFLAGS, that would still work, but
it would not for others, like LDFLAGS; for consistency, we put all in
the environment.
We can however use the provided 'make install', that behaves as
expected. But we must repeat most environment variables; especially, we
duplicate TARGET_CONFIGURE_OPTS as it has PATH et al. which are needed
by the top-level Makefile to properly detect tools (e.g. swig), which it
uses to decide what it should install.
Drop upstreamed patch.
Update the licensing information: new license files have been added in a
sub-directory, and the top-level COPYING now only references those two
(rather than being the actual text of the GPL-2).
Use two spaces in hash file.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
[yann.morin.1998@free.fr:
- keep using a git clone
- unbreak the build:
- use the default make target rule, or the plugins and python
bindings be built at install time, with the host compiler
- use the default install target rule
- expand commit log:
- detail buildsystem issues
- add new license files and their hashes
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add -p argument that ignore that specified directory already exists.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr:
- split to its own patch
- rewrite commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add -p argument that ignore that specified directory already exists.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr:
- split to its own patch
- rewrite commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr:
- use $(INSTALL), not "mkdir -p + cp"
- split to its own patch
- rewrite commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add the new SAM9X60 Evaluation Kit with linux4sam_2020.04
components. Update README file with new defconfigs.
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Set GIT_EXECUTABLE to OFF to avoid the following build failure:
CMake Error at /home/fabrice/br-test-pkg/br-arm-cortex-a9-glibc/host/arm-buildroot-linux-gnueabihf/sysroot/usr/share/bctoolbox/cmake/bctoolboxCMakeUtils.cmake:162 (message):
invalid git describe version: ''
Call Stack (most recent call first):
CMakeLists.txt:125 (bc_compute_lib_version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 7d17ae2acf (.flake8: fix check for 80/132 columns) introduced a
difference in how flake8 behaves between the automatic checks done in
the CI, where the maximum line length is 132, and the local checks,
where the maximum line length is 80.
The rationale at the time was that we recommend 80 char lines, but that
we accept 132 when it makes sense for readability.
However, this is very annoying when running flake8 locally, because of
two reasons:
1. human reviews on python scripts have not been as thorough as we did
expect; indeed, we've let a lot of long lines slip through; this
causes a lot of spurious failures that hide away the actual errors;
2. when hacking on a python script, the issues reported will not be
caused by the current changes, so the many reported failures
actually hide away the newly introduced issues.
Additionally, our 'make check-flake8' rule already enforces the 132-char
limit, and the issues reported are different than when manually running
flake8 on individual files.
Furthermore, the readability rationale for the 80-char limit is
definitely shattered by the mere rationale of allowing 132-char limit
for... readability...
We've arrived to a point where this separation is causing our checks
around flake8 to become mostly unusable and useless, as they do not
report meaningful issues, and people are no longer paying attention, and
this has caused actual issues to be introduced.
Finally, terminal emulators of today have long lifted the 80-char limit,
and are more than capable of displaying 132-char wide lines.
Switch back to using a 132-char limit.
This reverts commit 7d17ae2acf.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
An 'else' or 'elif' clause inside a make conditional should not be indented
in the same way as the if/endif clause. check-package did not recognize the
else statement and expected an indentation.
For example:
ifdef FOOBAR
interesting
else
more interesting
endif
would, according to check-package, need to become:
ifdef FOOBAR
interesting
else
more interesting
endif
Treat 'else' and 'elif' the same as if-like keywords in the Indent test, but
take into account that 'else' is also valid shell, so we need to correctly
handle line continuation to prevent complaining about the 'else' in:
ifdef FOOBAR
if true; \
... \
else \
... \
fi
endif
We don't add the 'else' and 'elif' statements to start_conditional, because
it would cause incorrect nesting counting in class OverriddenVariable.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a menu entry to enable/disable jitterentropy library. Make it
enabled by default to preserve the old behavior.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 7105e65cd6 ("package/openvpn:
adds target install of systemd unit files") added the installation of
systemd unit files. But in fact, they can be installed by openvpn's
build system. It was simply not working due to the custom install step
implemented in openvpn.mk.
So instead, let's have the autotools-package infra call "make
install", which properly installs everything that's needed for
openvpn, including systemd units, but also plugins, etc.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
While bumping:
* removing upstreamed patches
* adding a dependency on libatomic_ops required by the newer version
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
François Perrad already has package/lua* associated to him in the
DEVELOPERS file, so it makes sense to have him as well associated to
all Lua test cases.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch adds libmdbx v0.9.2:
- libmdbx is one of the fastest compact embeddable key-value ACID database.
- libmdbx has a specific set of properties and capabilities,
focused on creating unique lightweight solutions.
- libmdbx surpasses the legendary LMDB (Lightning Memory-Mapped Database)
in terms of reliability, features and performance.
- https://github.com/erthink/libmdbx
Signed-off-by: Leonid Yuriev <leo@yuriev.ru>
[yann.morin.1998@free.fr: split long lines]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
gdb python support now uses Python3 if python3 is selected, otherwise
uses python(2) as before.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
[yann.morin.1998@free.fr: drop the gdb-python-config duplication]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The gdb-python-config simulates a python-2.7, with a hard-coded 2.7
version.
gdb also supports running with python3 nowadays, so prepare the wrapper
to return appropriate values.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
XML bomb protection for Python stdlib modules.
Signed-off-by: Simon Rowe <simon.rowe@citrix.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Dependency on threads comes from libllcp itself not from libusb (which
is not even selected)
While at it, also add a comment about this dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
[yann.morin.1998@free.fr: two spaces for license files in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit d82da39d55 forgot to move
BR2_PACKAGE_CA_CERTIFICATES condition under BR2_PACKAGE_LIBTASN1 to
avoid the following build failure:
checking if trust module is enabled... configure: WARNING: --with-libtasn1 is needed in order to build the trust module, disabling
no
checking for trust module paths... configure: error: need --enable-trust-module in order to specify trust module paths.
Fixes:
- http://autobuild.buildroot.org/results/e7f68205e1b776f9af34e6017f6eb17f46aa2f19
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Rebase on the mv-ddr-devel branch as the release branches are no longer
maintained.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Required in order to build properly with the latest stable release of
EDK2 UEFI firmware.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Additionally, fix the ldflags specification of the package version.
The "autogen" script does not actually configure anything anymore, and
instead exports a LDFLAGS environment variable which we can't
use. Instead, specify the version information via LDFLAGS directly in
the Buildroot makefile, similar to containerd and other packages.
While at it, fix the formatting of the hash file for the LICENSE file
hash.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
While at it, fix the formatting of the hash file for the LICENSE file
hash.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adds build targets for runc shims.
Removes the outdated and now unnecessary symlinks to docker-runc
docker-containerd etc as well.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In barebox v2020.09.0, kconfig has been updated to a newer version
based on Linux 5.9-rc2. As in linux, kconfig can call the compiler
to test its capabilities.
We have no way to know if a custom version would require it or not,
so we just unconditionally depend on the toolchain
Signed-off-by: Jules Maselbas <jmaselbas@kalray.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We're now using 2.32 as the default glibc version, so we no longer
need to use a special version for the ARC architecture.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for obsolete RPC was dropped in glibc 2.14 (2011-05-31), then
reinstated and marked obsolete in glibc 2.16 (2012-06-30), and finally
dropped for good in 2.32 (2020-08-04), which we are about to start
using.
In preparation for that, drop the usage of obsolete RPC support in
glibc.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: add a bit of history]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Same version as NXP release 5.4.70-2.3.0
- No changelog provided by NXP
- Tested on Nitrogen8M device with Weston (DRM backend) as follows:
# cd /usr/share/examples/viv_samples/vdk/
# ./tutorial7
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Same version as NXP release 5.4.70-2.3.0
- EULA/COPYING: update to LA_OPT_NXP_Software_License v17
- No changelog provided by NXP
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Same version as NXP release 5.4.70-2.3.0
- EULA/COPYING: update to LA_OPT_NXP_Software_License v17
- backend libraries have moved to separated folders
- can now be simply copied, no more symlink or -fb/wl/x11.so
- wayland backend was renamed from 'wl' to 'wayland'
- sed on headers for LINUX removed as packages now expected to use
pkgconfig files properly (just like fb fixup was removed)
Key Improvements (from NXP changelog):
- GLES CTS 3.2.6.1
- Vulkan 1.1.6
- OpenVX 1.2
- GPU & NPU accelerated ML support
- OpenCV 4.2
- Chromium v74
- Support for renderdoc 1.7
- Support for TFlite 2.2
- NNCTS 1.2
- Vulkan backend support for Unity
Fixes: afbeed5d17 ("package/freescale-imx/imx-gpu-viv: bump version to
6.4.3.p0.0")
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With the introduction of gdb 10.1, we now have four versions of gdb
supported, so let's drop support for the oldest.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Now that we have added gdb 10.1, let's switch to using gdb 9.2 as the
default version.
Noe that there previously was a discrepancy between the default when a
host gdb was enabled, and when it was not: in the ofrmer case, the
default was 8.3.x, while for the latter it was 8.2.x. Now both are
aligned to 9.2.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: add blurb about previous version discrepancy]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
All patches from gdb 9.2 are kept, except
0006-sim-ppc-Fix-linker-error-with-fno-common.patch which is
upstream. The other patches are rebased to accommodate some code
re-organization in gdb 10.x, especially the move of the gdbserver code
from gdb/gdbserver/ to gdbserver/.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Starting with glibc-2.32, the RPC code has been removed from
glibc [0], and it is not possible anymore to enable it, even
with the --enable-obsolete-rpc configure option (which was
also removed).
riscv32 and arc both use a glibc 2.32+ so do not forcefully
enable native RPC for them.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The logic in gen-bootlin-toolchains was assuming all glibc toolchains
have RPC support, which is no longer true since glibc 2.32 has dropped
RPC support.
It turns out that gen-bootlin-toolchains already had some proper logic
that selects BR2_TOOLCHAIN_HAS_NATIVE_RPC depending on the presence of
BR2_TOOLCHAIN_EXTERNAL_INET_RPC in the toolchain fragment. As such
toolchain fragments have been fixed in https://toolchains.bootlin.com,
we can now rely on this to properly decide if the toolchain has RPC
support or not.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
[yann.morin.1998@free.fr:
- fix filename for sha256 entry
- two spaces in hash file
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
It was originally added in 6dc861f2a2 ("libtirpc: new package")
for libtirpc 0.2.2 (8 years ago). It might have been fixed in
5f00f8c ("Remove dependency to nis.h"), released in 1.0.2.
Testing with test-pkg shows the only failure for br-riscv32:
RPC support not available in C library, please disable
BR2_TOOLCHAIN_EXTERNAL_INET_RPC
But test fails with the same error even when this patch is kept.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Use a more generic template for SysV init script, similar to packages
like syslog-ng. This includes adding support for both reload and
restart. Add support for sourcing /etc/default/connmand file, so that
new commandline arguments can be added more easily.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The upstream git tree has disappeared, but a ZIP file is still hosted
somewhere at NXP. The content of that zip file has been verified to be
100% identical to the tarball we hosted on s.b.o.
As this is a zip file, we can't use the generic extract commands, and
must come up with our own. As such, it no longer makes sense to fix the
CRLF as a post-extract hook; this is moved to the extract command.
Add a hash file while at it.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
With 1.10, building without libnuma is no longer supported (upstream
commit 240938737e: rt-tests: cyclictest: Remove support for compiling
without NUMA)
So, revert 7e90744e6 (package/rt-tests: make numactl an optional
dependency) while bumping to rt-test 1.10.
Signed-off-by: Florian La Roche <Florian.LaRoche@gmail.com>
[yann.morin.1998@free.fr: reintroduce dependency on numactl]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This variable can be used by package to pass extra environment
variables to the download logic. It will be used for the Go/Cargo
vendoring.
The <pkg>_DL_ENV variable is intentionally not documented: at this
point, it is not meant to be used by packages directly, but only by
package infrastructures.
Suggested-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: move the two _ENV variables to the same line]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for the jitterentropy lib is added by the services/entropyd
module in the SELinux refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for the iputils is added by the admin/netutils module in the
SELinux refpolicy for the following tools :
- arping
- ping
- tracepath
- traceroute6
Support for rdisc is added by services/rdisc.
Support for tftpd is added by services/tftp.
Note: listing the same SELinux module multiple times is OK, as the list
of modules is eventually $(sort)ed anyway.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
[yann.morin.1998@free.fr: simplifications to only use positive logic]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for wpa_supplicant is added by the services/networkmanager
module in the SELinux refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for NetworkManager is added by the services/networkmanager
module in the SELinux refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for iwd and its configuration files is added by the
services/networkmanager module in the SELinux refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
typing_extensions package is needed starting from aiohttp v3.7.1.
While at it sort all dependencies alphabetically.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As of meson 0.56.0, `<lang>_args` and `<lang>_link_args` in the
`[properties]` section are deprecated and should be placed in the
`[built-in options]` section instead.
Source: https://mesonbuild.com/Machine-files.html#properties
Fixes the following deprecation warnings:
> DEPRECATION: c_args in the [properties] section of the machine file is deprecated, use the [built-in options] section.
> DEPRECATION: c_link_args in the [properties] section of the machine file is deprecated, use the [built-in options] section.
> DEPRECATION: cpp_args in the [properties] section of the machine file is deprecated, use the [built-in options] section.
> DEPRECATION: cpp_link_args in the [properties] section of the machine file is deprecated, use the [built-in options] section.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, rt-tests don't show up in menuconfig and cannot be built if
BR2_PACKAGE_NUMACTL_ARCH_SUPPORTS is not available for the target
architecture. In such a case numactl is also not available what
applies for most small embedded targets.
This dependency was introduced with commit 7f50cbfb80
("package/rt-tests: bump to version 1.8")
But rt-tests can also be build without numactl when passing NUMA=0 to make.
This possibility is documented on
https://wiki.linuxfoundation.org/realtime/documentation/howto/tools/rt-tests
So this commit changes rt-tests to handle numactl as an optional
dependency.
Signed-off-by: Andreas Klinger <ak@it-klinger.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This adds generic firmware for USB TI 3410/5052 devices and a couple of
device specific firmwares.
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the folloing build failure with protobuf (enabled since commit
31c68a449e) and gcc 5.3.0:
[ 53%] Building CXX object modules/dnn/CMakeFiles/opencv_dnn.dir/opencv-caffe.pb.cc.o
In file included from /home/peko/autobuild/instance-1/output-1/per-package/opencv3/host/opt/ext-toolchain/mips64el-buildroot-linux-uclibc/include/c++/5.5.0/atomic:38:0,
from /home/peko/autobuild/instance-1/output-1/per-package/opencv3/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/google/protobuf/io/coded_stream.h:115,
from /home/peko/autobuild/instance-1/output-1/build/opencv3-3.4.12/buildroot-build/modules/dnn/opencv-caffe.pb.h:23,
from /home/peko/autobuild/instance-1/output-1/build/opencv3-3.4.12/buildroot-build/modules/dnn/opencv-caffe.pb.cc:4:
/home/peko/autobuild/instance-1/output-1/per-package/opencv3/host/opt/ext-toolchain/mips64el-buildroot-linux-uclibc/include/c++/5.5.0/bits/c++0x_warning.h:32:2: error: #error This file requires compiler and library support for the ISO C++ 2011 standard. This support must be enabled with the -std=c++11 or -std=gnu++11 compiler options.
#error This file requires compiler and library support \
^
Fixes:
- http://autobuild.buildroot.org/results/7caf175af039054a032b8f63b458b3940d9ec0f3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenCV-3's buildsystem will try to detect ccache and use it if
available. This may yield a system-installed ccache.
However, in Buildroot, ccache is entirely hidden away and handled in the
toolchain wrapper.
Forcibly disable detection of ccache.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The imx-gpu-viv install libOpenCL.so.1.2 library and cl.h header,
so declare it as a libopencl provider.
With this support we can select the clinfo package provided by
Buildroot instead of the one provided by imx-gpu-viv package.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add all configure options through DHCP_CONFIG_OPTS and avoid splitting
lines when they are less than 80 characters
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With BR2_RELRO_PARTIAL or BR2_RELRO_FULL, our toolchain wrapper will
forcibly add -Wl,-z,relro to any call to the actual compiler. This
usually works OK, because gcc will only use those options it needs for
the compile step it has to carry: pre-processing, compiling, assembling,
or linking, and ignore those options it does not need.
Excpt in one case: when -v is passed standalone, with no input file,
then gcc will falsely believe it has to do a link stage;
$ gcc -Wl,-z,relro -v
[...]
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/9/../../../x86_64-linux-gnu/Scrt1.o: in function `_start':
(.text+0x24): undefined reference to `main'
collect2: error: ld returned 1 exit status
Fixing that in our wrapper will not be easy, because we'd have to detect
there is no input file. Doing so would probably require we support
almost all gcc options to differentiate between the parameter of an
option (e.g. -I /some/path) from an actual inpout file. This would not
be very robust, and would have a high risk od breaking when we introduce
the next gcc version.
Since it seems that only rhash is affected, due to its inventive,
custom, hand-written configure script, we just patch it to be a bit more
robust in the face of a compiler that could not accept -v, and fallback
to --version.
Fixes:
- http://autobuild.buildroot.org/results/8605c16cc28316954ce8b9dcc266974390c5da20
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- retain "$CC -v" as default, fallback to "$CC --version", in the hope
that it stands better chance with upstream
- write a commit log to explain the actual root-cause of the build
failure
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Multi format codec (MFC) is the IP present in Samsung Exynos series SoCs
for video encoding/decoding operations.
Signed-off-by: Stefan Agner <stefan@agner.ch>
[yann.morin.1998@free.fr: add all FW versions]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In buildroot, stripping for the target is configured and implemented
with the global `BR2_STRIP_strip` option that drive the stripping in
the target-finalize step.
So, we explicitly disable stripping at build time for the target
variants.
For the host variants, however, we don't much care about symbols and
stuff, but smaller executables will hopefully load faster than bigger
ones (disputable, given that sections in ELF files are paged-in
on-demand), so we explictly enable stripping.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[yann.morin.1998@free.fr:
- add burb about the target-finalize step
- enable stripping for host variants
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes:
- http://autobuild.buildroot.net/results/966a3de94aa97fa8e9895eede29c9cbfb4bd7301
.../host/lib/gcc/arm-buildroot-linux-musleabihf/9.3.0/../../../../arm-buildroot-linux-musleabihf/bin/ld: warning: libisccfg.so.163, needed by ../../lib/bind9/.libs/libbind9.so, not found (try using -rpath or -rpath-link)
.../host/lib/gcc/arm-buildroot-linux-musleabihf/9.3.0/../../../../arm-buildroot-linux-musleabihf/bin/ld: ../../lib/bind9/.libs/libbind9.so: undefined reference to `cfg_obj_line'
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Peter: replace by upstream patches]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2020-25692: A NULL pointer dereference was found in OpenLDAP server
and was fixed in openldap 2.4.55, during a request for renaming RDNs. An
unauthenticated attacker could remotely crash the slapd process by sending
a specially crafted request, causing a Denial of Service.
- CVE-2020-25709: Assertion failure in CSN normalization with invalid input
- CVE-2020-25710: Assertion failure in CSN normalization with invalid input
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Peter: add CVE info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Includes security fixes up to XSA-359:
XSA-345: x86: Race condition in Xen mapping code
XSA-346: undue deferral of IOMMU TLB flushes
XSA-347: unsafe AMD IOMMU page table updates
XSA-348: undue recursion in x86 HVM context switch code (CVE-2020-29566)
XSA-351: Information leak via power sidechannel (CVE-2020-28368)
XSA-352: oxenstored: node ownership can be changed by unprivileged clients
(CVE-2020-29486)
XSA-353: oxenstored: permissions not checked on root node (CVE-2020-29479)
XSA-355: stack corruption from XSA-346 change
XSA-356: infinite loop when cleaning up IRQ vectors (CVE-2020-29567)
XSA-358: FIFO event channels control block related ordering (CVE-2020-29570)
XSA-359: FIFO event channels control structure ordering (CVE-2020-29571)
And drop now upstreamed security patches.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2020-8277: Denial of Service through DNS request (High). A Node.js
application that allows an attacker to trigger a DNS request for a host of
their choice could trigger a Denial of Service by getting the application
to resolve a DNS record with a larger number of responses.
https://nodejs.org/en/blog/release/v12.19.1/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The commit [1] added this option a second time.
Remove the first occurence.
Fixes:
configs/nitrogen6x_defconfig:31:warning: override: reassigning to symbol BR2_PACKAGE_HOST_UBOOT_TOOLS
[1] 6ea9f662a0
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This will avoid the following build failure with xtensa:
[ 62%] Linking CXX executable ../../guids_test
[ 62%] Building CXX object retrace/CMakeFiles/retrace_common.dir/retrace.cpp.o
CMakeFiles/guids_test.dir/guids_test.cpp.o:(.debug_line+0xf7b): dangerous relocation: overflow after relaxation
collect2: error: ld returned 1 exit status
lib/guids/CMakeFiles/guids_test.dir/build.make:85: recipe for target 'guids_test' failed
Fixes:
- http://autobuild.buildroot.org/results/8fea93a88bb34e98e391a048c3b996b45ebac803
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In a Linux system without IPv6 support (or booted with "ipv6.disable=1")
file /proc/net/snmp6 is not present. If such file is not present an allocated
memory is not freed. Memory leak occurs even without snmp queries.
Problem seen at least since netsnmp 5.7.3 (probably even v5.6.1).
Patch backported from netsnmp 5.9, where the problem does not appear any more.
Signed-off-by: Adam Wujek <dev_public@wujek.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add xf86drm.c as the license file and while at it, update the indentation
in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that
$ssl_force_tls was processed if an IMAP server's initial server response
was invalid. The connection was not properly closed, and the code could
continue attempting to authenticate. This could result in authentication
credentials being exposed on an unencrypted connection, or to a
machine-in-the-middle.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_PACKAGE_QT5BASE_OPENSSL was dropped by commit 4be1f9b9873
(package/qt5enginio: drop qt 5.6 support), but python-pyqt5 not updated to
match. Fix that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This allows to build against newer kernels (up to 5.10).
Added support for new HW (Edimax EW-7811Un V2, RTL8188FU, MERCUSYS
MW150US v2, various RTL8188CE)
Tested on kernel v5.9.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The host-ncurses install step attempts to run ldconfig, causing a permission
failure:
cd /buildroot/output/host/lib && (ln -s -f libncurses.so.6.0 libncurses.so.6; ln -s -f libncurses.so.6 libncurses.so; )
test -z "" && /sbin/ldconfig
/sbin/ldconfig: Can't create temporary cache file /etc/ld.so.cache~: Permission denied
make[3]: [/buildroot/output/host/lib/libncurses.so.6.0] Error 1 (ignored)
The error is non-fatal and ignored, but confusing.
The ncurses makefiles already avoid calling ldconfig when DESTDIR is set
(target case) but for host-ncurses DESTDIR is empty and the output/host path
is passed via --prefix.
Pass an empty ac_cv_path_LDCONFIG to the configure step, so than ldconfig is
not called.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The 'opkg.py' script installed by host-opkg-utils has as shebang:
#!/usr/bin/env python3
which may not be available on all host machines.
Add a potential dependency on host-python3 via BR2_PYTHON3_HOST_DEPENDENCY,
which will only add the host-python3 dependency if no python3 is already
available on the host.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
His e-mail has been bouncing for quite a while:
<sunsetbrew@sunsetbrew.com>: connect to
sunsetbrew.com[2a05:d014:9da:8c10:306e:3e07:a16f:a552]:25: Network is
unreachable
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
His e-mail has been bouncing for quite a while:
<owen@walpole.dev>: connect to mail.walpole.dev[99.91.194.115]:25: Connection
timed out
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When BR2_PER_PACKAGE_DIRECTORIES=y, $(TARGET_DIR) is evaluated as
$(BASE_DIR)/target, but $$(TARGET_DIR) is evaluated as
$(BASE_DIR)/per-package/$(PKG)_NAME/target.
Signed-off-by: Tian Yuanhao <tianyuanhao@aliyun.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When building for an ARMv8 in 32-bit, Go does not yet support ARMv8
optimizations (see issue: https://github.com/golang/go/issues/29373)
but can still benefit from ARMv7 optimizations.
Signed-off-by: Michael Baudino <michael@baudi.no>
[yann.morin.1998@free.fr:
- move the comment to its own line, expand and reword it a bit
- reword the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit fixes a typo in variable names that caused CC and CXX
environment variables to be empty.
Signed-off-by: Michael Baudino <michael@baudi.no>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Starting with CMake 3.4 CMake supports setting a compiler launcher
like ccache. The feature is described in
https://cmake.org/cmake/help/latest/variable/CMAKE_LANG_COMPILER_LAUNCHER.html
This should be safe since everything is built for the host using make or ninja.
The use of *_ARG1 is discouraged by the cmake developers
https://cmake-developers.cmake.narkive.com/OTa9EKfj/cmake-c-compiler-arg-not-documented .
Without this patch I get the following error message with CMake 3.19.1 on Arch Linux.
Disabling BR2_CCACHE also resolves the issue.
/usr/bin/cmake [~]/buildroot/build/host-lzo-2.10/ -DCMAKE_INSTALL_SO_NO_EXE=0 -DCMAKE_FIND_ROOT_PATH="[...]" -DCMAKE_FIND_ROOT_PATH_MODE_PROGRAM="BOTH" -DCMAKE_FIND_ROOT_P
ATH_MODE_LIBRARY="BOTH" -DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE="BOTH" -DCMAKE_INSTALL_PREFIX="[...]" -DCMAKE_C_FLAGS="-O2 -I[...]/include" -DCMAKE_CXX_FLAGS="-O2 -I[...]/include" -DCMAKE_EXE_LINKER_FLAGS="-L[...]/lib -Wl,-rpath,[...]/lib" -DCMAKE_SHARED_LINKER_FLAGS="-L[...]/l
ib -Wl,-rpath,[...]/lib" -DCMAKE_ASM_COMPILER="/usr/bin/as" -DCMAKE_C_COMPILER="[...]/bin/ccache" -DCMAKE_CXX_COMPILER="[...]/bin/ccache"
-DCMAKE_C_COMPILER_ARG1="/usr/bin/gcc" -DCMAKE_CXX_COMPILER_ARG1="/usr/bin/g++" -DCMAKE_COLOR_MAKEFILE=OFF -DBUILD_DOC=OFF -DBUILD_DOCS=OFF -DBUILD_EXAMPLE=OFF -DBUILD_EXAMPLES=OFF -DBUILD_TEST=OFF -DBUILD_TESTS=OFF -DBUILD_TESTING=O
FF -DENABLE_SHARED=ON -DENABLE_STATIC=OFF )
-- The C compiler identification is unknown
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - failed
-- Check for working C compiler: [...]/bin/ccache
-- Check for working C compiler: [...]/bin/ccache - broken
CMake Error at /usr/share/cmake-3.19/Modules/CMakeTestCCompiler.cmake:66 (message):
The C compiler
Signed-off-by: Bernd Amend <bernd.amend@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Tested-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This is really only for QoriQ SoCs. Also the upstream package - despite
its base name of the git repository - is "qoriq-components/rcw". Thus
rename it to a more specify package name.
Note that there are other rcw implementations for other platforms, and
each implementation only applies to that specific platform; it hus does
not make sense that there are more than one rcw enabled at the same
time; so we keep using /usr/share/rcw as the install location; this also
help backward compatibility with existing post-build scripts.
Signed-off-by: Changming Huang <jerry.huang@nxp.com>
Cc: Michael Walle <michael@walle.cc>
[yann.morin.1998@free.fr:
- rebase on master
- incorporate changes by Michael
- don't move to an 'nxp' sub-directory
- reword the legacy entry; select the new package
- expand commit log to explain why we keep installing in
host/usr/share/rcw/ (thanks to Michael for prompting that)
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Remove the note about non-working network. This was actually fixed with
linux kernel 5.9. This board is now on 5.10.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release. Drop the now upstreamed patches and add 3 new post-2.0.2
patches from the fixes branch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.15.6 (released 2020/12/03) includes fixes to the compiler, linker, runtime,
the go command, and the io package.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
TF-A supports stack smashing protection (-fstack-protector-*).
However, that feature is currently silently disabled because
ENABLE_STACK_PROTECTOR is not set during build time.
As documented in the TF-A user guide, the flag ENABLE_STACK_PROTECTOR
is required to enable stack protection support. When enabled the symbols
for the stack protector (e.g. __stack_chk_guard) are built.
This needs to be done because TF-A does not link against an external
library that provides that symbols (e.g. libc).
So in case we see that BR2_SSP_* is enabled, let's enable the corresponding
ENABLE_STACK_PROTECTOR build flag for TF-A as documented in the TF-A user guide.
This patch also fixes a the following linker errors with older TF-A versions
if BR2_SSP_* is enabled (i.e. -fstack-protector-* is used as compiler flag)
and ENABLE_STACK_PROTECTOR is not set, which are caused by the missing
stack protector symbols:
[...]
params_setup.c:(.text.params_early_setup+0xc): undefined reference to `__stack_chk_guard'
aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x14): undefined reference to `__stack_chk_guard'
aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x104): undefined reference to `__stack_chk_guard'
aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x118): undefined reference to `__stack_chk_fail'
aarch64-none-linux-gnu-ld: ./build/px30/release/bl31/pmu.o: in function `rockchip_soc_sys_pwr_dm_suspend':
pmu.c:(.text.rockchip_soc_sys_pwr_dm_suspend+0xc): undefined reference to `__stack_chk_guard'
[...]
TF-A releases after Nov 2019, that include 7af195e29a4, will circumvent
these issue by explicitliy and silently disabling the stack protector
by appending '-fno-stack-protector' to the compiler flags in case
ENABLE_STACK_PROTECTOR is not set.
Tested on a Rockchip PX30 based system (TF-A v2.2 and upstream/master).
Signed-off-by: Christoph Müllner <christoph.muellner@theobroma-systems.com>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Commit 78dc1f185b forgot to update the
license file from COPYING to LICENSE.
Here is an extract of the ChangeLog for Nmap 7.90 [2020-10-03]:
Upgraded the Nmap license form a sort of hacked-up version of GPLv2 to a
cleaner and better organized version (still based on GPLv2) now called
the Nmap Public Source License to avoid confusion. See
https://nmap.org/npsl/ for more details and annotated license text. This
NPSL project was started in 2006 (community discussion here:
https://seclists.org/nmap-dev/2006/q4/126) and then it lost momentum for
7 years until it was restarted in 2013
(https://seclists.org/nmap-dev/2013/q1/399) and then we got distracted
by development again. We still have some ideas for improving the NPSL,
but it's already much better than the current license, so we're applying
NPSL Version 0.92 to the code now and can make improvements later if
needed. This does not change the license of previous Nmap releases.
Fixes:
- http://autobuild.buildroot.org/results/8cef6a5e99ae341cced405a389346e2faccf6eec
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patch '0001-fix-compile-time-atomic-detection.patch' claims to be Merged but
this is not true. The linked issue is closed with 'Needs information', and
the code itself is effectively not merged.
Clarify the 'Upstream-status' line to make this more clear.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
* 4.6.2: A vulnerability (CVE-2020-27783) was discovered in the HTML Cleaner
by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner now
removes more sneaky "style" content.
* 4.6.1: A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry,
which allowed JavaScript to pass through. The cleaner now removes more
sneaky "style" content.
For more details, see the changes file:
https://github.com/lxml/lxml/blob/lxml-4.6.2/CHANGES.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A new major version, see the announcement for details:
https://mosquitto.org/blog/2020/12/version-2-0-0-released/
License has now changed to v2.0 of the Eclipse Public License, so update the
license info and hashes to match.
There is now optional cJSON support, so handle that.
Add upstream post-2.0.0 patches fixing build with cJSON and without TLS
support.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2020-27207: Zetetic SQLCipher 4.x before 4.4.1 has a
use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in
sqlite3.c. A remote denial of service attack can be performed. For
example, a SQL injection can be used to execute the crafted SQL command
sequence. After that, some unexpected RAM data is read.
https://www.zetetic.net/blog/2020/11/25/sqlcipher-442-release
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Propagate the fmt dependency on wchar.
Fixes:
- http://autobuild.buildroot.net/results/814b0f9c3df0076791ca73579b844ef4d56f13c3
[ 66%] Building CXX object CMakeFiles/fmt.dir/src/os.cc.o
In file included from .../build/fmt-7.1.3/include/fmt/os.h:26,
from .../build/fmt-7.1.3/src/os.cc:13:
.../build/fmt-7.1.3/include/fmt/format.h:1139:8: error: 'wstring' in namespace 'std' does not name a type
std::wstring str() const { return {&buffer_[0], size()}; }
^~~~~~~
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Currently, the ti-sgx packages and the beaglebone_qt5_defconfig do
not work with KMS nor Weston. What's worse, is the latest SDK version
06.03.00.106 (as of this commit) of these packages is broken and does
not correctly support KMS, and attempting to run KMS applications
results in eglfs initialization failures. As such, bumping these
packages to the version before 06.03.00.106 is the best option.
Because of the above problems, several packages must change at the
same time to ensure this patch does not break any other packages:
- ti-sgx-libgbm
- dropped, merged into ti-sgx-um, see below
- ti-sgx-um:
- bump the version that matches TI SDK 06.01.00.08.
- demove select BR2_PACKAGE_TI_SGX_LIBGBM in Config.in, as the libgbm
package merges ti-sgx-libgbm with this package.
- ti-sgx-km:
- bump the version that matches TI SDK 06.01.00.08.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Tested-by: Markus <zehnder@live.com>
[yann.morin.1998@free.fr:
- actually switch qt5base to use ti-sgx-um
- split the beaglebone config changes to their own patch
- split the ti-sgx-demos changes to their own patch
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Weston does not work with the ti-sgx SDK, so switch to using the
KMS-based demos.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr: split off into its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
weston does not work on the ti-sgx SDK, so switch to using KMS directly,
and drop the wayland-related config options.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr: split into its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Chnage hash file license marker to the more usual 'Hashes for
license files' text.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The hash of the license file is changed due to:
-Copyright (c) 2008-2019 Andrey Petrov and contributors (see CONTRIBUTORS.txt)
+Copyright (c) 2008-2020 Andrey Petrov and contributors (see CONTRIBUTORS.txt)
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changes:
* Fix CVE-2020-27828, heap-overflow in cp_create() in jpc_enc.c
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The configure script now runs 'make ready'. Drop it from BUILD_CMDS.
Refresh the musl support path.
Upstream now provides sha256 hashes. Format hashes with two spaces.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The Qt KNX module implements the client side of a connection between a
client and a KNXnet/IP server.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The Qt MQTT module provides a standard compliant implementation of the
MQTT protocol specification.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some qmake based packages need to call the syncqt.pl script before
building to have a properly populated "include" directory inside the
package build tree.
This script is normally automatically executed by qmake when a source
tree is from a git clone: buildroot purges the .git directory hence
the script never runs, and we need to call it explicitly. Setting
<pkg>_SYNC_QT_HEADERS = YES will force calling this script.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When tags was added by commit 011206b2bf
to detect the qemu command line, the qemu_arm_vexpress_tz_defconfig
was ignored due to a build issue.
This build issue has been fixed by previous patches, so we can
enable the runtime testing by adding the tag in the readme.txt
and the post-image script in the defconfig.
Since Qemu from HOST_DIR is now executed directly from BINARIES_DIR,
we can remove all the string before "qemu-system-*".
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Usually the qemu command line start directly with "qemu-system-<arch> ...".
But the command line for qemu_arm_vexpress_tz_defconfig start by doing
"cd output/images && ../host/bin/qemu-system-arm". This is necessary
since boot binaries, except BL1, are primarily loaded via semi-hosting
so all binaries has to reside in the same directory as QEMU is started
from [1].
To order to handle this case correctly, update the post-image.sh used
by all qemu defconfigs to execute qemu from BINARIES_DIR.
Since we have to change the current directory use a subshell to
restore the current directory after Qemu execution.
[1] https://github.com/ARM-software/arm-trusted-firmware/blob/4ebbea9592ab37fc62217d0ac62fa13a3e063527/docs/plat/qemu.rst
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When boot-qemu-image.py script was added, we wanted to run
each qemu defconfig in gitlab, so we expect that all qemu
defconfig generate the script start-qemu.sh in images
directory.
Don't make it a hard requirement even if we prefer to be
able to do a runtime test for each qemu defconfig.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which
allows access by actors other than the current user.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Bump to the latest kernel v5.9.11 and require openssl.
- Switch to PSCI for bringing up the secondary CPUs.
- Switch to GICv3.
- Update the instruction in the readme.txt to use the latest FVP v8
Foundation Platform 11.12 build 38, and to start 4 cores in SMP.
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fix the download url to reflect upstream website changes.
- Fix line numbers in patch 0001.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
upstream is finally using include_lib to include libraries. Adapt the patch
accordingly.
The hash of the license file has changed, due to:
-Copyright 2002-2019 ProcessOne SARL
+Copyright 2002-2020 ProcessOne SARL
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The rebar.config.script file adds a dependency to base64url package. Since we remove
all rebar dependencies, add a patch to remove such dependency. Otherwise rebar would
try to download it during the build.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The license file hash has changed due to:
-Copyright 2002-2019 ProcessOne SARL
+Copyright 2002-2020 ProcessOne SARL
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The license file hash has changed due to:
-Copyright 2002-2019 ProcessOne SARL
+Copyright 2002-2020 ProcessOne SARL
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- remove 0001-fix-compiler-errors-with-gcc-10.patch
(upstream)
- remove 0002-added-include-string-to-card.h-to-follow-gcc10-porti.patch
(upstream)
- convert to meson
- add patch to use system fmt instead of git submodule (fixes
configure 'ERROR: Include dir ext/fmt/include does not exist.')
- add patch to use system pybind11 instead of git submodule (fixes
configure 'ERROR: Include dir ext/pybind11/include does not exist.')
- add patch to use python only if pykms is enabled (fixes
configure 'ERROR: Dependency "pybind11" not found, tried pkgconfig')
- add optional libevdev dependency (needed for utils/kmstouch)
- update LICENSE file hash (replaced short copyright notice and
link to http://mozilla.org/MPL/2.0/ with complete license text)
- lift toolchain headers requirement to at least 4.11 (include
linux/dma-buf.h)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
While bumping, removing upstreamed patches. Removing also autoreconf
step cause we are not patching it anymore.
License hash is changed due to remove of notice for file
filter/sys5ippprinter.c.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
linux-firmware version 20201022 introduced a new sdio firmware for
QCA9377 sdio devices. Install it when support is selected.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
For readability, this reformatting is done in a separate commit, as this
package contains many license files.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Exporting ARCH and KERNELDIR makes easier to compile an external kernel
or out of tree kernel modules.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This commit adds a number of test cases to verify that the CPE_ID_*
variables are properly handled by the generic package infrastructure
and that the "make show-info" JSON output matches what we expect.
A total of 5 different example packages are used to exercise different
scenarios of CPE_ID_* variables usage.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, the match between Buildroot packages and CVEs is solely
based on the package names. Unfortunately, as one can imagine, there
isn't necessarily a strict mapping between Buildroot package names,
and how software projects are referenced in the National Vulnerability
Database (NVD) which we use.
The NVD has defined the concept of CPE (Common Platform Enumeration)
identifiers, which uniquely identifies software components based on
string looking like this:
cpe:2.3:a:netsurf-browser:libnsbmp:0.1.2:*:*:*:*:*:*:*
In particular, this CPE identifier contains a vendor name (here
"netsurf-browser"), a product name (here "libnsbmp") and a version
(here "0.1.2").
This patch series introduces the concept of CPE ID in Buildroot, where
each package can be associated to a CPE ID. A package can define one
or several of:
- <pkg>_CPE_ID_VENDOR
- <pkg>_CPE_ID_PRODUCT
- <pkg>_CPE_ID_VERSION
- <pkg>_CPE_ID_VERSION_MINOR
- <pkg>_CPE_ID_PREFIX
If one or several of those variables are defined, then the
<pkg>_CPE_ID will be defined by the generic package infrastructure as
follows:
$(2)_CPE_ID = $$($(2)_CPE_ID_PREFIX):$$($(2)_CPE_ID_VENDOR):$$($(2)_CPE_ID_NAME):$$($(2)_CPE_ID_VERSION):$$($(2)_CPE_ID_VERSION_MINOR):*:*:*:*:*:*
<pkg>_CPE_ID_* variables that are not explicitly specified by the
package will carry a default value defined by the generic package
infrastructure.
If a package is happy with the default <pkg>_CPE_ID, and therefore
does not need to define any of <pkg>_CPE_ID_{VENDOR,PRODUCT,...}, it
can set <pkg>_CPE_ID_VALID = YES.
If any of the <pkg>_CPE_ID_{VENDOR,PRODUCT,...} variables are defined
by the package, then <pkg>_CPE_ID_VALID = YES will be set by the
generic package infrastructure.
Then, it's only if <pkg>_CPE_ID_VALID = YES that a <pkg>_CPE_ID will
be defined. Indeed, we want to be able to distinguish packages for
which the CPE ID information has been checked and is considered valid,
from packages for which the CPE ID information has never been
verified. For this reason, we cannot simply define a default value
for <pkg>_CPE_ID.
The <pkg>_CPE_ID_* values for the host package are inherited from the
same variables of the corresponding target package, as we normally do
for most package variables.
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Reviewed-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, when the version encoded in a CPE is '-', we assume all
versions are affected, but when it's '*' with no further range
information, we assume no version is affected.
This doesn't make sense, so instead, we handle '*' and '-' in the same
way. If there's no version information available in the CVE CPE ID, we
assume all versions are affected.
This increases quite a bit the number of CVEs and package affected:
- "total-cves": 302,
- "pkg-cves": 100,
+ "total-cves": 597,
+ "pkg-cves": 135,
For example, CVE-2007-4476 has a CPE ID of:
cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*
So it should be taken into account. In this specific case, it is
combined with an AND with CPE ID
cpe:2.3:o:suse:suse_linux:10:*:enterprise_server:*:*:*:*:* but since
we don't support this kind of matching, we'd better be on the safe
side, and report this CVE as affecting tar, do an analysis of the CVE
impact, and document it in TAR_IGNORE_CVES.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Enabling package host build for abootimg so that boot images can be
created for boards which boot from this format.
Signed-off-by: Mike Frampton <mikeframpo@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Installs the required Wifi/BT firmware blobs for the Qualcomm
Dragonboard 410c SBC.
Signed-off-by: Mike Frampton <mikeframpo@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Update the hash accordingly.
- Remove a patch, as its fix is in this new version of pixz.
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Attempting to compile this package with newer Kernel version (e.g. v5.4)
fails with message:
Generating local configuration database from kernel ...Kernel version parse failed!
Upgrading the package to 5.8 fixes this issue. Anyways, v4.4 is now
rather old and beat the very purpose of having newer drivers in older
kernels.
Since backports tag v4.14-rc4-1, the requirement on minimal kernel
version changed from 3.0 to 3.10. See commit [1]. The minimal kernel
version check is changed accordingly.
License files are also updated: the linux backports package copies the
license files from the kernel version used for its generation. v5.8 is
now "GPL-2.0 WITH Linux-syscall-note". However, there is no such SPDX
identifier (contrary to what is said in the COPYING file), so we keep it
as GPL-2.0 (which also keeps it aligned to what we have in linux.mk).
[1] https://git.kernel.org/pub/scm/linux/kernel/git/backports/backports.git/commit/?id=a0d05f9f9ca50ea8b1d60726fac6b54167257e76
Signed-off-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Tested-by: Petr Vorel <petr.vorel@gmail.com>
[yann.morin.1998@free.fr: keep license as GPL-2.0, like for linux]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* master: (125 commits)
package/jpeg-turbo: security bump to version 2.0.5
package/modem-manager: bump to version 1.14.8
package/c-ares: security bump to version 1.17.0
docs/website: update for 2020.02.8
Update for 2020.02.8
docs/website: update for 2020.08.2
Update for 2020.08.2
package/qemu: fix build with 64 bits time_t
package/harfbuzz: fix build without threads
boot/uboot: fix custom repo error message
package/numactl: needs -fPIC
package/dovecot-pigeonhole: fix build with per-package directories
package/libpam-tacplus: remove duplicate LIBPAM_TACPLUS_AUTORECONF
package/openntpd: needs host-bison
package/xorriso: fix host option
DEVELOPERS: drop Trent Piepho
package/postgresql: security bump to version 12.5
package/redis: security bump to version 6.0.9
Revert "package/linux-backports: bump version to 5.8"
package/linux-backports: bump version to 5.8
...
python-protobuf: drop patch 0001 as it is applied upstream
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Static build of luajit is disabled since commit b2e8f28efa
("package/luajit: disable for static build"). Remove the related
BUILDMODE handling as well.
Cc: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bumping the package requires two fixes:
* pillow looks for header files in paths returned by pkg-config.
On buildroot, pkg-config returns nothing if PKG_CONFIG_ALLOW_SYSTEM_CFLAGS
is disabled.
* png is the default pillow image format and png format is working only
if python zlib module is available.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Tested-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
QT can default to outputting the logs to syslog instead of to the
console with this compile time switch. That behavior can still be
overridden by setting the environment variable QT_LOGGING_TO_CONSOLE to
1.
Signed-off-by: Jeff Zignego <jzignego@hedcontrols.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
# Board Revision is P307, same nvram file can be used for P304, P305, P306 and P307 as the tssi pa params used are same
#Please force the automatic RX PER data to the respective board directory if not using P307 board, for e.g. for P305 boards force the data into the following directory /projects/BCM43362/a1_labdata/boardtests/results/sdg_rev0305
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.