This bump is mainly to fix the header file nameclash problem with LiTE,
in package/lite. See the libite project's README for how to adapt to
this change, and the ChangeLog for details. In short, libite now use
the /usr/include/libite/*.h prefix.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This addresses the autobuilder failure for master as per 2021-11-27.
The root cause was a name clash in a dependency, the libite library,
clashing with the DirectFB LiTE library header files. Hence, this
update alone does not fix [1], libite also needs to be updated. To
provide a smooth transition though, watchdogd should be updated first.
[1]: http://autobuild.buildroot.net/results/185c753af2aa159b494b13f78b0826dddbe4aed6
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Do the same as commit "12c01079bd package/stress-ng: bump to version
0.13.05" did for 2022.02 but without the version bump.
The project URL returns 404 error because:
Quoting Coling King:
"Unfortunately when I left Canonical last week they removed my tarballs"
So use github and update hash.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Ricardo: do not bump the version.
There will be no version clash at sources.buildroot.net since the file
format changed]
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@datacom.com.br>
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
We define _DEFAULT_SOURCE in mkpasswd.c to suppress a compiler warning.
In file included from /usr/include/x86_64-linux-gnu/bits/libc-header-start.h:33,
from /usr/include/stdio.h:27,
from [...]/buildroot/output/arm64/build/host-mkpasswd/mkpasswd.c:24:
/usr/include/features.h:187:3:
187 | # warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE"
| ^~~~~~~
As per GLIBC 2.20 release notes[1]:
The _BSD_SOURCE and _SVID_SOURCE feature test macros are no longer
supported; they now act the same as _DEFAULT_SOURCE (but generate a
warning). Except for cases where _BSD_SOURCE enabled BSD interfaces
that conflicted with POSIX (support for which was removed in 2.19),
the interfaces those macros enabled remain available when compiling
with _GNU_SOURCE defined, with _DEFAULT_SOURCE defined, or without
any feature test macros defined.
[1] https://lwn.net/Articles/611162/
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes:
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc';
scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Reviewed-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Commit 82d1e8c628 (boot/grub2: use none platform when building for
host) changed host-grub2 to only install the tools, not the actual
bootloader or its modules, as they are of no use on the host.
It so happened that, when not instructed to built for a specific
platform, the grub2 buildsystem would default to build the legacy bios
platform (at least when the build happens on an x86 or x86_64 host).
However, because the host is more often than not an x86 or x86_64, when
the target was also an x68 or x86_64, the modules built for the host
could be re-used for the target, and this is what was done for our
pc_x86_64_bios_defconfig.
But now that we explicitly tell the grub2 buildsystem to not build any
platform when we build host-grub2, we no longer have access to the grub2
modules from the host directory, and the build fails when assembling the
final image.
We fix that in two ways:
First, we ensure that individual modules from the target grub2 get installed
in target/; we can only do that if the target grub2 tools are also
installed, so we enable that in the configuration.
Second, we fix the post-build script to look in target/ rather than in
host/.
All that, just for the 512-byte boot.img bootstrap, which pulls in all
the other modules (4.3MiB), the tools (8.8MiB)... But we are not going
to cherry-pick individual modules; this is error prone and
unmaintainable...
Reported-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Köry Maincent <kory.maincent@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some last-minute changes were made when applying commits 7a68960b68
(boot/grub2/Config.in: add symbols to represent legacy and EFI boot) and
4d5b209384 (package/mender-grubenv: fix grub module checks), and the
renaming of the BR2_TARGET_GRUB_LEGACY was not fully propagated.
This caused the path to the boot files to always be interpreted as being
the EFI one, and never the legacy one. In practice, that was not causing
any build failure, because the path was passed at build-time to
mender-grubenv, that would use it as the location where to install its
files, and finally as the location where our image-isntall commands
would look for them.
Still this is incorrect because it would not match where grub2 would
eventually end up lookig for its files at runtime...
To avoid further issue, drop the conditional block dedicated to setting
the path to the boot files, drop the intermediate variable, and move
setting the environment variable down into the existing conditional
block.
We do drop the intermediate variable, because there is no longer any
genericity needed: the installation commands are already duplicated for
the two cases anyway.
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Köry Maincent <kory.maincent@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 0cfa165948 (package/pkg-utils.mk: introduce "name" field in
show-info output) did what it said, but did so in the generic show-info
part, thus it was also added to filesystems (rootfs), the other kind of
entity that show-info reports on.
Only packages have a "name"; filesystems do not. Instead, they already
have an 'image_name'.
Move the 'name' field to the package-related part of show-info.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The unmatched escaped single-quote lies in the middle of a few
function calls, so they too must be fake-closed to properly fix
colour highlighting in some editors.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Some packages install nothing in target nor staging, but install images
(like the kernel vmlinux, or a bootloader boot blob...)
If we want to appropriately account for the files installed by each
package, we also need to take images/ into account.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When calling 'printvars', the 'suitable-host-package' macro is printed
(a macro is just a variable like the others, after all, just with some
parameters). Because it is printed as a variable, it is missing its
parameters, but it still tries to evaluate the $(shell) construct.
This causes spurious warning:
make[1]: support/dependencies/check-host-.sh: Command not found
Only try and call the script if there is actually a tool to check for.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When calling 'printvars' on a just-configured tree, the output contains
many spurious warnings about pkg-config being not found:
make[1]: [...]/host/bin/pkg-config: Command not found
This is partly because a few packages call pkg-config at the time the
Makefile is parsed (really, right when make evaluates the recipe before
executing it).
It is customary, instead, to defer the call to pkg-config to the actual
shell running the recipe's commands, like all our other packages do.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Currently, the build_dir field is reported relative to $(BASE_DIR), to
avoid leaking local paths.
However, BASE_DIR is not a directory that is very convenient: for
in-tree builds, it is $(CONFIG_DIR)/output/, while for out-of-tree
builds, it is $(CONFIG_DIR). This difference is purely an idiosyncracy
of how out-of-tree builds have been implemented in Buildroot, and is
not under the control of the user.
What the user is in control of, however, is where the .config file is
located. This, really, is the directory we should base relative paths
on.
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit b68810e70c (boot/grub2: add support to build multiple Grub2
configurations in the same build) broke mender-grubenv by splititng up
BR2_TARGET_GRUB2_BUILTIN_MODULES into two separate symbols, one for
legacy boot and one for EFI boot.
This change causes a systematic build failure now, as the legacy variable
BR2_TARGET_GRUB2_BUILTIN_MODULES is now always empty (during build).
We fix that by supplicating the missing modules to check: one for EFI and
one for legacy boot.
The EFI check is tricky: Indeed, there can be more than one EFI platform
enabled simultaneously; indeed, on x86_64, we can have both the 32-bit
and 64-bit EFI platforms enabled. So the check is inverted, and we check
that no platform is not enabled (yeah, double negation). For consistency,
we do the same for the legacy boot, even though in that case, there can
only ever be only one enabled at once at most.
Furthermore, mender-grubenv does not support multiple installations of
grub concurrently; it can only be installed for either legacy or EFI,
not both at the same time: /etc/mender-grubenv.cfg, its configuration
file, can only contain settings for one or the other, not both.
So we add a new check to Config.in to support only one grub installation
type at a time.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[yann.morin.1998@free.fr:
- drop superfluous check on empty modules lists
- move EFI and legacy commands under same condition as checks
- variables were renamed
- misc eye-candy
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Köry Maincent <kory.maincent@bootlin.com>
The help was missing the regexp module.
The variable assignment was missing spaces around the equal sign.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[yann.morin.1998@free.fr: split to its own patch, fix assignment too]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Köry Maincent <kory.maincent@bootlin.com>
There are cases to want a synthetic information whether the legacy BIOS
or U-Boot boot scheme, or the EFI boot scheme, are enabled, without
resorting to testing all and each platforms.
This is already the cae in grub2 itself, for the configuration of the
BIOS/U-Boot boot partition, and builtin modules and configuration on one
hand, and the EFI builtin modules and configuraiton on the other hand.
It is also the case for mender-grubenv, which will want to know if
either or both are enabled, but without having to resort to testing all
the cases.
Add two new symbols, that each represent those conditions:
* BR2_TARGET_GRUB2_HAS_LEGACY_BOOT
* BR2_TARGET_GRUB2_HAS_EFI_BOOT
Each target selects the appropriate bool, which makes it much more
simple for other packages such as mender-grubenv to check if grub legacy
or EFI is selected.
And of course, we also make use of those symbols in grub2 itself, to
simplify the conditions for showing.hiding legacy and EFI options.
Additionally (but that does not merit being in its own patch), add a
comment on the closing 'endif' for the EFI part.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[yann.morin.1998@free.fr:
- s/BR2_TARGET_GRUB_/BR2_TARGET_GRUB2_/
- rename variables anyway
- use variables in grub2 itself
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Köry Maincent <kory.maincent@bootlin.com>
Fix CVE-2021-4020: janus-gateway is vulnerable to Improper
Neutralization of Input During Web Page Generation ('Cross-site
Scripting')
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As already done for libglib2 in commit
b094f88a4d, fix girdir to avoid the
following build failure with gst1-plugins-base and introspection:
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/riscv32-buildroot-linux-gnu/sysroot/usr/bin/g-ir-compiler gst-libs/gst/tag/GstTag-1.0.gir --output gst-libs/gst/tag/GstTag-1.0.typelib --includedir=/usr/share/gir-1.0
Could not find GIR file 'Gst-1.0.gir'; check XDG_DATA_DIRS or use --includedir
Fixes:
- http://autobuild.buildroot.org/results/d1e2bdde97777ff61c185d375ba412a93e7ca467
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2021-30535: Double free in ICU in Google Chrome prior to
91.0.4472.77 allowed a remote attacker to potentially exploit heap
corruption via a crafted HTML page.
https://nvd.nist.gov/vuln/detail/CVE-2021-30535
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
xz compresses better than bzip2, and is (getting) more popular, so build
release tarballs as .tar.xz (in addition to .tar.gz) instead of .tar.bz2,
similar to how the kernel did ~8 years ago:
https://www.kernel.org/happy-new-year-and-good-bye-bzip2.html
-rw-r--r-- 1 peko peko 5,1M Dec 2 17:55 buildroot-2021.11-rc3.tar.xz
-rw-r--r-- 1 peko peko 5,7M Nov 30 18:15 buildroot-2021.11-rc3.tar.bz2
-rw-r--r-- 1 peko peko 6,8M Nov 30 18:15 buildroot-2021.11-rc3.tar.gz
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with uclibc < 1.0.35 raised since bump
to version 3.8 in commit 1f89c80417:
In file included from ./sys/random.h:40,
from getrandom.c:22:
/home/giuliobenetti/autobuild/run/instance-0/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/include/sys/random.h:27:35: error: unknown type name 'size_t'
27 | extern int getrandom(void *__buf, size_t count, unsigned int flags)
| ^~~~~~
/home/giuliobenetti/autobuild/run/instance-0/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/include/sys/random.h:8:1: note: 'size_t' is defined in header '<stddef.h>'; did you forget to '#include <stddef.h>'?
7 | #include <features.h>
+++ |+#include <stddef.h>
8 |
Fixes:
- http://autobuild.buildroot.org/results/adecc3e5def140348dfff30961fe6514c9a8e7b5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't install compile_et as it raises the following build failure with
samba4 since, at least, bump to version 4.14.7 in commit
630e85f8f5:
source4/heimdal/lib/asn1/asn1_err.c:47:23: error: 'link' redeclared as different kind of symbol
47 | static struct et_list link = { 0, 0 };
| ^~~~
In file included from /home/giuliobenetti/autobuild/run/instance-1/output-1/host/s390x-buildroot-linux-gnu/sysroot/usr/include/bits/sigstksz.h:24,
from /home/giuliobenetti/autobuild/run/instance-1/output-1/host/s390x-buildroot-linux-gnu/sysroot/usr/include/signal.h:328,
from /home/giuliobenetti/autobuild/run/instance-1/output-1/host/s390x-buildroot-linux-gnu/sysroot/usr/include/sys/param.h:28,
from ../../lib/replace/../replace/replace.h:659,
from ../../source4/heimdal_build/config.h:10,
from source4/heimdal/lib/asn1/asn1_err.c:1:
/home/giuliobenetti/autobuild/run/instance-1/output-1/host/s390x-buildroot-linux-gnu/sysroot/usr/include/unistd.h:819:12: note: previous declaration of 'link' was here
819 | extern int link (const char *__from, const char *__to)
| ^~~~
Fixes:
- http://autobuild.buildroot.org/results/d6de6ed59c553f6f413d280f3c65184945bb3850
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use single space in LIBFOO_{DEVICES,PERMISSIONS} to be consistent with
LIBFOO_USERS, package/makedevs/README and most examples/packages
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This fixes build on an ARM64 host (and I assume also
other non-x86).
Signed-off-by: Urja Rannikko <urjaman@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update fourth patch to add girdir in gio-2.0.pc. This will fix the
following build failure with libnice raised since commit
aade2fd293:
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/riscv32-buildroot-linux-gnu/sysroot/usr/bin/g-ir-compiler nice/Nice-0.1.gir --output nice/Nice-0.1.typelib --includedir=/usr/share/gir-1.0
Could not find GIR file 'GObject-2.0.gir'; check XDG_DATA_DIRS or use --includedir
Fixes:
- http://autobuild.buildroot.org/results/3088ef32b03e0bb984291b1227b187f1ff816eb7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-3973: vim is vulnerable to Heap-based Buffer Overflow
- Fix CVE-2021-3974: vim is vulnerable to Use After Free
- Fix CVE-2021-3968: vim is vulnerable to Heap-based Buffer Overflow
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that our pipelines are using the Docker image from the Gitlab
registry, there is no longer any reason to push the image to the
Docker hub.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On a properly setup machine, it is totally useless to use sudo to run
docker; it is very bad practice. Instead, users really should add
themselves to the docker group.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In Pure-FTPd 1.0.49, an incorrect max_filesize quota mechanism in the
server allows attackers to upload files of unbounded size, which may
lead to denial of service or a server hang. This occurs because a
certain greater-than-zero test does not anticipate an initial -1 value.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
* In some situations the X.509 verifier would discard an error on an
unverified certificate chain, resulting in an authentication bypass.
Thanks to Ilya Shipitsin and Timo Steinlein for reporting.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an
mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted
input, leading to a segmentation fault on 32-bit platforms.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure raised since the addition of
introspection in commit 3915e17e77:
/home/giuliobenetti/autobuild/run/instance-1/output-1/host/bin/../riscv32-buildroot-linux-gnu/sysroot/usr/bin/g-ir-compiler -l `/usr/bin/sed -nE "s/^dlname='([A-Za-z0-9.+-]+)'/\1/p" libgee-0.8.la` -o Gee-0.8.typelib Gee-0.8.gir libgee-0.8.la
Could not find GIR file 'GObject-2.0.gir'; check XDG_DATA_DIRS or use --includedir
error parsing file Gee-0.8.gir: Failed to parse included gir GObject-2.0
Fixes:
- http://autobuild.buildroot.org/results/884faa0f84c8dc43ed1ca6cde9caf21c731a4b35
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since upstream commit bb1d35dc1767 [1] (which is part of the bump to
version 1.4.60), configure.ac no longer checks for a specific C
standard. It will therefore use the "default" standard. With autoconf
2.69 (which is what is used to generate the configure script in the
tarball), the default standard is C89, which requires no option to be
passed to the compiler. However, that means that older compilers, e.g.
GCC 4.8, will indeed use C89 and not C99. This leads to the following
error.
array.c:140:2: error: 'for' loop initial declarations are only allowed in C99 mode
for (uint32_t i = 0; i < sz; ++i) {
^
In autoconf 2.71 (which is used by Buildroot), the default standard has
changed: it is now C11 if available, C99 failing that, and finally fall
back to C89. Since GCC 4.8 (and later) support C11, that's what will be
selected, so C99 is allowed as well. Thus, running autoreconf fixes the
build.
The issue was reported upstream [2].
Fixes:
- http://autobuild.buildroot.org/results/0349d8fed35b0766796dd9ba3b8de6ff8bd68fe7
[1] https://redmine.lighttpd.net/projects/lighttpd/repository/14/revisions/bb1d35dc17671bc308e25651b4f5fa0c3008cc69
[2] https://redmine.lighttpd.net/issues/3116
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Starting with uboot 2021.10, with upstream commit 473fc279c89 (kconfig /
kbuild: Re-sync with Linux 4.20), the kconfig in uboot now needs the
compiler to detect its features.
Like was done for linux in 3fc990a798 (linux: kconfig needs the
toolchain) and barebox in 1c1a629d81 (boot/barebox: kconfig needs the
toolchain), add the toolchain to the kconfig dependencies of uboot.
Reported-by: Davian on IRC
Reported-by: Xogium on IRC
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As stated on www.pcre.org:
"Note that the former ftp.pcre.org FTP site is no longer available."
Update _SITE URL to Sourceforge.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following per-package build failure with apache:
/home/buildroot/autobuild/instance-3/output-1/per-package/apparmor/host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/../../usr/build-1/libtool --silent --mode=link /home/buildroot/autobuild/instance-3/output-1/per-package/apparmor/host/bin/aarch64-linux-gcc -o mod_apparmor.la -rpath /usr/modules -module -avoid-version mod_apparmor.lo -L/home/buildroot/autobuild/instance-3/output-1/per-package/apparmor/host/bin/../aarch64-buildroot-linux-gnu/sysroot/usr/lib -lapparmor
/home/buildroot/autobuild/instance-3/output-1/per-package/apache/host/opt/ext-toolchain/bin/../lib/gcc/aarch64-buildroot-linux-gnu/9.3.0/../../../../aarch64-buildroot-linux-gnu/bin/ld: cannot find /lib64/libc.so.6
This build failure is raised because the fix added by commit
3c836e5420 was incomplete as the apr
special libtool script was not patched (see commit
b747c29c4e for a detailled explanation)
Fixes:
- http://autobuild.buildroot.org/results/6747b1cb11b129ea4bcb1ecc9645e94fb8e095e8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure raised since bump to version 1.47 in
commit 710b0eaebe:
/home/buildroot/autobuild/instance-3/output-1/host/opt/ext-toolchain/arm-buildroot-uclinux-uclibcgnueabi/bin/ld.real: sg_dd.o: in function `sg_read_low.constprop.0':
sg_dd.c:(.text+0xc6c): undefined reference to `sg_chk_n_print3'
Fixes:
- http://autobuild.buildroot.org/results/38a0dfc70a21ce574368b7a485deb231f778b3e7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- fix getrandom compile for uclibc < v1.0.35, add missing stddef.h
include (fixed in uclibc since v1.0.35, see [1])
Fixes:
.../host/x86_64-buildroot-linux-uclibc/sysroot/usr/include/sys/random.h:27:35: error: unknown type name ‘size_t’
27 | extern int getrandom(void *__buf, size_t count, unsigned int flags)
| ^~~~~~
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
We need to backport an upstream patch adding async_timeout 4.0.0
compatibility since we are still on aiohttp version 3.7.4.post0.
Fixes:
>>> import aiohttp
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.9/site-packages/aiohttp/__init__.py", line 6, in <module>
File "/usr/lib/python3.9/site-packages/aiohttp/client.py", line 35, in <module>
File "/usr/lib/python3.9/site-packages/aiohttp/http.py", line 7, in <module>
File "/usr/lib/python3.9/site-packages/aiohttp/http_parser.py", line 15, in <module>
File "/usr/lib/python3.9/site-packages/aiohttp/helpers.py", line 667, in <module>
TypeError: function() argument 'code' must be code, not str
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The server does not support TLS v1.2, causing dowloads to fall back to
sources.buildroot.net. Mail sent to the project owner bounces, so it
looks like this issue will not be solved anytime soon.
Switch to HTTP, like was done in commit 399ad854cc (package/mksh:
fix project URL in Config.in) for the homepage, and rely on our hashes
to verify the integrity and authenticity of the download.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
[yann.morin.1998@free.fr: slight rewording in the commit message]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As was just done for the target variant in commit 8d23bc990c
(package/luajit: fix LUAJIT_XCFLAGS), also fix the host variant
which uses the same flags.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Currently, when BR2_LINUX_KERNEL_INSTALL_TARGET=y is selected, issuing
a "saveenv" command in the U-Boot prompt may lead to rootfs corruption.
When BR2_LINUX_KERNEL_INSTALL_TARGET is not selected, then
board/freescale/common/imx/genimage.cfg.template is used as per the logic
inside board/freescale/common/imx/post-image.sh.
board/freescale/common/imx/genimage.cfg.template correctly puts the
rootfs at a safe offset.
With BR2_LINUX_KERNEL_INSTALL_TARGET=y, then
board/freescale/common/imx/genimage.cfg.template_no_boot_part or
board/freescale/common/imx/genimage.cfg.template_no_boot_part_spl
are used and no offset to the rootfs is given, which may cause U-Boot
environment area to write into the rootfs area, causing the rootfs
corruption.
Avoid this problem by placing the rootfs at an 8MB offset, just like
it is done in board/freescale/common/imx/genimage.cfg.
Tested on a imx6qp-wandboard and also on a custom imx6ull based board.
"saveenv" does not corrupt the rootfs anymore after this change.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Build of coreutils with uclibc < 1.0.35 is broken since bump to version
9.0 in commit 2ee43bad85:
In file included from ./lib/sys/random.h:40,
from lib/getrandom.c:22:
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/include/sys/random.h:27:35: error: unknown type name 'size_t'
27 | extern int getrandom(void *__buf, size_t count, unsigned int flags)
| ^~~~~~
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/include/sys/random.h:8:1: note: 'size_t' is defined in header '<stddef.h>'; did you forget to '#include <stddef.h>'?
7 | #include <features.h>
+++ |+#include <stddef.h>
8 |
Fixes:
- http://autobuild.buildroot.org/results/c69f5c8b8e53ed3de753f0c6d2cdd99497504b49
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
genrandconfig is used by the Buildroot autobuilders to generate
semi-random configurations that we build test. As part of this, we use
"make randpackageconfig" to randomize the selection of packages,
together with a KCONFIG_PROBABILITY value, which indicates the
probabibility for each option to be enabled. This probability is
itself randomized, between 1% and 30% for every build.
However, with our increasing number of packages (over 2900), when we
use a 30% probability for options to be enabled, it means a *lot* of
options are enabled, causing very large configurations to be
tested. These configurations are not very realistic, and they take
ages to build on our autobuilders: we have builds that take 4, 5 or
even 7 hours to build.
In order to test a larger number of configurations and therefore a
larger variety of configurations, this commit reduces the maximum
probability to 20%.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop second patch (already in version)
- Fix CVE-2021-43400: An issue was discovered in gatt-database.c in BlueZ
5.61. A use-after-free can occur when a client disconnects during D-Bus
processing of a WriteValue call.
http://www.bluez.org/release-of-bluez-5-62
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As usual with cmake packages, static builds are not supported and result
in the following build failure:
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/powerpc-buildroot-linux-uclibc/9.3.0/../../../../powerpc-buildroot-linux-uclibc/bin/ld: /home/buildroot/autobuild/instance-1/output-1/host/powerpc-buildroot-linux-uclibc/sysroot/usr/lib/libcrypto.a(c_zlib.o): in function `zlib_stateful_expand_block':
c_zlib.c:(.text+0x54): undefined reference to `inflate'
Instead of patching CMakeLists.txt to add a call to pkg-config, add a
dependency on dynamic library
Fixes:
- http://autobuild.buildroot.org/results/16a89075e6a809a551e7155a64a4e6b6701428e1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add myself as co-maintainer of SMCRoute in Buildroot, handy since I'm
the upstream maintainer anyway.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The heuristic to extract the various variables of interest is pretty
crude: we filter on variables ending with certain suffixes (like
'%_VERSION' to get the version strings).
However, in doing so, we may dump variables that are not actual package
versions (especially with br2-external trees), and those may contain one
or more equal sign. And anyway, an actual package version string may
very well contain an equal sign too.
But the current situation is that the output of 'printvars' is split on
all equal signs, which will not fit in the 2-tuple we assign the result,
thus causing an exception.
Fix that by limiting to a single split.
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 9c068b4be8 (package/glmark2: fix wayland build) extended the set
of required libraries for various "flavor" options by selecting those
libraries from the blind options.
However, those blind options are true as soon as their requirements are
met (the depends on), even when glmark2 itself is not enabled.
This means that extra libraries are pulled in to the build, even when
not required.
We fix that by moving the actual selects to the main symbol, along with
the proper conditions. This means that we have two lines that select
wayland-protocols, under two different conditions; we could make that a
single select, but the condition would need to be on two lines anyway,
so meh...
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure with glibc >= 2.34:
In file included from /home/giuliobenetti/autobuild/run/instance-0/output-1/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/signal.h:328,
from /home/giuliobenetti/autobuild/run/instance-0/output-1/host/arm-buildroot-linux-gnueabihf/include/c++/11.2.0/csignal:42,
from src/mongo/stdx/thread.h:33,
from src/mongo/db/client.h:46,
from src/mongo/db/operation_context.h:36,
from src/mongo/db/pipeline/variables.h:32,
from src/mongo/db/pipeline/dependencies.h:37,
from src/mongo/db/matcher/expression.h:38,
from src/mongo/db/matcher/expression_parser.h:34,
from src/mongo/db/pipeline/document_source_list_sessions.cpp:34:
src/mongo/stdx/thread.h:107:56: error: call to non-'constexpr' function 'long int sysconf(int)'
107 | std::max(kMongoMinSignalStackSize, std::size_t{MINSIGSTKSZ});
|
Fixes:
- http://autobuild.buildroot.org/results/6be8efb96547f8ec6e9b776abae8c1b51501e9ed
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As explained by Jörg [1], iteration with pairs() does not result in the
same order since luajit 2.1.
From [2]
"Table iteration with pairs() does not result in the same order?
The order of table iteration is explicitly undefined by the Lua
language standard. Different Lua implementations or versions may use
different orders for otherwise identical tables. Different ways of
constructing a table may result in different orders, too. Due to
improved VM security, LuaJIT 2.1 may even use a different order on
separate VM invocations or when string keys are newly interned.
If your program relies on a deterministic order, it has a bug.
Rewrite it, so it doesn't rely on the key order.
Or sort the table keys, if you must."
Note: The "luvi -v" return 255 even on success.
[1] http://lists.busybox.net/pipermail/buildroot/2021-November/627938.html
[2] https://luajit.org/faq.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Francois Perrad <francois.perrad@gadz.org>
Cc: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Luvi uses the cross bytecode generation of host-luajit
the bytecode format has 2 flavors, depending of GC64 option.
Since the commit https://github.com/LuaJIT/LuaJIT/commit/bd00094c3b50e193fb32aad79b7ea8ea6b78ed25
GC64 mode is enable by default on all 64bits platform.
With this patch, luajit and host-luajit are built with the same option,
so the bytecode generated by host-luajit is valid on luajit.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Romain:
- update commit title
- add a comment about missing LUAJIT_ENABLE_GC64]
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit reworks how BR2_PACKAGE_LUAJIT_ARCH_SUPPORTS is
defined to follow the recommended syntax.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Francois Perrad <francois.perrad@gadz.org>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
[yann.morin.1998@free.fr: alphabetical order]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Luajit package has been recently updated to the latest commit in the
master branch [1]. Since then LUAJIT_VERSION doesn't contain the luajit
version anymore but a commit hash:
LUAJIT_VERSION = 05f1984e1a862e4b3d3c3b370c773492e2edf84a
Use pkg-config --variable=version luajit in luvi package to set
LUA_PATH correctly.
Fixes:
luajit: unknown luaJIT command or jit.* modules not installed
https://gitlab.com/buildroot.org/buildroot/-/jobs/1710552605
[1] 9450b53c8e
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure with gcc 4.8 raised since the addition
of the package in commit c23612b5db:
In file included from /home/buildroot/autobuild/instance-3/output-1/build/opencv4-4.5.4/modules/videoio/src/cap_ffmpeg_impl.hpp:100:0,
from /home/buildroot/autobuild/instance-3/output-1/build/opencv4-4.5.4/modules/videoio/src/cap_ffmpeg.cpp:50:
/home/buildroot/autobuild/instance-3/output-1/build/opencv4-4.5.4/modules/videoio/src/cap_ffmpeg_hw.hpp: In constructor 'HWAccelIterator::HWAccelIterator(cv::VideoAccelerationType, bool, AVDictionary*)':
/home/buildroot/autobuild/instance-3/output-1/build/opencv4-4.5.4/modules/videoio/src/cap_ffmpeg_hw.hpp:939:23: error: use of deleted function 'std::basic_istringstream<char>& std::basic_istringstream<char>::operator=(const std::basic_istringstream<char>&)'
s_stream_ = std::istringstream(accel_list);
^
In file included from /home/buildroot/autobuild/instance-3/output-1/host/opt/ext-toolchain/arm-none-linux-gnueabi/include/c++/4.8.3/complex:45:0,
from /home/buildroot/autobuild/instance-3/output-1/build/opencv4-4.5.4/modules/core/include/opencv2/core/cvstd.inl.hpp:47,
from /home/buildroot/autobuild/instance-3/output-1/build/opencv4-4.5.4/modules/core/include/opencv2/core.hpp:3306,
from /home/buildroot/autobuild/instance-3/output-1/build/opencv4-4.5.4/modules/videoio/include/opencv2/videoio.hpp:46,
from /home/buildroot/autobuild/instance-3/output-1/build/opencv4-4.5.4/modules/videoio/src/precomp.hpp:57,
from /home/buildroot/autobuild/instance-3/output-1/build/opencv4-4.5.4/modules/videoio/src/cap_ffmpeg.cpp:42:
/home/buildroot/autobuild/instance-3/output-1/host/opt/ext-toolchain/arm-none-linux-gnueabi/include/c++/4.8.3/sstream:272:11: note: 'std::basic_istringstream<char>& std::basic_istringstream<char>::operator=(const std::basic_istringstream<char>&)' is implicitly deleted because the default definition would be ill-formed:
class basic_istringstream : public basic_istream<_CharT, _Traits>
^
/home/buildroot/autobuild/instance-3/output-1/host/opt/ext-toolchain/arm-none-linux-gnueabi/include/c++/4.8.3/sstream:272:11: error: use of deleted function 'std::basic_istream<char>& std::basic_istream<char>::operator=(const std::basic_istream<char>&)'
Fixes:
- http://autobuild.buildroot.org/results/60f8846b435dafda0ced412d59ffe15bdff0810d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure raised since bump to version 0.3.39 in
commit d9796f2db9:
/tmp/ccsZ6haQ.s:467: Error: selected processor does not support `vmrs r3,fpscr' in ARM mode
/tmp/ccsZ6haQ.s:469: Error: selected processor does not support `vmsr fpscr,r3' in ARM mode
/tmp/ccsZ6haQ.s:490: Error: selected processor does not support `vmrs r3,fpscr' in ARM mode
/tmp/ccsZ6haQ.s:492: Error: selected processor does not support `vmsr fpscr,r3' in ARM mode
Fixes:
- http://autobuild.buildroot.org/results/d449095c67b9477fc95ebbab5eb628e5eb4ea5c6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure on one mips toolchain with gcc 5.3
raised since bump to version 2.18.2 in commit
47fa16dffa:
src/lib/hash/sha3/sha3.cpp: In function 'std::tuple<long long unsigned int, long long unsigned int, long long unsigned int, long long unsigned int, long long unsigned int> Botan::{anonymous}::xor_CNs(const uint64_t*)':
src/lib/hash/sha3/sha3.cpp:41:42: error: converting to 'std::tuple<long long unsigned int, long long unsigned int, long long unsigned int, long long unsigned int, long long unsigned int>' from initializer list would use explicit constructor 'constexpr std::tuple< <template-parameter-1-1> >::tuple(_UElements&& ...) [with _UElements = {long long unsigned int, long long unsigned int, long long unsigned int, long long unsigned int, long long unsigned int}; <template-parameter-2-2> = void; _Elements = {long long unsigned int, long long unsigned int, long long unsigned int, long long unsigned int, long long unsigned int}]'
A[4] ^ A[9] ^ A[14] ^ A[19] ^ A[24]};
^
Upstream suggested to revert a commit while they work on a better fix.
The commit to revert was a fix for XCode on Clang 12, neither of which
apply to us in Buildroot, so we can indeed just carry that revert.
Fixes:
- http://autobuild.buildroot.org/results/4e86c3008aa70284a3002f426066fcc21d018e95
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: explain why we revert]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Fix CVE-2021-3928: vim is vulnerable to Stack-based Buffer Overflow
- Drop patch (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently when a tag is added to the Buildroot git tree, the gitlab-ci
create a pipeline with several hundred of jobs (~750) to build all
defconfigs and execute the Buildroot testsuite.
However, there is only a limited number of gitlab-ci runner (9 runners)
and some jobs reach the timeout limit (24h) while waiting for a runner
[1]. Indeed, the Buildroot project doesn't use the Gitlab's shared
runners.
In addition to the pipeline created when a new tag is added to the
git repository, two pipelines are created each weeks to execute the
Buildroot testsuite (on monday [2]) and build all defconfigs (on
Thursday [3]).
At some point there are too many jobs waiting in gitlab due board
defconfigs builds. Indded a board defconfig requires a lot of time
(~30min) compared to other jobs in order to build a toolchain and a
kernel linux along with a basic rootfs. There is currently 262
defconfigs.
This is even worse when several pipelines are trigged at the same
time (new git tag and scheduled pipeline trigger).
In order to reduce the number of long jobs, don't build board
defconfigs with pipelines trigged on tag, keeping only the runtime
tests and the Qemu's defconfigs.
[1] https://gitlab.com/buildroot.org/buildroot/-/jobs/1758966541
[2] https://gitlab.com/buildroot.org/buildroot/-/pipelines/404035190
[3] https://gitlab.com/buildroot.org/buildroot/-/pipelines/401685550
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The pipewire-media-session has been moved into a separate package
which pipewire attempts to download via meson wraps if
session-managers are enabled, since we don't support meson wraps
we need to disable session-managers in the pipewire package and
create a new pipewire-media-session package.
We also need to add a patch removing an invalid session-managers
option check from pipewire-media-session.
There is an alsa with-module-sets option in pipewire-media-session,
however at the moment alsa is an unconditional dependency so
we need to always enable it and select alsa-lib.
Note: it was previously an option of the pipewire package, named
media-session, so the symbol was BR2_PACKAGE_PIPEWIRE_MEDIA_SESSION.
Now it is a package name pipewire-media-session, so the symbol is still
BR2_PACKAGE_PIPEWIRE_MEDIA_SESSION. So there is no legacy entry needed,
and users previously using that option will now get the package. Sneaky.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr:
- extend commit log with legacy handling
- first unconditional CONF_OPTS uses =, not +=; fits on one line
- slight reorder in variables assignments
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As found out by Yann [1], binutils will use its bundled copy of zlib,
whether it is already provided by the system or not, and unless
explicitly told to use the system zlib with --with-system-zlib, which
is available since version 2.21 and
https://github.com/bminor/binutils-gdb/commit/700d40ca16eb3ba1ecc1e602cb3eec175bdf70f0
This will fix the following build failure with oprofile when compiling
in a static configuration where zlib is not enabled:
checking for bfd_openr in -lbfd... no
checking for compress in -lz... no
configure: error: libz library not found; required by libbfd
As found out by Arnout [1], this fails infrequently because static is
already pretty rare, but in addition zlib is almost always selected by
some other package.
Fixes:
- http://autobuild.buildroot.org/results/0e1d16dfbb455a08db80ac5d35613908c3b4163f
[1] https://patchwork.ozlabs.org/project/buildroot/patch/20211030214734.2154583-1-fontaine.fabrice@gmail.com/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- reword the explanations about the system zlib
- extend the oprofile example with static and !zlib
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We don't want to allow meson to download wrap dependencies as this
bypasses buildroot's dependency resolution.
This is badly documented in the meson manual, but there is at least
an FAQ that refers to it:
https://mesonbuild.com/FAQ.html#does-wrap-download-sources-behind-my-back
Meson has a option called wrap-mode which can be used to disable
wrap downloads altogether with --wrap-mode=nodownload.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr: add pointer to FAQ]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following lttng-tools build failure raised since bump of liburcu
to version 0.13.0 in commit 9cedbcf494 and
https://github.com/urcu/userspace-rcu/commit/109267f653502cf5ef5ada5d098167b9726daa2d:
In file included from ../../../src/common/error.h:16:0,
from directory-handle.c:9:
../../../src/common/error.h:44:25: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'struct'
extern DECLARE_URCU_TLS(struct log_time, error_log_time);
^
This is fixed by upstream
0003-Always-use-__thread-for-Thread-local-storage-except-on-MSVC.patch.
Also include upstream 0002-fix-don-t-use-C-thread_local-on-MacOs.patch
to avoid conflicts.
Fixes:
- http://autobuild.buildroot.org/results/70d645593c9e164d0d044da1b0128cda9c96e830
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
tpm2-tss is looking for systemd_sysusers and systemd_tmpfiles, but those
two are not mandatory. However, it might find those from the host.
But that is not an issue in the end, because they are only used to
instanciate the users and create the tmpfiles. At build time on the
host, we do not need them, and on the target, if systemd is being used,
then they will be instanciated/created at boot.
If they are not found, then the fallback paths are taken, and those
fallback paths are those using the setfacl and groupadd and useradd
tools, which we already know are going to fail but that we do not care.
So, we can safely force those two to =no to avoid the install trying to
use the system-wide tools, or even the ones we build as part of
host-systemd ourselves.
Eventually, when systemd-tmpfiles of systemd-sysusers are missing, the
fallback paths use useradd, and configure unconditionally checks for
it, so as for groupadd and setfacl in commits d9123dd799
(package/tpm2-tss: fix build on host without setfacl) and c8f847c4f4
(package/tpm2-tss: fix build on host without groupadd), we just fake the
detection of groupadd.
Fixes:
- http://autobuild.buildroot.org/results//97bfa8f7dcb12e36bd63c9d06fb39418070d840b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch adds the explanation for the genimage.cfg files coding standard.
A real standard is not defined upstream by the genimage utility
developers[1], but I try to give one here in Buildroot for consistency.
[1]: https://github.com/pengutronix/genimage
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Beatify this genimage .cfg file to have consistency with all genimage .cfg
files in Buildroot.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes:
support/testing/tests/package/sample_python_unittest_xml_reporting.py:4:1: E302 expected 2 blank lines, found 1
support/testing/tests/package/sample_python_unittest_xml_reporting.py:8:1: E305 expected 2 blank lines after class or function definition, found 1
1 E302 expected 2 blank lines, found 1
1 E305 expected 2 blank lines after class or function definition, found 1
Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add a defconfig for the Allwinner Nezha, a raspberrypi-style board built
around the RISC-V 64bit D1 SoC.
There is currently no upstream support, so use the git repos from Samuel
Holland as explained on the linux-sunxi wiki:
https://linux-sunxi.org/Allwinner_Nezha
The U-Boot DTB is also used by opensbi, but the two branches are
unfortunately not in sync at the moment, so add a patch to fix the
compatible for the PLIC so opensbi makes it available to S-Mode (Linux).
The use of the sun20i-d1-spl SPL bootloader / TOC1 file format also makes it
a bit more complicated to build the boot image. As this is expected to only
be a temporary issue, add a U-Boot patch to build the TOC1 image as part of
the build rather than adding explicit support in our U-Boot package to do
it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
U-Boot does not yet have SPL code to initialize the DDR controller on the
Allwinner D1 - So instead package the sun20i-d1-spl bootloader, which is
based on boot0 from the Allwinner BSP with some modifications to build it
separately from the BSP and boot mainline U-Boot as explained on the
linux-sunxi wiki:
https://linux-sunxi.org/Allwinner_Nezha
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For an unknown reason, the following build failure is raised on one of
the autobuilder with host gcc 6.3.0 since bump of autoconf to version
2.71 in commit ecd54b65c1:
icall.c: In function 'mono_create_icall_signatures':
icall.c:9513:20: error: initialization from incompatible pointer type [-Werror=incompatible-pointer-types]
gsize_a *types = (gsize*)(sig + 1);
^
Add an upstream patch to fix it.
Fixes:
- http://autobuild.buildroot.org/results/1d1d82b505abd16d014d754b6a4a48fb1271e3b6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
softhsm2 needs threads since the addition of the package in commit
53873b6dae to avoid the following build
failure:
osmutex.cpp:240:2: error: #error "There are no mutex implementations for your operating system yet"
240 | #error "There are no mutex implementations for your operating system yet"
| ^~~~~
While at it, fix a typo in comment
Fixes:
- http://autobuild.buildroot.org/results/40a8c2d9f58fbe490b6832754fdf8ac4ee0804fc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since the addition of the package
in commit 53873b6dae:
OSSLDES.cpp: In member function 'virtual const EVP_CIPHER* OSSLDES::getCipher() const':
OSSLDES.cpp:81:12: error: 'EVP_des_cbc' was not declared in this scope; did you mean 'EVP_sm4_cbc'?
81 | return EVP_des_cbc();
| ^~~~~~~~~~~
| EVP_sm4_cbc
Fixes:
- http://autobuild.buildroot.org/results/27d471c4ad1cdd5f2332b949f71cba86723d349f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.org/results/eab44622f8d8ff4fbf464b5a98856382f019c2cb/
Since the bump to 3.1.0 in commit 470e2e9bc5 (package/tpm2-tss: bump
version to 3.1.0), the install is borked because it is looking for
programs at configure time, so it finds those on the host if they exist,
or do not find any at all, which can very well differ from what will be
present on the target.
But this is not totally unreasonable: there is no way, at cross-configure
time, for a package to find the tools that will be present at runtime.
All that can be done in such a case is to force the path to such tools.
However, in this case, tpm2-tss only uses setfacl if systemd-tmpfiles is
not available. If the call to setfacl fails, the install does not fail
(split on two lines for readability):
@-$(call make_fapi_dirs) && $(call set_fapi_permissions) \
|| echo "WARNING Failed to create the FAPI directories with the correct permissions"
set_fapi_permissions is a macro that eventually expands to:
(chown -R tss:tss "$1") && \
(chmod -R 2775 "$1") && \
(setfacl -m default:group:tss:rwx "$1")
So the call to setfacl will not even be ever attempted, because the
chown will fail first. Furthermore, it would look for the 'tss' username
and groupname from the host, which could differ from those on the
target.
So we can just fake the fact that setfacl is available.
As for the permissions, they are to be set on a directory that is in
${runstatedir}, i.e. /run, which is a tmpfs, so there is no way we can
prepare them at build time. We'd need a startup script or systemd unit,
or proper systemd-tmpfiles support, either of which can be done in a
followup patch by an interested party...
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Yair Ben-Avraham <yairba@protonmail.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
According to buildroot requirements set custom uboot
version instead of relying on the newest one.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure raised since bump to version 0.3.39 in
commit d9796f2db9:
In file included from /home/giuliobenetti/autobuild/run/instance-1/output-1/host/powerpc-buildroot-linux-uclibc/sysroot/usr/include/signal.h:318,
from ../spa/include/spa/utils/defs.h:34,
from ../spa/include/spa/utils/type.h:32,
from ../spa/include/spa/support/log.h:34,
from ../spa/plugins/support/cpu.c:37:
../spa/plugins/support/cpu.c: In function 'impl_init':
../spa/plugins/support/cpu.c:88:33: error: called object is not a function or function pointer
88 | #define impl_cpu_zero_denormals NULL
| ^~~~
Fixes:
- http://autobuild.buildroot.org/results/eaf255c46b10cbb6b8a629bc15acf7772d5e274b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This option only exists in main and is not in a release.
Fixes:
output/build/weston-9.0.0/meson.build:1:0: ERROR: Unknown options: "launcher-libseat"
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This package is the userspace daemon, client tool, and library for the
team device implementation in the Linux kernel. Team is an alternative
to the traditional bonding driver and provides more "runners", or modes,
of operation for aggregates. None of these modes are enabled by default
and need a custom kernel config.
Backported the three most relevant patches to fix musl build, revert of
a fix prior to 1.31 that can cause high CPU load, and a fix to prevent
failing to stop the daemon due to too short timeout for kill command.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr: slight reword in help text]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bump U-Boot to 2021.10 and kernel to version 5.14.14.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop arm fix patch that is now upstream.
Dbus is now an optional dependency for pipewire.
Add pipewire-v4l2 config option.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Based on initial work from Nicolas Carrier
<nicolas.carrier@orolia.com>, with the following additions:
- Updated to a newer version
- Added proper license file handling
- Added runtime test case
- Restricted to Python 3.x
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
dahdi-linux needs a linux with CRC CCITT since the addition of the
package in commit d959966b41 as stated in
the README:
- CONFIG_CRC_CCITT must be enabled ('y' or 'm'). On 2.6 kernels this can
be selected These can be selected from the "Library Routines" submenu
during kernel configuration via "make menuconfig".
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-40114: Multiple Cisco products are affected by a
vulnerability in the way the Snort detection engine processes ICMP
traffic that could allow an unauthenticated, remote attacker to cause a
denial of service (DoS) condition on an affected device. The
vulnerability is due to improper memory resource management while the
Snort detection engine is processing ICMP packets. An attacker could
exploit this vulnerability by sending a series of ICMP packets through
an affected device. A successful exploit could allow the attacker to
exhaust resources on the affected device, causing the device to reload.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-s2R7W9UUhttps://www.snort.org/downloads/snort/changelog_2.9.18.1.txt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenJDK 17 is a new LTS release, which leaves the Buildroot Config option of
"LTS" and "LATEST" as a misnomer because both 11 and 17 are LTS releases.
There are two options in this case:
1) Remove "LATEST" and update OpenJDK 11 to 17, and only support 17.
2) Change "LTS" to "11" and "LATEST" to "17" and only support the latest 2 LTS
OpenJDK releases.
After some discussion with Thomas Petazzoni and Peter Korsgaard, and testing,
option 2 is the best course of action for a few reasons:
- OpenJDK 11 and 17 have very long support cycles:
- OpenJDK 11 has two years of Active and five years of security support left.
- OpenJDK 17 has five years of Active and ten years of security support left.
- Both OpenJDK versions build with the same parameters.
- The maintenance cost of both versions is meager.
- Both versions pass tests.package.test_openjdk without issue.
Changes:
- Change BR2_OPENJDK_VERSION_LATEST -> BR2_OPENJDK_VERSION_17
- Change BR2_OPENJDK_VERSION_LTS -> BR2_OPENJDK_VERSION_11
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[Peter: add Config.in.legacy, use BR2_PACKAGE_OPENJDK_ prefix]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.17.3 (released 2021-11-04) includes security fixes to the archive/zip and
debug/macho packages, as well as bug fixes to the compiler, linker, runtime, the
go command, the misc/wasm directory, and to the net/http and syscall packages.
https://golang.org/doc/devel/release#go1.17.minor
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since bump of autoconf to version
2.71 in commit ecd54b65c1 and
http://git.savannah.gnu.org/gitweb/?p=autoconf.git;a=commit;h=ec90049dfcf4538750e61d675d885157fa5ca7f8:
checking for /home/buildroot/autobuild/instance-0/output-1/host/bin/mips-linux-gnu-gcc options needed to detect all undeclared functions... cannot detect
configure: error: in `/home/buildroot/autobuild/instance-0/output-1/build/boinc-7.16.18':
configure: error: cannot make /home/buildroot/autobuild/instance-0/output-1/host/bin/mips-linux-gnu-gcc report undeclared builtins
This error raised because AC_CHECK_DECLS returns an error due to -mavx
flag:
mips-linux-gnu-gcc: error: unrecognized command line option '-mavx'
To fix this build failure, hard code ac_cv_c_undeclared_builtin_options
to 'none needed' as removing '-mavx' from CPPFLAGS will hinder the
detection of xgetbv, xgetbv, __xgetbv, cpuid, _cpuid and __cpuid
Fixes:
- http://autobuild.buildroot.org/results/4b468a5d3bfbff9638316ca930ef791867774aef
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the wrong assumption that six is not a dependency with python3 made
in commit 95a63a34ac to avoid the
following build failure with ca-certificates:
Traceback (most recent call last):
File "/home/buildroot/autobuild/instance-2/output-1/build/ca-certificates-20211016/mozilla/certdata2pem.py", line 31, in <module>
from cryptography import x509
File "/home/buildroot/autobuild/instance-2/output-1/host/lib/python3.9/site-packages/cryptography/x509/__init__.py", line 7, in <module>
from cryptography.x509 import certificate_transparency
File "/home/buildroot/autobuild/instance-2/output-1/host/lib/python3.9/site-packages/cryptography/x509/certificate_transparency.py", line 10, in <module>
import six
ModuleNotFoundError: No module named 'six'
Fixes:
- http://autobuild.buildroot.org/results/2b6872eec31362bf3edf88c69b67d681b2f016aa
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: James Hilliard <james.hilliard1@gmail.com>
Tested-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
His e-mail is no longer responding:
** Address not found **
Your message wasn't delivered to mirza.krak@northern.tech because the address couldn't be found, or is unable to receive mail.
Learn more here: https://support.google.com/mail/?p=NoSuchUser
The response from the remote server was:
550 5.1.1 The email account that you tried to reach does not exist. Please try double-checking the recipient's email address for typos or unnecessary spaces. Learn more at https://support.google.com/mail/?p=NoSuchUser bi21si292758edb.0 - gsmtp
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build of nano with uclibc < 1.0.35 is broken since bump to version 5.9
in commit 3e62e9b14b:
In file included from ./sys/random.h:40,
from getrandom.c:22:
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/include/sys/random.h:27:35: error: unknown type name 'size_t'
27 | extern int getrandom(void *__buf, size_t count, unsigned int flags)
| ^~~~~~
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/include/sys/random.h:8:1: note: 'size_t' is defined in header '<stddef.h>'; did you forget to '#include <stddef.h>'?
7 | #include <features.h>
+++ |+#include <stddef.h>
8 |
Fixes:
- http://autobuild.buildroot.org/results/1932c524aa6b6a3337a0fc21b44adaac60972d30
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
p11-kit is an optional dependency which is enabled by default since the
addition of the package in commit
53873b6dae and softhsm2 needs help to
properly install files:
/usr/bin/install -c -m 644 softhsm2.module '/home/buildroot/autobuild/instance-0/output-1/host/nios2-buildroot-linux-gnu/sysroot/home/buildroot/autobuild/instance-0/output-1/host/bin/../nios2-buildroot-linux-gnu/sysroot/usr/share/p11-kit/modules'
[...]
softhsm2: installs files in /home/buildroot/autobuild/instance-0/output-1/host/nios2-buildroot-linux-gnu/sysroot//home/buildroot/autobuild/instance-0/output-1
package/pkg-generic.mk:330: recipe for target '/home/buildroot/autobuild/instance-0/output-1/build/softhsm2-2.6.1/.stamp_staging_installed' failed
Fixes:
- http://autobuild.buildroot.org/results/a05bb71cfe016f793c89b2a035835718836039c8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Upstream has .sha256 checksums now, drop redundant .md5
- Upstream has dropped RSRR support, drop Config.in support
- Add BR2_PACKAGE_MROUTED_RSRR to Config.in.legacy
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add firmware for Realtek 8152/8153/8156 based USB Ethernet adapters.
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Other changes:
- Drop depends on !BR2_PACKAGE_UBOOT_TOOLS_FWPRINTENV as mender-grubenv no
longer uses fw_printenv and fw_setenv and instead provides
grub-mender-grubenv-print and grub-mender-grubenv-set
- Update the LICENSE hash as the year has changed.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Other changes:
- Update license files hash due to the progressbar library changing versions
from v0.0.2 to v0.0.3
- Remove HOST_MENDER_ARTIFACT_BUILD_TARGETS = cli/mender-artifact as
commit a79edc3e7632f38de0dfeaa5a3c72567318e8079 removed the
cli/mender-artifact directory.
- Change -X main.Version= to
-X github.com/mendersoftware/mender-artifact/cli.Version
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This file adds a DBus endpoint for the UpdateControlMap, which allows a user
to set the ID and Priority of a given update process
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add Giulio Benetti to all Olimex Allwinner boards' defconfigs since I've
recently updated and tested them all and I'd like to receive possible
build failure from gitlab CI/CD.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since I'm the upstream maintainer, it'd be nice to get Cc:ed on any
issues with the package.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Change the comment so it doesn't need to be updated when changing the
version.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The BLK_DEV_IDE_PMAC driver has been removed from the kernel, so use the
libata replacement PATA_MACIO. This requires enabling ATA and BLK_DEV_SD
for the disk to show up, and changing the command line to use /dev/sda.
YENTA depends on PCCARD, so enable it.
The UART does not show up in /dev without DEVTMPFS.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In commit
40bb37bd70 ("utils/getdeveloperlib.py:
use relative paths for files"), the Developer class was changed to use
relative paths, including for its .hasfile() method.
However the check_developers() function of getdeveloperlib.py was not
updated accordingly, and continued to pass absolute paths. This caused
"get-developers -c" to return the entire list of files in Buildroot as
being unmaintained, as none of them were matching the file listed in
the DEVELOPERS file.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In Python 3.x, check_output() returns a "bytes" array, and not a
string. Its result needs to be decoded to be turned into a
string. Without this fix, "get-developers -c" bails out with:
Traceback (most recent call last):
File "/home/thomas/projets/buildroot/./utils/get-developers", line 105, in <module>
__main__()
File "/home/thomas/projets/buildroot/./utils/get-developers", line 53, in __main__
files = getdeveloperlib.check_developers(devs)
File "/home/thomas/projets/buildroot/utils/getdeveloperlib.py", line 280, in check_developers
files = subprocess.check_output(cmd).strip().split("\n")
TypeError: a bytes-like object is required, not 'str'
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- CVE-2021-25219: Lame cache can be abused to severely degrade resolver
performance
For details, see the advisory:
https://kb.isc.org/docs/cve-2021-25219
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This option is only available in master and not any release.
Fixes:
output/build/libpsl-0.21.1/meson.build:1:0: ERROR: Unknown options: "docs"
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add configuration switch BR2_PACKAGE_OPTEE_CLIENT_RPMB_EMU to define
whether RPMB emulation is enabled or not. It is default enabled for
backward compatibility.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Restore support for BR2_STATIC_LIBS in optee-client, removed by
[1] to overcome an issue introduced in OP-TEE 3.13.0 that mandates
support for shared libraries.
As OP-TEE expects to be functional on OSes without dynamic shared
library support, change [2] was merged in OP-TEE tag 3.15.0 to fix the
initial issue introducing new configuration switch CFG_TEE_SUPP_PLUGIN.
When disabled, optee-client plugin support is not embedded and
optee-client can built with static libraries support only.
Link: [1] commit 321a850bc7 ("package/optee-client: add dependency on !BR2_STATIC_LIBS")
Link: [2] https://github.com/OP-TEE/optee_client/commit/f59114370f267f0b3341870b6cf1e1c88d184b3f
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Remove efi-ldsdir meson config option which is no longer used.
Meson config variable systemd-analyze is renamed to analyze.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Remove python3-requests host package and combine with python-requests.
Make packages depending on host-python3-requests depend on
host-python-requests instead.
Drop idna patch that is now upstream.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch adds support for watchdogd, a watchdog daemon with built-in
process supervisor[1] as well as support for monitoring memory & file
descriptor leaks, and CPU load average. When a monitored resource
reaches a high watermark, a warning message is logged and when critical
level is reached, the cause is saved and the system is rebooted. On
reboot the reset cause can be retrieved to help locate the culprit.
Support for SysV init script in this patch, and systemd unit file is
installed from the one bundled with the package. Both files supoort
additional command line options in /etc/default/watchdogd.
The Config.in is slightly big, but allows for disabling or adjusting
the poll interval for each resource monitor.
For more information, see https://github.com/troglobit/watchdogd
[1]: processes must have their main loop instrumented for supervision.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The current documentation was poorly organized, with for example the
"Here is an example walk through of running a test case" sentence
followed by the explanation of how to list available test cases, but
not how to run one.
Many other aspects of the wording were confusing, or not really
accurate.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The directory that containts tests is "support/testing/tests/", not
"supporting/testing/test".
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The current Gitlab CI mechanism allows to trigger all tests in a CI
pipeline by pushing a branch named <something>-runtime-tests, or to
trigger a single test in a CI pipeline by pushing a branch name
<something>-tests.<name of test>.
However, there are cases where it is useful to run a suite of tests,
for example to run all tests in tests.init.test_busybox.
This commit makes that possible by extending the current semantic of
<something>-tests.<name of test> to not expect a complete test name,
but instead to accept all tests that starts with the given pattern.
This allows to do:
git push gitlab HEAD:foobar-tests.init.test_busybox.TestInitSystemBusyboxRo
like it was the case before. But it now also allows to do:
git push gitlab HEAD:foobar-tests.init.test_busybox
to run all Busybox tests.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
kmscube requires a libgbm implementation, which until now, only Mesa3D
was providing, so kmscube had a direct dependency on Mesa3D.
However, now that we have a proper libgbm virtual package, so this
commit converts the kmscube package to use the libegl, libgbm and
libgles virtual packages.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
[ Kamel : add dependency on recent libgbm ]
[Arnout: fix syntax of Config.in comment; order depends alphabetically]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Introduce gbm features so that each packages depending
on it can choose which implementation is required.
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since 18.0-Leia, Kodi implements stand-alone gbm support alongside x11 &
wayland. To enable building libgbm in mesa3d without x11 & wayland we
need to create a virtual package for libgbm.
Also other packages besides mesa3d may provide libgbm.so, see
http://patchwork.ozlabs.org/patch/647235/http://patchwork.ozlabs.org/patch/939703/
It turns out that libgbm has seen several additions in its API over
time, and therefore not all libgbm implementations provide support for
all features. In order to account for this, this commit adds two hidden
boolean options that allow libgbm providers to indicate which optional
features they support:
BR2_PACKAGE_LIBGBM_HAS_FEATURE_FORMAT_MODIFIER_PLANE_COUNT and
BR2_PACKAGE_LIBGBM_HAS_FEATURE_DMA_BUF. These booleans must be selected
by the packages providing libgbm implementations, and depended on by
packages using libgbm.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
[ Kamel : introduce gbm api features ]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Linux supports No-MMU RISC-V 64-bits since kernel version 5.8. Make
MMU optional to enable building for RISC-V 64-bits boards that do not
have one. MMU use of RISC-V 32-bits builds remains mandatory for now.
Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Using *-uclinux-* seems like an only partially followed convention.
And at least RISC-V 64-bits gcc does not know about uclinux tuples.
So switch back to the normal "linux" one for now.
Signed-off-by: Christoph Hellwig <hch@lst.de>
[Damien]
* Make the change conditional on BR2_RISCV_64 being "y".
Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Enable selecting elf2flt for RISC-V 64-bits no MMU builds and add
support for it in the form of an additional patch (upstream pull request
https://github.com/uclinux-dev/elf2flt/pull/22).
Also modify the package Makefile.in file to add the -fPIC option to
the target CFLAGS for RISC-V 64-bits no MMU builds.
This patch is based on initial work by Christoph Hellwig <hch@lst.de>.
Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When BR2_BINFMT_FLAT_ONE is selected, elf2flt must be invoked with the
"-r" option to ensure that a single contiguous binary image is created,
regardless of the architecture default image format implemented by
elf2flt.
Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The patch adds a package for softhsm2.
Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes:
output/build/pango-1.48.10/meson.build:1:0: ERROR: Unknown options: "use_fontconfig"
(WARNING for now, but will be an error in meson 0.60.0).
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes:
output/build/gst1-vaapi-1.18.5/meson.build:1:0: ERROR: Unknown options: "test"
(WARNING for now, but will be an error in meson 0.60.0).
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes:
output/build/gst1-plugins-ugly-1.18.5/meson.build:1:0: ERROR: Unknown options: "examples"
(WARNING for now, but will be an error in meson 0.60.0).
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix teletextdec name and remove vdpau which is no longer available.
Fixes:
output/build/gst1-plugins-bad-1.18.5/meson.build:1:0: ERROR: Unknown options: "teletextdec, vdpau"
(WARNING for now, but will be an error in meson 0.60.0).
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
During LTP and/or kernel development it's very rare that I want the
Open POSIX and the realtime tests. Open POSIX in particular takes
considerable time to build. So this adds the option of disabling them.
They default to on so as not to break existing test automation.
Signed-off-by: Richard Palethorpe <rpalethorpe@suse.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Cc: io@richiejp.com
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
While at it, remove the md5 hash as there is already a sha256 hash.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add a rudimentary test inspired from the "Using boto3" section in
the package README ([1]).
Note that it doesn't try to do anything with the instanciated
resource, as this would require a network connection when the test
runs.
[1]: https://github.com/boto/boto3
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
While at it, remove the md5 hash as there is already a sha256 hash.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The newly-added test uncovered some missing core modules, so add them
now.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add a rudimentary test inspired from the "Using botocore" section in
the package README ([1]).
Note that it doesn't try to use the instantiated client, as this would
require a network connection when the test runs.
[1]: https://github.com/boto/botocore
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
On some developers machines, the default timeout (5 seconds) is not
enough for the test to succeed.
Increase it to 20 seconds, to let more time for the rsa keys to be
generated.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The patch [1], which is required for DRM to work properly, has been
merged into Linux version 5.14-rc3. There's a 5.14.12 now in stable, so
I took that one.
After Linux boots, /dev/fb0 will be accessible. You can control the
brightness of the display after enabling the framebuffer by running the
following commands:
~ # echo 0 0 > /sys/class/graphics/fb0/pan
~ # echo 255 >/sys/class/backlight/40016c00.dsi.0/brightness
The brightness ranges from 0 to 255, as you can see running the
command:
~ # cat /sys/class/backlight/40016c00.dsi.0/max_brightness
[1] 24b5b1978cd5 ("clk: stm32f4: fix post divisor setup for I2S/SAI PLLs")
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Acked-by: Christophe Priouzeau <christophe.priouzeau@foss.st.com>
[Arnout: add explanation to readme.txt]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- Fix CVE-2021-27347: Use after free in lzma_decompress_buf function in
stream.c in Irzip 0.631 allows attackers to cause Denial of Service
(DoS) via a crafted compressed file.
- Fix CVE-2021-27345: A null pointer dereference was discovered in
ucompthread in stream.c in Irzip 0.631 which allows attackers to cause
a denial of service (DOS) via a crafted compressed file.
- Fix CVE-2020-25467: A null pointer dereference was discovered
lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker
to cause a denial of service (DOS) via a crafted compressed file.
- lz4 is a mandatory dependency since version 0.640 and
https://github.com/ckolivas/lrzip/commit/3345a239b7f5353a1c1296d6a5d6b90729d4b669https://github.com/ckolivas/lrzip/compare/7f3bf46203bf45ea115d8bd9f310ea219be88af4...v0.641
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
qemu now requires gcc >= 7.5, which was the last release in the 7.x
series. We do not have symbols for a gcc dot-version dependency, nor do
we want to add one.
So, add a dependency on gcc >= 8, for both the host and target variants.
In addition:
- Add a missing comment in package/qemu/Config.in.host explaining the
host gcc requirements if host gcc < 8.
Fixes:
http://autobuild.buildroot.org/results/32b7fee1f8cda2290fd4bd8ac9fe78bacb25b652
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[yann.morin.1998@free.fr:
- target qemu also impacted
- propagate to libvirt, gst1-python
- reword commit log that 7.5 is the last 7.x release
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop second patch (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop python3-pip now that python3-cryptography has been removed
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
python3-cryptography is not needed anymore now that python-cryptography
has a host variant
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since commit 0c7e30b43a,
python-cryptography depends on python3. So python3-cryptography became
redundant at that point. As python3-cryptography is a host-only package,
while python-cryptography is a python-only package, add a host variant
to python-cryptography to be able to drop python3-cryptography.
Update ca-certificates to use host-python-cryptography instead of
host-python3-cryptography.
While at it, drop host-python3-pip and host-python3-six as these
dependencies are not needed. Indeed, pip was never a dependency of
cryptography and six is not a dependency with python3 and will be
dropped in version 3.4 and
https://github.com/pyca/cryptography/commit/e66db8079d3fbd0110e87ece1fd48f4bfd9e48b9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
squash! package/python-cryptography: add host variant
- Remove upstreamed patches
- Add BR2_PACKAGE_PYTHON_CERTIFI and BR2_PACKAGE_QHULL as dependencies
- make DEPENDENCIES one per line and sort alphabetically
- Add a new file: setup.cfg. This file is needed to force matplotlib to use
the system-provided freetype and qhull, and to disable lto.
The setup.cfg file is copied to the source directory before configuring.
LTO must be disabled or else compile errors such as:
"Relocation R_AARCH64_ADR_PREL_PG_HI21 against symbol `_ZSt3hexRSt8ios_base'
which may bind externally can not be used when making a shared object;
recompile with -fPIC"
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
LICENSE copyright year was updated.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Replace BR2_PYTHON3_HOST_DEPENDENCY by host-python3 to avoid the
following build failure raised since bump to version 1.17 in commit
32b2a03745:
Traceback (most recent call last):
File "../py/makeversionhdr.py", line 117, in <module>
make_version_header(sys.argv[1])
File "../py/makeversionhdr.py", line 79, in make_version_header
info = get_version_info_from_docs_conf()
File "../py/makeversionhdr.py", line 67, in get_version_info_from_docs_conf
for line in f:
File "/usr/lib/python3.5/encodings/ascii.py", line 26, in decode
return codecs.ascii_decode(input, self.errors)[0]
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position 2154: ordinal not in range(128)
Indeed, this build failure is not reproduced by host-python3 (in version
3.9.7) so it is probably an issue with python 3.5 (which is 6-years old).
Fixes:
- http://autobuild.buildroot.org/results/96f7b81f5d14715b0b6673a8016a31e9e1552d0b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- disable doc generation (via sphinx) for host build
Reduces host-qemu build time from (on a system with sphinx installed):
real 2m5,522s
user 9m41,292s
sys 1m9,732s
to:
real 1m9,183s
user 8m40,131s
sys 1m9,533s
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
gnuradio suffers from gcc bug 43744 but gqrx that depends on it doesn't
take into account the gcc bug. So let's add it as:
'depends on !BR2_TOOLCHAIN_HAS_GCC_BUG_43744 # gnuradio'
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issues:
16.15.0:
- ASTERISK-29057: pjsip: Crash on call rejection during high load
16.15.1:
- AST-2020-003: Remote crash in res_pjsip_diversion
A crash can occur in Asterisk when a SIP message is received that has a
History-Info header, which contains a tel-uri.
https://downloads.asterisk.org/pub/security/AST-2020-003.pdf
- AST-2020-004: Remote crash in res_pjsip_diversion
A crash can occur in Asterisk when a SIP 181 response is received that has
a Diversion header, which contains a tel-uri.
https://downloads.asterisk.org/pub/security/AST-2020-004.pdf
16.16.0:
- ASTERISK-29219: res_pjsip_diversion: Crash if Tel URI contains History-Info
16.16.1:
- AST-2021-001: Remote crash in res_pjsip_diversion
If a registered user is tricked into dialing a malicious number that sends
lots of 181 responses to Asterisk, each one will cause a 181 to be sent
back to the original caller with an increasing number of entries in the
“Supported” header. Eventually the number of entries in the header
exceeds the size of the entry array and causes a crash.
https://downloads.asterisk.org/pub/security/AST-2021-001.pdf
- AST-2021-002: Remote crash possible when negotiating T.38
When re-negotiating for T.38 if the initial remote response was delayed
just enough Asterisk would send both audio and T.38 in the SDP. If this
happened, and the remote responded with a declined T.38 stream then
Asterisk would crash.
https://downloads.asterisk.org/pub/security/AST-2021-002.pdf
- AST-2021-003: Remote attacker could prematurely tear down SRTP calls
An unauthenticated remote attacker could replay SRTP packets which could
cause an Asterisk instance configured without strict RTP validation to
tear down calls prematurely.
https://downloads.asterisk.org/pub/security/AST-2021-003.pdf
- AST-2021-004: An unsuspecting user could crash Asterisk with multiple
hold/unhold requests
Due to a signedness comparison mismatch, an authenticated WebRTC client
could cause a stack overflow and Asterisk crash by sending multiple
hold/unhold requests in quick succession.
https://downloads.asterisk.org/pub/security/AST-2021-004.pdf
- AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver
Given a scenario where an outgoing call is placed from Asterisk to a
remote SIP server it is possible for a crash to occur.
https://downloads.asterisk.org/pub/security/AST-2021-005.pdf
16.16.2:
- AST-2021-006: Crash when negotiating T.38 with a zero port
When Asterisk sends a re-invite initiating T.38 faxing and the endpoint
responds with a m=image line and zero port, a crash will occur in
Asterisk.
This is a reoccurrence of AST-2019-004.
https://downloads.asterisk.org/pub/security/AST-2021-006.pdf
16.17.0:
- ASTERISK-29203 / AST-2021-002 — Another scenario is causing a crash
- ASTERISK-29260: sRTP Replay Protection ignored; even tears down long calls
- ASTERISK-29227: res_pjsip_diversion: sending multiple 181 responses causes
memory corruption and crash
16.19.1:
- AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver
When Asterisk receives a re-INVITE without SDP after having sent a BYE
request a crash will occur. This occurs due to the Asterisk channel no
longer being present while code assumes it is.
https://downloads.asterisk.org/pub/security/AST-2021-007.pdf
- AST-2021-008: Remote crash when using IAX2 channel driver
If the IAX2 channel driver receives a packet that contains an unsupported
media format it can cause a crash to occur in Asterisk.
https://downloads.asterisk.org/pub/security/AST-2021-008.pdf
- AST-2021-009: pjproject/pjsip: crash when SSL socket destroyed during
handshake
Depending on the timing, it’s possible for Asterisk to crash when using a
TLS connection if the underlying socket parent/listener gets destroyed
during the handshake.
https://downloads.asterisk.org/pub/security/AST-2021-009.pdf
16.20.0:
- ASTERISK-29415: Crash in PJSIP TLS transport
- ASTERISK-29381: chan_pjsip: Remote denial of service by an authenticated
user
In addition, a large number of bugfixes.
Drop now upstreamed
0006-AC_HEADER_STDC-causes-a-compile-failure-with-autoconf-2-70.patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This bumps to linux 5.14.13, linux-headers 5.14 and u-boot version
2021.10 and drop local uboot patch where CONFIG_SYS_BOOTM_LEN was set to
16MB because on u-boot 2021.10 it's now set to 64MB as default to make
room for Linux images.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This bumps to linux 5.14.13, linux-headers 5.14 and u-boot version
2021.10 and drop local uboot patch where CONFIG_SYS_BOOTM_LEN was set to
16MB because on u-boot 2021.10 it's now set to 64MB as default to make
room for Linux images.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- the last version bump of package/python-cffi (790c10d) ignored
the comment 'Please keep in sync with package/python3-cffi/python3-cffi.mk',
so catch up now
Fixes:
ERROR: No hash found for cffi-1.14.2.tar.gz
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When creating the image we are using the target modules. Building
the modules for host is then unnecessary.
Lets configure host Grub2 for the 'none' platform.
Note that this still installs a platform-dependent file:
.../host/lib/grub/i386-pc/config.h
This file does not seem to have much purpose, but it is harmless.
We did not care to provide a post-isntall hook to remove it.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch updates the location of cdboot.img used, to select the one
from the target directory and not from the host.
The host-grub2 is built only to have access to the Grub tools binaries.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch adds the calls to MESSAGE, to explicit the different step of
the per-platform builds, following the current tuple loop. Besides a
nicer output to the user, this can also help debug what step actualy
failed.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch cleans the code by removing unnecessary \-continuations.
It replaces the semi-colons by either && or separate lines.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The tools were not installed anymore since we move from autotools to
generic-package. This patch fixes their installation.
We have decided to implement the install tool process by running the "make
install" command for each tuple. This allows to have all different
platforms Grub modules installed in the target. The drawback is the
overwrite of Grub2 binaries tools during each "make install" command. This
drawback is absolutely not important as it happens in the same package. This is
the best option to avoid unnecessary and more complexity to this package.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
A simple test that runs nmap twice to create the files scanme-1.xml and
scanme2.xml, then runs pyndiff on both files.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The ndiff package provided by Nmap relies on python2; moreover, there
have been pending pull requests to move ndiff to python3 for over two
years with very little engagement by the maintainers
(https://github.com/nmap/nmap/pull/1807).
Remove the option to select ndiff altogether, it is replaced by
python-pyndiff, which provides the same functionality (and more) as the
ndiff provided by nmap, and is compatible with python3.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This package is a dependency for pyndiff
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Canfestival hasn't seen a patch since November of 2017, and it requires python2
to build. Remove the package.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
In addition:
- Remove upstream patch
- Update license hash to reflect license version bump from 0.92 to 0.93
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This fixes a regression introduced in 0.59.0 which prevents gcr from compiling
UI support with the following error:
meson.build:225:5: ERROR: Tried to create target "@BASENAME@_merge",
but a target of that name already exists.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Changes include:
- Remove the dependency on Python2, as nodejs 14 supports Python 3.
- Remove --without-snapshot as it's no longer a supported config
option.
- Remove /openssl to the shared-openssl-includes config option, as the
build system automatically appends /openssl to the includes path.
- License file changes:
- Removed deps/http_parser (MIT)
- Removed deps/node-inspect (MIT)
- Updated some URLs and license years
Since the removed parts are MIT like NodeJS itself, the license info
doesn't change.
- Add a qemu wrapper. V8's JIT infrastructure requires binaries such
as mksnapshot and mkpeephole to be run in the host during the build.
However, these binaries must have the same bit-width as the target
(e.g. a x86_64 host targeting ARMv6 needs to produce a 32-bit
binary). To work around this issue, cross-compile the binaries for
the target and run them on the host with QEMU, much like
gobject-introspection.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[Arnout:
- use exec in qemu-wrapper script;
- remove s390x support - qemu doesn't have it.
]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The pkg-stats script queries release-monitoring.org to find the latest
upstream versions of our packages. However, up until recently,
release-monitoring.org had no notion of stable
vs. development/release-candidate versions, so for some packages the
"latest" version was in fact a development/release-candidate version
that we didn't want to package in Buildroot.
However, in recent time, release-monitoring.org has gained support for
differentiating stable vs. development releases of upstream
projects. See for example
https://release-monitoring.org/project/10024/ for the glib library,
which has a number of versions marked "Pre-release".
The JSON blurb returned by release-monitoring.org has 3 relevant
fields:
- "version", which we are using currently, which is a string
containing the reference of the latest version, including
pre-release.
- "versions", which is an array of strings listing all versions,
pre-release or not.
- "stable_versions", which is an array of string listing only
non-pre-release versions. It is ordered newest first to oldest
last.
So, this commit changes from using 'version' to using
'stable_versions[0]'.
As an example, before this change, pkg-stats reports that nfs-utils
needs to be bumped to 2.5.5rc3, while after this patch, it reports
that nfs-utils is already at 2.5.4, and that this is the latest stable
version (modulo an issue where Buildroot has 2.5.4 and
release-monitoring.org has 2-5-4, this will be addressed separately).
Note that part of this change was already done in commit f7b0e0860, but
it was incomplete.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The pkg-stats scripts tries to match packages against
release-monitoring.org in two ways:
- First by using the "Buildroot" distribution registered on
release-monitoring.org, in which we have added a lot of mappings
between Buildroot package names and release-monitoring.org package
names. If there is a match using this distribution, the package
status is RM_API_STATUS_FOUND_BY_DISTRO, which means that the
resulting HTML has a "found by distro" statement.
- Then, if the first solution didn't work, by using the pattern
matching, as done in the check_package_get_latest_version_by_guess()
function.
However, there is a bug in this later case: it sets the package status
to RM_API_STATUS_FOUND_BY_DISTRO as well, while it should have been
RM_API_STATUS_FOUND_BY_PATTERN. Due to this bug, in the resulting HTML
file from a pkg-stats run, all packages are marked as "found by
distro" even the ones that are "found by guess".
This commit fixes that by setting the correct package status.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Because upstream was inactive, we switched to the moonjit fork in commit
2ca0accc. Now, the moonjit fork is abandonned and Mike Pall resumed
their activity on LuaJIT. Therefore, we can move back to mainline.
There is no new upstream release yet, so take a commit from git. The
official site https://luajit.org/git/luajit.git doesn't offer tarball
downloads, so use the github mirror instead.
The moonjit part is no longer in the COPYRIGHT file (obviously). Also,
compared to the 2.0.5 release, the URLs in the file have been changes to
https. Therefore, the hash is updated.
Also, switch the hash file to two spaces.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
In commit 689b9ac439 (package/rpi-firmware: rework boot/config file
handling), a last-minute fixup was made to handle the case where no
config.txt file was provided by the user.
However, the intermediate variable RPI_FIRMWARE_CONFIG_FILE was not used
consistently, and the old PACKAGE_RPI_FIRMWARE_CONFIG_FILE variable was
still used where RPI_FIRMWARE_CONFIG_FILE should have been used instead.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: blame myself for the mess; reword commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
For example with libpng: 1.6.37 instead of 1.7.0beta89
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[yann.morin.1998@free.fr: coalesce into a single line]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
A new CPE ID was assigned by NIST and this whitelist can be
dropped as the package is setup to use the correct CPE (Not
to be confused with the other lightning-* packages which show
up when a free txt search is used to find the CVE.)
This reverts commit 613953f821.
Cc: Paul Cercueil <paul@crapouillou.net>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
A recent update of flake8 in CI introduced a new check E741. It
basically checks that variables are at least 3 characters long. Up to
now, however, we have used shorter names in some places - all of them
turn out to be "l" for a line of text.
Replace all those "l" variables with "line".
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/1687009829
partially:
support/scripts/boot-qemu-image.py:47:21: E741 ambiguous variable name 'l'
support/scripts/check-dotconfig.py:20:38: E741 ambiguous variable name 'l'
support/scripts/size-stats:76:13: E741 ambiguous variable name 'l'
support/testing/tests/core/test_bad_arch.py:17:32: E741 ambiguous variable name 'l'
support/testing/tests/package/test_python_treq.py:10:30: E741 ambiguous variable name 'l'
support/testing/tests/toolchain/test_external.py:30:42: E741 ambiguous variable name 'l'
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The dbus-next package uses the Python type annotation for dbus types. This is
not compatible with the python typing assumption that flake8 makes.
Exclude F821 from this line.
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/1687009829
partially:
support/testing/tests/package/sample_python_dbus_next.py:17:36: F821 undefined name 's'
support/testing/tests/package/sample_python_dbus_next.py:17:48: F821 undefined name 's'
support/testing/tests/package/sample_python_dbus_next.py:17:56: F821 undefined name 's'
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add knockd option to make libpcap and MMU optional and enable it by
default for backward compatibility
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- CVE-2021-41089: Create parent directories inside a chroot during docker
cp to prevent a specially crafted container from changing permissions of
existing files in the host’s filesystem.
- CVE-2021-41091: Lock down file permissions to prevent unprivileged users
from discovering and executing programs in /var/lib/docker.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issue:
- CVE-2021-41092: Ensure default auth config has address field set, to
prevent credentials being sent to the default registry.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop backported patch for GCC 10 build problem, part of release
- Use upstream sha256 instead of locally computed
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
On Linux version >= 4.20 in order to have mali working we need to pass
drm_kms_helper.drm_leak_fbdev_smem=1 and at least
drm_kms_helper.drm_fbdev_overalloc=200 to have a double buffer fbdev.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changelog:
- 15346de client: Always close connection with request body in case of error
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changelog:
- 2537be0 cmake: add a possibility to set library version
- 4becbd6 ubusd: convert tx_queue to linked list
- c736e47 ubusd: add per-client tx queue limit
- a8cf678 ubusd: protect against too-short messages
- 4fc532c ubusd: fix tx_queue linked list usage
- b743a33 ubusd: log ACL init errors
- 2099bb3 libubus: use list_empty/list_first_entry in ubus_process_pending_msg
- ef03848 libubus: process pending messages in data handler if stack depth is 0
- a72457b libubus: increase stack depth for processing obj msgs
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There's a new feature to offload L2TP to the Linux kernel, which depends
on libmnl. A new menu option was introduced for that.
It's possible to link an internal version of libmnl
statically for smaller binary size on constraint targets, but this was
not added to the buildroot package for complexity reasons (both build
and licensing).
The COPYING file gained an additional paragraph for internal libmnl
which does not apply, because internal libmnl is not used in the
package.
Link: https://fastd.readthedocs.io/en/latest/releases/v22.html
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix CVE-2021-32765: Hiredis is a minimalistic C client library for the
Redis database. In affected versions Hiredis is vulnurable to integer
overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk`
protocol data. When parsing `multi-bulk` (array-like) replies, hiredis
fails to check if `count * sizeof(redisReply*)` can be represented in
`SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make
this check, it would result in a short allocation and subsequent buffer
overflow.
https://github.com/redis/hiredis/blob/v1.0.2/CHANGELOG.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changelog (since 1.68):
- 1.69, 2021-03-30 Added link to Ada bindings by Tama McGlinn.
Fixed problem with undefined off_t on some compilers.
- 1.70, Patch to ensure compilation with gcc -std=c99, as reported by
John Blaiklock. Fix some inconsistencies in version numbers.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Provide convenience links for BCM43455/CYW43455 based RPi3A+, RPi3B+
and RPi4B WIFI firmware configuration files to avoid runtime firmware
loading warning in the kernel logs, e.g. (RPi3B+):
brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43455-sdio.raspberrypi,3-model-b-plus.txt failed with error -2
or (RP4B):
brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43455-sdio.raspberrypi,4-model-b.txt failed with error -2
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[me: slight rewording/rewrapping in commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add option for the debug set of start/fixup boot files.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Try to be less smart (focused on the one target/one use-case),
instead reduce the rpi-firmware package to a selectable list
of (verbatim) installed firmware files.
- change rpi-firmware config handling from rpi-variant/rpi-flavour
choices to bootcode.bin, pi-default/-extended/-cut-down and
pi4-/default/-extended/-cut-down selection
- add BR2_PACKAGE_RPI_FIRMWARE_CONFIG_FILE option to select installable
config.txt file
- remove config.txt modify code/handling from raspberry post-image.sh
script
- add different customized config.txt files to the raspberry board
section
- change dtoverlay krnbt from 'dtoverlay=miniuart-bt,krnbt=on' to extra line
with explanation comment
- change raspberry defconfigs to select appropiate rpi-firmware
and config.txt files
- change genimage-raspberrypi4.cfg/genimage-raspberrypi4-64.cfg to
use start4.elf and fixup4.dat
- update board/raspberrypi/readme.txt (add optional files fixup4.dat,
start4.elf and zImage)
With this changes a better support for custom use-cases should
be possible, specially multi-target SD cards as suggested by
Stefan Agner ([1]).
[1] http://lists.busybox.net/pipermail/buildroot/2021-February/303318.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: fix case of no config.txt provided]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since the ubi/ubifs test has been introduced, it's not possible to
boot the same ubi image twice [1]:
"TODO: if you boot Qemu twice on the same UBI image, it fails to
attach the image the second time, with "ubi0 error:
ubi_read_volume_table: the layout volume was not found"."
For some reason, the kernel corrupt the ubi image if the ubifs
rootfs is mounted with write access. Use a custom config file
to mount the rootfs readonly (vol_type=static). Doing so requires
to add the flash size (vol_size=64MiB).
At least it allows to boot several times the same ubi image.
[1] bf4a6490e4
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The current ubi/ubifs test (test_ubi.py) rely on a Qemu bug present in
2.8.0 that was fixed in Qemu 2.9.0 [1]. The ubi/ubifs settings is
updated to run with Qemu >= 2.9.0 using the new multiple chip handling.
If needed, the old behavior can be enabled using the pflash01 property
"old-multiple-chip-handling" [2].
The issue was not detected until now since we are sill using an old
qemu (2.8 from Debian stretch) for testing in gitlab (using the
Buildroot Docker image used by gitlab-ci.yml).
First the logical eraseblock size (LEB) must be updated to the value
0x3ff80 reported by the kernel when using qemu >= 2.9.0.
UBIFS (ubi0:0): Mounting in unauthenticated mode
UBIFS error (ubi0:0 pid 1): ubifs_read_superblock: LEB size mismatch: 524160 in superblock, 262016 real
UBIFS error (ubi0:0 pid 1): ubifs_read_superblock: bad superblock, error 1
But the system is still failing to boot:
UBIFS error (ubi0:0 pid 1): ubifs_scan: garbage
UBIFS error (ubi0:0 pid 1): ubifs_recover_master_node: failed to recover master node
ubifs is reading garbage since Qemu >= 2.9.0 report a sector
length per device divided by the number of devices (see commit [1]).
The kernel detect two flash devices (dmesg):
Concatenating MTD devices:
(0): "40000000.flash"
(1): "40000000.flash"
into device "40000000.flash"
Divide the physical eraseblock (PEB) size by two.
Tested with qemu 2.9.0, 5.1.0.
Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/1543100932
[1] https://git.qemu.org/?p=qemu.git;a=commitdiff;h=feb0b1aa11f14ee71660aba46b46387d1f923c9e
[2] http://lists.busybox.net/pipermail/buildroot/2021-September/622069.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Adding the Image format on the Qemu command line avoid this warning:
"WARNING: Image format was not specified for 'output/TestUbi/images/rootfs.ubi' and probing guessed raw.
Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted.
Specify the 'raw' format explicitly to remove the restrictions."
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 71b8322712 updated the Dockerfile
to be used in CI tests. In order to actually use this new docker image,
update .gitlab-ci.yml to point to the docker image that was created with
the updated Dockerfile.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Tested-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We are going to remove the gcc fork for csky since it doesn't build
with the latest compilers (gcc 8, 10, 11 tested) [1].
Removing theses defconfigs and the csky gcc fork has become unavoidable
since the Buildroot Docker image used by the gitlab CI will switch soon
to Debian bullseye soon [2].
The cksy gcc fork based on gcc 6 has not been updated since it has been
added to Buildroot [3]. Since then, csky has been added to binutils and
gcc but using the latest upstream version (binutils 2.37 and gcc 11) is
not yet possible due to build issue with glibc 2.34 [4].
Moreover, qemu_csky defconfigs was to be used with the csky qemu fork
(based on Qemu 3.x) added by commit [5] and removed by commit [6].
Since then it's not possible to do a runtime test with theses
defconfigs.
Theses defconfigs can be added back later if the csky toolchain support
is fixed and csky supported by upstream Qemu.
[1] http://lists.busybox.net/pipermail/buildroot/2021-August/621504.html
[2] 71b8322712
[3] 7873a5bd5e
[4] http://lists.busybox.net/pipermail/buildroot/2021-October/624596.html
[5] f816e5b276
[6] 58af9a70cc
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Guo Ren <ren_guo@c-sky.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Asked-by: Guo Ren <guoren@kernel.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Buildroot CI has been failing due to 404 error on older U-Boot. Updating
the U-Boot version should fix it and it doesn't hurt to use the latest
U-Boot anyway.
Signed-off-by: David Lechner <david@lechnology.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure without C++ raised since bump to version
0.11.0 in commit c3a907a770:
../output-1/build/usbredir-0.11.0/meson.build:1:0: ERROR: Unknown compiler(s): [['/home/buildroot/autobuild/instance-3/output-1/host/bin/arm-linux-g++']]
The following exception(s) were encountered:
Running "/home/buildroot/autobuild/instance-3/output-1/host/bin/arm-linux-g++ --version" gave "[Errno 2] No such file or directory: '/home/buildroot/autobuild/instance-3/output-1/host/bin/arm-linux-g++'"
Fixes:
- http://autobuild.buildroot.org/results/eca1d8a2b73a769354ab1d24c7996be30f152138
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes CVE-2021-37600 (although the CVE is disputed).
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[yann.morin.1998@free.fr: add reference to the CVE]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
nftbles' --with-debug option enables both debugging symbols (with -g)
and debugging macros (with -DDEBUG).
The former are globally driven by the BR2_ENABLE_DEBUG and BR2_DEBUG_n
set of options, and enforced in our toolchain wrapper; the latter should
be driven by the BR2_ENABLE_RUNTIME_DEBUG, but nftables only uses it to
activate an assert-like macro in its json output generator, so we can
well live without that.
So we just unconditionally disable debug in nftables.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: write a commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
CVE-2020-7747 applies to the Javascript lightning-server project, and
not to the GNU Lightning project:
https://nvd.nist.gov/vuln/detail/CVE-2020-7747
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
[yann.morin.1998@free.fr: reword commit log; add URL]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The hardware related pipelines are obviously not available on other
architectures.
As suggested by upstream [0], add a dependency on arm or aarch64 for
RaspberryPi pipeline, to avoid the following build failure with a
powerpc64 toolchain since commit c09f126f57 (package/libcamera: bump
to version e355ca0087cd93ef80f74c61018e9e9228a93313):
In file included from ../include/libcamera/base/log.h:10,
from ../src/ipa/raspberrypi/raspberrypi.cpp:18:
../src/ipa/raspberrypi/raspberrypi.cpp:64:53: in 'constexpr' expansion of 'std::chrono::operator/<long double, std::ratio<1>, double>(std::literals::chrono_literals::operator""s(1.0e+0l), 3.0e+1)'
/home/buildroot/autobuild/instance-2/output-1/host/opt/ext-toolchain/powerpc64-buildroot-linux-gnu/include/c++/9.3.0/chrono:502:32: error: '(1.0e+0l / 3.0e+1)' is not a constant expression
502 | return __cd(__cd(__d).count() / __s);
../src/ipa/raspberrypi/raspberrypi.cpp:73:56: in 'constexpr' expansion of 'std::chrono::operator/<long double, std::ratio<1>, double>(std::literals::chrono_literals::operator""s(1.0e+0l), 6.0e+1)'
/home/buildroot/autobuild/instance-2/output-1/host/opt/ext-toolchain/powerpc64-buildroot-linux-gnu/include/c++/9.3.0/chrono:502:32: error: '(1.0e+0l / 6.0e+1)' is not a constant expression
Fixes:
- http://autobuild.buildroot.org/results/49caebe7ef7e3d63de49e78d5d6839dd0aedf10c
Additionally, as Kieran puts it:
I'd go further and filter the IPU3 on only x86 for instance, and the
RKISP on (arm||aarch64).
So be it.
[0] https://lists.libcamera.org/pipermail/libcamera-devel/2021-October/025796.html:
Suggested-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Suggested-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: abide by Kieran's wish]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add an configuration to use personalized png image. If the configuration is
empty we keep the psplash default image.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
[Arnout: use ifneq condition instead of $(if ...)]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This package provides a set of tools originally developed for the
OpenWrt project. They allow working with various firmware formats that
are required for flashing new images on embedded devices.
One of tools (mkhilinkfw) depends on OpenSSL and doesn't support any
other SSL library (like wolfSSL) directly. It can be used with wolfSSL
using its compatibility layer though.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
[Arnout: add comment about missing license files]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
There are currently three issues with the installation step:
1. it does not ensure the parent destination directory exists before
copying into it, so if /usr/share has not been created in the
dependency chain of edk2-platforms, the installation fails, which
may very well happen easily as edk2-plaforms has nothing in its
dependency chain (except the toolchain et al.);
2. all our dot-stampfiles and .files-list are also copied, as well as
the Readme, license files, and maintainers file. All of those are
useless on the target (and the .files-list introduce
non-reproduciiblity);
3. of a lesser importance, the construct to install, and specifically
to reinstall, does not match what we usually do in Buildroot
(removal of the directory to copy).
We fix all three in one fell swoop:
1. create the destination directory if needed;
2. copy just the directories with the actual platform descriptions
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Dick Olsson <hi@senzilla.io>
Cc: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add BR2_TARGET_EDK2_PLATFORM_OVMF_I386 for x86_64 architecture.
Update the management of EDK2_ARCH to follow the edk2 platform type in
place of BR2 architecture.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
wpewebkit builds without issue using host-python3.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Acked-By: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This release fixes two more bug introduced in release 3.10.0: the extended diagnostics triggered
assertions when used with update() or when inserting elements into arrays. All changes are
backward-compatible.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reworked existing patch to make it apply to this version
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Adding myself as co-maintainer of libuev alongside Peter Seiderer, his
initiative, and I am the upstream so seems logical.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Also change -Dpycairo=false to -Dpycairo=disabled as the option type has
changed to a feature.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The bzip2 module is needed to build the host variant of NodeJS 14.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* The package doesn't support python2 anymore.
* Indent with two spaces in the hash file.
* License file was updated to fully fit the Apache license format
(see: https://github.com/arrow-py/arrow/pull/679)
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Remove six dependency which is no longer required.
Add new bidict dependency.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop python2 support and propagate reverse dependency.
Remove six dependency as it is no longer required.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Also bump linux headers version to 5.10.
Based on NXP 5.10.35-2.0.0 release.
Signed-off-by: Chris Dimich <chris.dimich@boundarydevices.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
i.MX VC8000E Encoder library. Intended for the i.MX 8M Plus processor.
Signed-off-by: Chris Dimich <chris.dimich@boundarydevices.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
To match NXP 5.10.35-2.0.0 release.
Various updates to the license files, but still NXP license.
Signed-off-by: Chris Dimich <chris.dimich@boundarydevices.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
To match NXP 5.10.35-2.0.0 release.
Various updates to the license files, but still NXP license.
Signed-off-by: Chris Dimich <chris.dimich@boundarydevices.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
To match NXP 5.10.35-2.0.0 release.
Refresh patch 0001.
Various updates to the license files, but still NXP license.
Signed-off-by: Chris Dimich <chris.dimich@boundarydevices.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
To match NXP 5.10.35-2.0.0 release.
Various updates to the license files, but still NXP license.
Signed-off-by: Chris Dimich <chris.dimich@boundarydevices.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Although the package claims to support both python2 and python3,
there are some places which contain python3-only code (mainly
asyncio-related).
We can try to tweak some of the files in order to make it work with
python2, but it doesn't worth the effort since python2 isn't maintained
for a long time.
Update the reverse recursive dependencies accordingly.
Fixes:
- http://autobuild.buildroot.net/results/356c6b09566c6020dc320eb89da791581571cb7f/
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
From the ChangeLog (see git history for full details):
- Fix suffix check regression on Windows with Large File Support
- Skip setting alternate interface when not needed
- Only clamp transfer size on Linux
- Quirk for GD32 leave request
- Improve status and error messages and exit codes
- dfuse: Process all alternate interfaces in a DfuSe file
- dfuse-pack.py: Fix alternate settings if first is 0
Link: https://lists.osmocom.org/pipermail/dfu-util/2021-September/000014.html
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since v0.8 a script 'dfuse-pack.py' is part of the package, which has a
different license.
Fixes: c212a90b61 ("package/dfu-util: bump version to 0.8, add hash, fix SITE url")
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
DFU 1.1 specification is also supported.
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Commit e6ee07f41a (package/python-flask-expects-json: new package)
added a non-functional test case that, as noticed by Edgar, fails with:
AssertionError: '%{http_code}' != '200'
That's because the % sign is self-escaped, à-la C, in the first part
of the command, probably to avoid its being %-formatted. But only the
second part of the command is %-formatted, so we do not need to
self-escape % in the first part.
Additionally, since eb3ee3078a (support/testing/infra/emulator.py:
prevent the commands from wrapping), we no longer need to play tricks
with commands that are too long to fit on the first line of the shell
prompt.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Edgar Bonet <bonet@grenoble.cnrs.fr>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* The package doesn't support python2 anymore.
* Take also sha256 from pypi.
* License was updated with a year bump.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* The package doesn't support python2 anymore (so the POST_INSTALL
hook is not needed now).
* Indent with two spaces in the hash file.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Testing buildroot 2021.05 I observed that after first
boot I was having the following folders:
/context:
/system_u:object_r:auditd_log_t
The root of this problem turned to be a difference in the
output of $(selabel_lookup -b file -k /var/log/audit) called
by S02auditd that from this version on looks like:
$ selabel_lookup -b file -k /var/log/audit
Default context: system_u:object_r:auditd_log_t
This patch will cut it to retrieve the type piece only. Unfortunately,
audit has no options to create machine-readable output that is
guaranteed not to change, so that's the best we can do.
Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
dtbocfg, which stands for Device Tree Blob Overlay Configuration
File System, was developed to serve as a userspace API of Device
Tree Overlay.
https://github.com/ikwzm/dtbocfg
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The list of tests is as follows:
TestGdbHostOnlyDefault: build just minimal host-gdb, default version
TestGdbHostOnlyAllFeatures: build host-gdb, default version, with all
features enabled (TUI, Python, simulator)
TestGdbserverOnly: build just target gdbserver, default version
TestGdbFullTarget: build just target gdb, default version
TestGdbHostOnly9x: build minimal host-gdb, 9.x version
TestGdbHostGdbserver9x: build minimal host-gdb 9.x + gdbserver
TestGdbHostGdbTarget9x: build minimal host-gdb 9.x + full gdb
TestGdbHostOnly11x: build minimal host-gdb, 11.x version
TestGdbHostGdbserver11x: build minimal host-gdb 11.x + gdbserver
TestGdbHostGdbTarget11x: build minimal host-gdb 11.x + gdb
TestGdbArc: build minimal host-gdb + gdb + gdbserver, for the special
ARC architecture version
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Now that gdb 11.x has been added, that 10.x is the default, we can
drop version 8.3.x.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When doing this, we can simplify the RISC-V related logic. Indeed, as
there was no support for RISC-V in gdb 9.x, which was the current
default, we had some trickery in the Config.in file to ensure gdb 10.x
was used by default on RISC-V. However now that 10.x is the default
for everybody, this trickery is no longer needed.
Also, we now needs to enable BR2_PACKAGE_GDB_TOPLEVEL when host-gdb is
not built, as the default target gdb version is 10.x, and threfore
requires BR2_PACKAGE_GDB_TOPLEVEL=y.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
All patch from gdb 10.2 are kept.
Starting from version 11.x, gdb needs the gmp library. The target
variant needs a bit of care: if BR2_GDB_VERSION_11 is not set, either
the host gdb is not enabled, in which case the default for the target
gdb is 9.x, or the host gdb is enabled, and another version is selected.
Signed-off-by: Michael Fischer <mf@go-sys.de>
[Thomas:
- fix how the gmp dependency is handled
- set BR2_PACKAGE_GDB_TOPLEVEL to y for gdb 11.x
- fix how BR2_GDB_VERSION is set for gdb 11.x]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr:
- only select target gmp if using gdb 11
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Repeat after me: "Forcing the value of <pkg>_DEPENDENCIES inside a
conditional is the root of all evil."
Repeat after me: "Forcing the value of <pkg>_DEPENDENCIES inside a
conditional is the root of all evil."
Repeat after me: "Forcing the value of <pkg>_DEPENDENCIES inside a
conditional is the root of all evil."
Repeat after me: "Forcing the value of <pkg>_DEPENDENCIES inside a
conditional is the root of all evil."
Enough? :-)
Due to this mistake, any other GDB_DEPENDENCIES defined before this
assignment were lost. For example, the host-flex host-bison added
inside the GDB_FROM_GIT==y condition were ignored if
BR2_PACKAGE_GDB_DEBUGGER.
Fixes the build of all ARC configurations that have
BR2_PACKAGE_GDB_DEBUGGER enabled.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Changelog:
- Update CYW43455 bluetooth firmware,
Second Spectra fix for CYW43455 (CVE-2020-10370)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changelog:
- Update CYW43455 bluetooth firmware,
Second Spectra fix for CYW43455 (CVE-2020-10370)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Upstream now supplies sha256 hashes, so drop upstream md5 and locally
computed sha256 in favor of that.
The hash for LICENSE has changed due to the copyright years and author
last name being updated.
The hash for chomp.c and pidfile.c has been changed due to copyright
years and author last name being updated, as well as doxygen comments
being added to the files.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issue:
- SQUID-2020:12 Out-Of-Bounds memory access in WCCPv2
(CVE-2021-28116 aka ZDI-CAN-11610)
Due to an out of bounds memory access Squid is vulnerable to an
information leak vulnerability when processing WCCPv2 messages.
This problem allows a WCCPv2 sender to corrupt Squids list of
known WCCP routers and divert client traffic to attacker
controlled routers.
This attack is limited to Squid proxy with WCCPv2 enabled and
IP spoofing of a router IP address configured as trusted in
squid.conf.
For more details, see the advisory:
http://lists.squid-cache.org/pipermail/squid-announce/2021-October/000136.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.17.2 (released 2021-10-07) includes a security fix to the linker and
misc/wasm directory, as well as bug fixes to the compiler, the runtime, the go
command, and to the time and text/template packages.
https://golang.org/doc/devel/release#go1.17.minor
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changelog (since 2021.04.21):
47007d0 wireless-regdb: update regulatory database based on preceding changes
e983a25 Update regulatory rules for Ecuador (EC)
a0bcb88 wireless-regdb: Update regulatory rules for Norway (NO) on 6 and 60 GHz
cdf854d wireless-regdb: Update regulatory rules for Germany (DE) on 6GHz
a4468e8 wireless-regdb: update regulatory database based on preceding changes
86cba52 wireless-regdb: reduce bandwidth for 5730-5850 and 5850-5895 MHz in US
6fa2384 wireless-regdb: remove PTMP-ONLY from 5850-5895 MHz for US
9839e1e wireless-regdb: recent FCC report and order allows 5850-5895 immediately
42dfaf4 wireless-regdb: update 5725-5850 MHz rule for GB
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-41617: sshd in OpenSSH 6.2 through 8.x before 8.8, when
certain non-default configurations are used, allows privilege escalation
because supplemental groups are not initialized as expected. Helper
programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may
run with privileges associated with group memberships of the sshd
process, if the configuration specifies running the command as a
different user.
https://www.openssh.com/txt/release-8.8https://www.openssh.com/txt/release-8.7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch removes unneeded redirections when
calling iptables-restore and iptables-save, and
it adds the save operation to the usage help.
Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This package uses meson-package infrastracture, so we don't need to
explicitly pass its additional CFLAGS to some variable. The only thing we
need to pass them is to use MESA3D_CFLAGS, because in package/pkg-meson.mk
we have:
$(2)_CFLAGS ?= $$(TARGET_CFLAGS)
that makes the work automatically, where $(2) is exactly the package name,
though $(2)_CFLAGS expands to MESA3D_CFLAGS.
So let's remove the MESA3D_CONF_OPTS += -DCMAKE_C_FLAGS="$(MESA3D_CFLAGS)"
line that has been added by mistake.
Note: this doesn't fix any bug, but remove an unnecessary and ambiguos line
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Traditional VT-10x terminals (and their emulators) [0] have a "magic
margins" feature that enables the last character position to be updated
without scrolling the screen: whenever a character is printed on the
last column, the cursor stays over the character, instead of moving to
the next line.
The Busybox shell, ash, attempts to defeat this feature by printing
CR,LF right after echoing a character to the last column.[1] This
doesn't play well with emulator.py. The run() method of the Emulator
class captures the output of the emulated system and assumes the first
line it reads is the echo of the command, and all subsequent lines are
the command's output. If the line made by the command + shell prompt is
longer than 80 characters, then it is echoed as two or more lines, and
all but the first one are mistaken for the command's output.
We fix this by telling the emulated system that we are using an
ultra-wide terminal with 29999 columns. Larger values would be ignored
and replaced by the default, namely 80 columns.[2]
[0] https://vt100.net/docs/vt100-ug/chapter3.html - DECAWM
[1] https://git.busybox.net/busybox/tree/libbb/lineedit.c?h=1_34_0#n412
[2] https://git.busybox.net/busybox/tree/libbb/xfuncs.c?h=1_34_0#n258
Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Co-authored-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Upstream has .sha256 checksum files, drop redundant .md5 checksum
- Backport upstream patch to silence bogus error message for loopback
- SMCRoute is useless w/o kernel support, use same fixups as mrouted
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure without wchar raised since bump to
version 0.12.0 in commit 83a0e8dea2:
/home/buildroot/autobuild/instance-0/output-1/build/log4cxx-0.12.0/src/main/include/log4cxx/helpers/transcoder.h:113:33: error: 'wstring' in namespace 'std' does not name a type
113 | static void decode(const std::wstring& src, LogString& dst);
| ^~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/7d0297b071df06bc312b9927396021aa6fe401f4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure without stack-protector raised since
bump to version 0.11.0 in commit
c3a907a770:
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/9.3.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: usbredirparser/libusbredirparser.so.1.1.0.p/usbredirparser.c.o: in function `va_log':
usbredirparser.c:(.text+0x1c4): undefined reference to `__stack_chk_guard'
Fixes:
- http://autobuild.buildroot.org/results/40de5443e98157ad50c6841ea70a835cd5ad4fe9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This has a compile time dependency on gst1-plugins-bad due to
the codecparsers dependency.
We need to prevent the wpe plugin from being selected when wpewebkit
media-stream support is enabled as the wpe plugin requires wpewebkit
which would create a circular dependency with gst1-plugins-bad.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Sadly the most recent version of Microchip's SAM-BA programming tool is no longer hosted
on GitHub. Therefore the package is downloaded from Microchip directly.
Signed-off-by: Daniel Lang <d.lang@abatec.at>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
mips_32 is not supported by ffmpeg and it tries to build with loongson3
SIMD support that leads to build failure due to:
/tmp/ccFO2LRa.s: Assembler messages:
/tmp/ccFO2LRa.s:15314: Error: opcode not supported on this processor: mips32 (mips32) `dmult $2,$6'
/tmp/ccFO2LRa.s:15316: Error: opcode not supported on this processor: mips32 (mips32) `dsrl $2,$2,32'
So let's --disable-asm to prevent using those unsupported opcodes for every
mips architecture according to Arnout.
Fixes:
http://autobuild.buildroot.net/results/f01/f01d9cedec8e1b371308d0f7af561a75883fa27c/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Compiling on Ubuntu 20.04 generates this:
./util.c: In function ‘file_write_dep’
./util.c:54:18: warning: ‘..config.tmp’ directive writing 12 bytes into a region of size between 1 and 4097 [-Wformat-overflow=]
54 | sprintf(buf, "%s..config.tmp", dir);
| ^~~~~~~~~~~~
./util.c:54:2: note: ‘sprintf’ output between 13 and 4109 bytes into a destination of size 4097
54 | sprintf(buf, "%s..config.tmp", dir);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
and similar warnings on confdata.c, lines 778, 989, 995, 1000, 1007,
1040, 1046 and 1054. Avoid the warnings by enlarging the destination
buffer of fprintf().
Normally, we want changes to kconfig to be reflected by patches in
support/kconfig/patches. This makes it easier to resync with upstream
kconfig. However, in this case, everything that is changed here is
already changed completely (and differently) upstream, so there is no
added value in keeping the patch.
Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Update to syslog-ng-3.34.1. Drop patch that has been applied upstream.
Update version in config file.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
With some toolchains (e.g. mips64el), partial linking fails in the
following way:
/tmp/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/mips64el-buildroot-linux-uclibc/8.4.0/../../../../mips64el-buildroot-linux-uclibc/bin/ld: build/release/libmupdf.a(Dingbats.cff.o): ABI is incompatible with that of the selected emulation
/tmp/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/mips64el-buildroot-linux-uclibc/8.4.0/../../../../mips64el-buildroot-linux-uclibc/bin/ld: failed to merge target specific data of file build/release/libmupdf.a(Dingbats.cff.o)
Taking inspiration from commit
9eca4b9f84, fix it by using GCC instead
of LD for partial linking.
Note that on mips the build will now produce warnings similar to this
one:
buildroot/output/host/lib/gcc/mips64el-buildroot-linux-gnu/10.3.0/../../../../mips64el-buildroot-linux-gnu/bin/ld: build/release/libmupdf.a(NotoSansTaiTham-Regular.ttf.o): warning: linking abicalls files with non-abicalls files
During a runtime test on mips64el under qemu, mupdf-x11 was
nonetheless able to display a sample PDF file correctly.
Fixes:
- http://autobuild.buildroot.net/results/156fe9ee5f6dccdc98990f6c5de5562383bc2b74/
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Plus, indent with two spaces in the hash file.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Plus, indent with two spaces in the hash file.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The pacakge doesn't support python2 anymore. Therefore, we can remove
host-python3-decorator and add a host variant for python-decorator.
As a consequence of that, the python-networkx dependency was renamed from
host-python3-decorator to host-python-decorator.
In addition, indent with two spaces in the hash file.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* The package doesn't support python2 anymore.
* Hence, python-simplelogging now depends on python3.
* License was updated with a year bump.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Plus, indent with two spaces in the hash file.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* License was updated with a year bump.
* Indent with two spaces on the hash file.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Plus, indent with two spaces on the hash file.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure with musl raised since bump to version
1.18 in commit 1a7be12e1e:
src/netconfig.c: In function 'netconfig_ipv6_to_string':
src/netconfig.c:188:18: error: 'struct in6_addr' has no member named '__in6_u'; did you mean '__in6_union'?
188 | memcpy(in6_addr.__in6_u.__u6_addr8, addr, 16);
| ^~~~~~~
| __in6_union
Fixes:
- http://autobuild.buildroot.org/results/2c4e6cf22e6fb5582470930241904878070f1144
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Release Notes:
```
This release was focused on stability and hardening, notably fixing some
long-standing race conditions and memory leaks. Default mount options got
tweaked towards data safety.
All users are strongly advised to upgrade.
```
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* Update unsupported testcases for musl (process.c has been removed in
this release)
* refresh 0001-lapi-Add-sysinfo.h-to-fix-build-with-MUSL-libc.patch
(unfortunately still needed, it'd be great to update all toolchains)
* Backport fix after this release:
- 3 patches for build fix on sourcery-arm
- functional fix from e42149e28 ("lib: fix MemAvailable parsing")
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Updated COPYING file to remove the PLPA exemption (appendix 2)
With this change the license is now GPLv2 without any additional wording.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is only a runtime dependency, not a build dependency.
Based on a similar patch by James Hilliard for the wpewebkit
package.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* The package doesn't support python2 anymore.
* Update comment of reverse dependency
* Indent with two spaces in the hash file.
* License was changed with a year bump.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
[yann.morin.1998@free.fr: update comment of reverse dependency]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* Update dependency list (added python-jedi).
* The package is python3-only, and not because of pygments, so
the comment after the "depends on" can be removed.
* Indent with two spaces in the hash file.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* The package doesn't support python2 anymore.
* The only reverse dependency, ipython, already depends on python3
* Update URL in Config.in.
* Indent with two spaces in the hash file.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
[yann.morin.1998@free.fr:
- actually add dependency on python3
- add note about ipython
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* The package doesn't support python2 anymore.
* The two reverse dependencies, crossbar and twisted, already depend on
python3
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
[yann.morin.1998@free.fr: add note about crossbar and twisted]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* The package doesn't support python2 anymore.
* Update comment of reverse dependencies
* Indent with two spaces in the hash file.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
[yann.morin.1998@free.fr: update comment of reverse dependencies]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* License was updated with a year bump.
* Added md5 from pypi and reformat indentation with two spaces.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* The package doesn't support python2 anymore.
* SETUP_TYPE was changed to setuptools.
* Indent with two spaces in the hash file.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* Update URL on Config.in
* Indent with two spaces in the hash file.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
During the review of the lua-augeas package, it was pointed out that a
"select BR2_PACKAGE_AUGEAS" should be used instead of a "depends on
BR2_PACKAGE_AUGEAS". But, the same review pointed that python-augeas
used a "depends on BR2_PACKAGE_AUGEAS".
In order to make things consistent, let's switch to "select
BR2_PACKAGE_AUGEAS" as well for python-augeas.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We need to backport an ARM compilation build fix.
The optional pw-cli tool now depends on readline, so depend on it when
available.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The ISO9660 tests are only testing BIOS Legacy.
Add support to test an ISO9660 image based on EFI BIOS.
Add support to test an ISO9660 hybrid image based on Legacy and EFI BIOS.
Add dedicated Grub2 builtin config for the EFI compatible cases.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add support the build the firmware for QEMU i386 pc machine
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
[yann.morin.1998@free.fr:
- do not make it available for BR2_x86_64
- introduce BR2_TARGET_EDK2_ARCH_SUPPORTS
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When booting under EFI, grub2 will output a nice and shiny boot menu,
using extended ASCII characters (in the [0x80..0xFF] range), namely
CP437 [0], on the assumption that the VGA BIOS is a real one and has the
corresponding (and only!) font, as is the case on real hardware.
However, when run in our runtime test infrastructure, this triggers the
infamous python UnicodeDecodeError exception:
Traceback (most recent call last):
[...]
emulator.login()
File "[...]/buildroot/support/testing/infra/emulator.py", line 89, in login
index = self.qemu.expect(["buildroot login:", pexpect.TIMEOUT],
File "/usr/lib/python3/dist-packages/pexpect/spawnbase.py", line 340, in expect
return self.expect_list(compiled_pattern_list,
File "/usr/lib/python3/dist-packages/pexpect/spawnbase.py", line 369, in expect_list
return exp.expect_loop(timeout)
File "/usr/lib/python3/dist-packages/pexpect/expect.py", line 111, in expect_loop
incoming = spawn.read_nonblocking(spawn.maxread, timeout)
File "/usr/lib/python3/dist-packages/pexpect/pty_spawn.py", line 485, in read_nonblocking
return super(spawn, self).read_nonblocking(size)
File "/usr/lib/python3/dist-packages/pexpect/spawnbase.py", line 178, in read_nonblocking
s = self._decoder.decode(s, final=False)
File "/usr/lib/python3.8/codecs.py", line 322, in decode
(result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xda in position 0: invalid continuation byte
Grub2 is not wrong in emitting those chars, and basically we should not
expect the packages we test to always emit correct UTF-8 sequences; at
the very least, this should not cause the test infra to fail.
We fix that by telling pexpect.spawn to "fix" such invalid sequences by
replacing them with the suitable Unicode character, U+FFFD REPLACEMENT
CHARACTER.
[0] https://en.wikipedia.org/wiki/Code_page_437
[1] https://docs.python.org/3/library/codecs.html#error-handlers
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
[yann.morin.1998@free.fr:
- don't change encoding, use codec_errors
- rewrite commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* The package doesn't python2 anymore.
* Indent with two spaces in the hash file.
* License changes was a year bump.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* Indent with two spaces in the hash file.
* License change was a year bump.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* The package doesn't support python2 anymore.
* License was updated with a year bump.
* Indent with two spaces in the hash file.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* The package doesn't support python2 anymore.
* hash file: indent with two spaces and bring also sha256 from pypi.
* License was updated with a year bump.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* The package doesn't support python2 anymore.
* Indent with two spaces in the hash file.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* The package doesn't support python2 anymore.
* Indent with two spaces in the hash file.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure with python raised since its activation
by commit cfc80eeeb4:
In file included from /home/giuliobenetti/autobuild/run/instance-2/output-1/host/include/python3.9/Python.h:63,
from python/zbarmodule.h:24,
from python/zbarmodule.c:24:
/home/giuliobenetti/autobuild/run/instance-2/output-1/host/include/python3.9/pyport.h:741:2: error: #error "LONG_BIT definition appears wrong for platform (bad gcc/glibc config?)."
741 | #error "LONG_BIT definition appears wrong for platform (bad gcc/glibc config?)."
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/43a8c8d5403c329f2d754ed09807a53772174397
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add support for building an hybrid ISO9660 image compatible with legacy
and UEFI BIOS. Note that this is not about an (iso)hybrid image, which
can boot from both a CDROM or a USB stick, but really about an image
being bootable from the legay BIOS or EFI; the two are orthognal.
The option -eltorito-alt-boot need to be used in the xorriso command
to generate the hybrid image. That option is a separator, meaning the
previous boot entry is done, and the following boot options define a new
boot entry.
The -no-emul-boot defines the type of the current boot image; that's why
it has to now be repeated in each of the BIOS and EFI options.
Finally, for symetry and consistency between the BIOS and EFI options,
we move the BIOS image option first.
Note: the BIOS boot image options have to be provided before the EFI
ones, or the system won't boot; the underlying reason is not known...
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
[yann.morin.1998@free.fr:
- note about hybrid vs. (iso)hybrid
- explain -eltorito-alt-boot
- explain duplication of -no-emul-boot
- rename the variables
- note about the BIOS-EFI ordering
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add options to chose individual EAP plugins.
All the new plugins are enabled by default if the old single option was
enabled, for a seamless update from an older Buildroot config, but for
new configurations, they are not enabled by default.
BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2 is the only plugin requiring
libgmp; the selection of BR2_PACKAGE_GMP is moved down accordingly.
Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
[yann.morin.1998@free.fr:
- move BR2_PACKAGE_STRONGSWAN_EAP to legacy
- extend commit log accordingly
- fix check-package
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In commit 179ae068eb (fs/iso9660: add support to Grub EFI bootloader
in the image), we did a last-minute change when applying the patch, on
the flawed assumption that the commands were run in a standard Makefile
rule.
However, for filesystems, most commands are run in a script (so they run
under fakeroot). As such, we can't silence the commands with the usual
Makefile '@' construct.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add support to boot the Grub bootloader from an EFI BIOS in the ISO9660
image.
For that we need to create EFI System Partition (ESP). The ESP is a vfat
partition which contain the Grub2 binary at the /EFI/BOOT/ location.
xorriso command will generate the iso image including the ESP.
We notice Grub can not read and mount the ESP, therefore we place the Grub
configuration file in the ISO9660 partition. A Grub2 builtin configuration
need to be used to tell Grub2 to search automatically its configuration
file in the ISO9660 partition. Use 'set root=(cd0)' in the configuration
file passed to BR2_TARGET_GRUB2_BUILTIN_CONFIG_EFI.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
[yann.morin.1998@free.fr: fix timestamp fixup hook]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When Grub2 is build it is configured only for one boot set-up, BIOS Legacy,
EFI 32 bit or EFI 64 bit. It can not deal with several boot set-up on the
same image.
This patch allows to build Grub2 for different configurations simultaneously.
To cover Grub2 configuration of legacy BIOS platforms (32-bit), 32-bit EFI
BIOS and 64-bit EFI BIOS in the same build, multi-build system felt much more
reasonable to just extend the grub2 package into 3 packages.
We can no longer use autotools-package as a consequence of this multi-build, and
we have to resort to generic-package and a partial duplication of
the autotools-infra. Grub2 was already using custom option like --prefix or
--exec-prefix so this won't add much more weirdness.
We use a GRUB2_TUPLES list to describe all the configurations selected.
For each boot case described in the GRUB2_TUPLES list, it configures and
builds Grub2 in a separate folder named build-$(tuple).
We use a foreach loop to make actions on each tuple selected.
We have to separate the BR2_TARGET_GRUB2_BUILTIN_MODULES and the
BR2_TARGET_GRUB2_BUILTIN_CONFIG for each BIOS or EFI boot cases.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
[yann.morin.1998@free.fr:
- keep sub-options properly indented
- fix check-package
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The startup.nsh file is useless to boot EFI payloads. We just need to
follow the naming detection specified in the UEFI spec.
The EFI payload need to be placed in the boot/efi folder in the EFI partition
and follow the architecture naming as described below:
32bit : bootia32.efi
x64 : bootx64.efi
aarch32 : bootarm.efi
aarch64 : bootaa64.efi
This naming is already right in the packages involved (systemd, grub2,
gummiboot), therefore we just need to drop the generation of the
startup.nsh file.
The usage of the startup.nsh in genimage is also dropped to avoid errors in
the image generation.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Tested-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When parsing and adding modules the refpolicy build system checks their
validity using xmllint. By default the host system version is used and
if not found an error is displayed but the build is not stopped. This
leads to interesting issues where modules are not added correctly to
modules.conf[1] (other possible issues are likely).
Fix this by adding a dependency on host-libxml2 and explicitly use the
xmllint binary built by Buildroot.
[1] https://lore.kernel.org/buildroot/20210830114531.2285178-1-jose.pekkarinen@unikie.com/
Tested-by: José Pekkarinen <jose.pekkarinen@unikie.com>
Signed-off-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When building embedded systems, which buildroot targets, the system
often does not know the current time. However, when verifying X509
certificates this is often required.
The system-fix plugin is a handy tool to configure the behavior when
the current time is unknown.
Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
The package is now standalone (no dependencies) and supports
only python3.
Plus, indent with two spaces in the hash file.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
python2 support has been removed since version 4.9.3 resulting in the
following build failure since bump to version 4.10.0 in commit
109ea1a4a2:
File "/tmp/instance-1/output-1/build/python-beautifulsoup4-4.10.0/bs4/__init__.py", line 36, in <module>
raise ImportError('You are trying to use a Python 3-specific version of Beautiful Soup under Python 2. This will not work. The final version of Beautiful Soup to support Python 2 was 4.9.3.')
Fixes:
- http://autobuild.buildroot.org/results/57e6677932f587c279cc0ed671895740d0cf2304
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Use the standard install for the host, so e.g. pvcreate is installed as
well. pvcreate is needed for libvirt.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
It's requirement has been removed in previous commit.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Bugfix release, fixing a number of regressions:
- Fixed a regression in Django 3.2 that caused a crash validating "NaN"
input with a forms.DecimalField when additional constraints, e.g.
max_value, were specified (#32949).
- Fixed a bug in Django 3.2 where a system check would crash on a model with
a reverse many-to-many relation inherited from a parent class (#32947).
- Fixed a regression in Django 3.2 that caused the incorrect offset
extraction from fixed offset timezones (#32992).
https://docs.djangoproject.com/en/3.2/releases/3.2.6/https://docs.djangoproject.com/en/3.2/releases/3.2.7/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- Changelog (since 1.17, from [1]):
ver 1.18:
Add support for Access Point FILS IP Address Assignment IE.
Add support for P2P GO-side 4-way handshake IP allocation.
Add support for forcing SAE group 19 if BSS requires it.
Fix issue with handling faulty SAE duplicate commits.
[1] https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/ChangeLog
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- Changelog (since 0.43, from [1]):
ver 0.44:
Fix issue with allowing zero byte input for AEAD cipher.
Fix issue with filling in DNS info in DHCP lease objects.
Add support neighbor discovery utility helpers.
[1] https://git.kernel.org/pub/scm/libs/ell/ell.git/tree/ChangeLog
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop patches that are now upstream.
Enable python module when available as it should now work with
python3.9 as of this release.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Update to micropython-1.17. The LICENSE text has been updated to reflect
the licenses used for various libraries and ports, update the hash
accordingly.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The various micropython ports may include code licensed under different
licenses compared to the core micropython. List these in MICROPYTHON_LICENSE.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Plus, indent with two spaces in the hash file.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure raised since bump of protobuf to version
3.18.0 in commit c28924920d:
/home/giuliobenetti/autobuild/run/instance-0/output-1/build/opencv3-3.4.15/modules/dnn/src/caffe/caffe_io.cpp: In function 'bool cv::dnn::ReadProtoFromBinary(google::protobuf::io::ZeroCopyInputStream*, google::protobuf::Message*)':
/home/giuliobenetti/autobuild/run/instance-0/output-1/build/opencv3-3.4.15/modules/dnn/src/caffe/caffe_io.cpp:1114:67: error: no matching function for call to 'google::protobuf::io::CodedInputStream::SetTotalBytesLimit(const int&, int)'
1114 | coded_input.SetTotalBytesLimit(kProtoReadBytesLimit, 536870912);
| ^
In file included from /home/giuliobenetti/autobuild/run/instance-0/output-1/build/opencv3-3.4.15/modules/dnn/src/caffe/caffe_io.cpp:93:
/home/giuliobenetti/autobuild/run/instance-0/output-1/host/mipsel-buildroot-linux-gnu/sysroot/usr/include/google/protobuf/io/coded_stream.h:401:8: note: candidate: 'void google::protobuf::io::CodedInputStream::SetTotalBytesLimit(int)'
401 | void SetTotalBytesLimit(int total_bytes_limit);
| ^~~~~~~~~~~~~~~~~~
/home/giuliobenetti/autobuild/run/instance-0/output-1/host/mipsel-buildroot-linux-gnu/sysroot/usr/include/google/protobuf/io/coded_stream.h:401:8: note: candidate expects 1 argument, 2 provided
Fixes:
- http://autobuild.buildroot.org/results/2856060cb59250f4ef7ab75a848a3dc0be9b821b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fix the following build failure raised since bump of protobuf to version
3.18.0 in commit c28924920d:
/home/giuliobenetti/autobuild/run/instance-0/output-1/build/opencv3-3.4.15/modules/dnn/src/caffe/caffe_io.cpp: In function 'bool cv::dnn::ReadProtoFromBinary(google::protobuf::io::ZeroCopyInputStream*, google::protobuf::Message*)':
/home/giuliobenetti/autobuild/run/instance-0/output-1/build/opencv3-3.4.15/modules/dnn/src/caffe/caffe_io.cpp:1114:67: error: no matching function for call to 'google::protobuf::io::CodedInputStream::SetTotalBytesLimit(const int&, int)'
1114 | coded_input.SetTotalBytesLimit(kProtoReadBytesLimit, 536870912);
| ^
In file included from /home/giuliobenetti/autobuild/run/instance-0/output-1/build/opencv3-3.4.15/modules/dnn/src/caffe/caffe_io.cpp:93:
/home/giuliobenetti/autobuild/run/instance-0/output-1/host/mipsel-buildroot-linux-gnu/sysroot/usr/include/google/protobuf/io/coded_stream.h:401:8: note: candidate: 'void google::protobuf::io::CodedInputStream::SetTotalBytesLimit(int)'
401 | void SetTotalBytesLimit(int total_bytes_limit);
| ^~~~~~~~~~~~~~~~~~
/home/giuliobenetti/autobuild/run/instance-0/output-1/host/mipsel-buildroot-linux-gnu/sysroot/usr/include/google/protobuf/io/coded_stream.h:401:8: note: candidate expects 1 argument, 2 provided
Fixes:
- http://autobuild.buildroot.org/results/4f2a4e769c826d44fdec61b049d3d30a7e39a4d2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
- Drop patch (already in version) and so autoreconf
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fix the following build failure with glibc >= 2.33:
src/client/linux/handler/exception_handler.cc: In function 'void google_breakpad::{anonymous}::InstallAlternateStackLocked()':
src/client/linux/handler/exception_handler.cc:147:49: error: no matching function for call to 'max(int, long int)'
147 | static const unsigned kSigStackSize = std::max(16384, SIGSTKSZ);
| ~~~~~~~~^~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/61a89fa954db16a7b5b9fcee55c545e489f8d489
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
python-attrs contains a file with API for python 3.6+.
Although we can make a "tweak" and remove this specific file
for python2, we prefer to make this package available only for
python3, because the day this package (and many others) will drop
support for python2 is probably very close.
In addition, update python-attrs recursive dependencies to
depend on python3 too (python-automat is the only one left).
Fixes:
- http://autobuild.buildroot.net/results/aa6/aa6889bc254eaa93adb4fc1a71bcee9f2f23cb33/
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
[yann.morin.1998@free.fr: fix check-package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This release clears CVE-2021-40530 and fixes a problem with ChaCha20
AVX2 implementation. The CVE was due to ElGamal encryption using a work
estimate to size encryption exponents instead subgroup order. The
ChaCha20 issue was due to mishandling a carry in the AVX2 code path. The
ChaCha20 issue was difficult to duplicate, so most users should not
experience it.
https://github.com/weidai11/cryptopp/releases/tag/CRYPTOPP_8_6_0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Syslinux use some python scripts during the build and they
are using python interpreter by default. It fail to build
when there is no python interpreter on the host.
[...]/syslinux-6.03/com32/cmenu/menugen.py
make[6]: python: No such file or directory
Since Syslinux 5.00, we can override the python interpreter
used during the build:
https://repo.or.cz/syslinux.git/commitdiff/4dec62ce9c2c0d170f21b3ae2d7c618eb7a30c05
Add the missing host-python3 dependency and override
it in SYSLINUX_BUILD_CMDS.
Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/1614446766
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[yann.morin.1998@free.fr: fix check-package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since v2.2 release (commits 8cc36aec912 "doc: De-duplicate readme and
license files" and 9f1622b018ab "doc: Move content out of readme and
create new index page "), the license.rst file at the root of the git
repo is only telling to look at docs/license.rst file.
Let's point the ARM_TRUSTED_FIRMWARE_LICENSE_FILES to the correct file
and modify the .hash file accordingly.
The comment has also been wrong since we bumped from version 1.4 to 2.2
in commit a757d173f1 (boot/arm-trusted-firmware: bump to version
2.2). Drop referencing an explicit version, so that is is never wrong
again.
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
[yann.morin.1998@free.fr: also fix the comment.]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The files added by this commit are associated both to Nicolas Carrier
and myself in the DEVELOPERS, as this commit is based on initial work
from Nicolas.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This commit adds a new package called python-flask-expects-json, which
also to validate the JSON blurbs submitted to a Flask web
application. A runtime test is added as well, making sure that the
package minimally works with an example Flask application.
The files added by this commit are associated both to Nicolas Carrier
and myself in the DEVELOPERS file, as Nicolas is also interested in
this package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This commit adds a test for python-flask package. As we are about to
add python-flask-expects-json together with a test, it made sense to
also add a test for python-flask itself.
As far as the DEVELOPERS file is concerned, the test files are added
both to the existing maintainer of package/python-flask, as well as to
myself.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This commit bumps the python-smmap2 and python-gitdb2 packages in
lockstep, as the new version of gitdb2 requires a newer version of
smmap2, but the current version of gitdb2 cannot work with the newer
version of smmap2 (sigh).
Also, upstream the projects have been renamed: gitdb2 is now named
gitdb on PyPi (see https://pypi.org/project/gitdb2/) and smmap2 is now
named smmap (https://pypi.org/project/smmap2/). However, to avoid
needless churn, we don't rename the Buildroot packages, but that
rename is visible in the name of the tarballs being downloaded.
Also, since version 4.0.0, smmap supports only Python 3.x, so we add a
dependency on Python 3.x and drop the test case of gitdb2 on Python
2.x.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
In filesystems, variables must be prefixed with ROOTFS_, to avoid
ckashing with packages of the same name.
We do not have a package named 'ext2', so we currently have no clash,
but it is still ebtter that the variables be properly namespaced.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch will add an init script that allows
to set a ruleset in /etc/iptables.conf to be loaded
on boot, or flushed on stop, as well as a saving
command to generate a new file.
Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
[Arnout: change handling of readonly filesystem]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
mpd 0.22.10 terminates with segmentation fault on graphical clients while
retrieving album information. This bug was fixed in version 0.22.11
Tested on x86_64 using M.A.L.P. Android client
Signed-off-by: Andreas Ziegler <br015@umbiko.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Static build with musl fails since bump to version 2020.04 in commit
fe97212976 because LDFLAGS, which contains
-static, is not passed resulting in the following build failure:
/tmp/instance-1/output-1/host/lib/gcc/arm-buildroot-linux-musleabihf/10.3.0/../../../../arm-buildroot-linux-musleabihf/bin/ld: /tmp/instance-1/output-1/host/lib/gcc/arm-buildroot-linux-musleabihf/10.3.0/libgcc.a(_dvmd_lnx.o): in function `__aeabi_ldiv0':
/tmp/instance-1/output-1/build/host-gcc-final-10.3.0/build/arm-buildroot-linux-musleabihf/libgcc/../../../libgcc/config/arm/lib1funcs.S:1499: undefined reference to `raise'
collect2: error: ld returned 1 exit status
Fixes:
- http://autobuild.buildroot.org/results/d71aba27ff0c7711f2cb67261183506f25217a5f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
On attempt to build ntp with glibc 2.34 the following error happens:
-------------------------------->8------------------------------
In file included from .../output/host/lib/gcc/i586-buildroot-linux-gnu/10.3.0/include-fixed/pthread.h:42,
from work_thread.c:13:
work_thread.c:45:57: error: missing binary operator before token "("
45 | #if defined(PTHREAD_STACK_MIN) && THREAD_MINSTACKSIZE < PTHREAD_STACK_MIN
| ^~~~~~~~~~~~~~~~~
-------------------------------->8------------------------------
That's because starting from glibc 2.34 PTHREAD_STACK_MIN gets determined
dynamically in runtime via sysconf(), see [1].
Original fix proposed by Khem Raj in OpenEmbedded, see [2].
[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=5d98a7dae955bafa6740c26eaba9c86060ae0344
[2] https://github.com/openembedded/meta-openembedded/commit/7055c764c83150f9310ce04bcfb19330460582fc
Suggested-by: Artem Panfilov <artemp@synopsys.com>
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
ee8b680816 ("utils/scanpypi: use python3 explicitly") started to use python3,
thus compatibility can be removed:
from __future__ import print_function
from __future__ import absolute_import
Tested with python3 -m py_compile.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Python 2 is EOL sice 2020 [1], it's still available on distros, but may not
be installed by default (as being replaced by python3).
Thus remove compatibility imports:
from __future__ import print_function
from __future__ import absolute_import
Tested with python3 -m py_compile.
[1] https://www.python.org/doc/sunset-python-2/
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile
1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.
https://nvd.nist.gov/vuln/detail/CVE-2021-3246
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issues:
- CVE-2021-22945: UAF and double-free in MQTT sending
When sending data to an MQTT server, libcurl could in some circumstances
erroneously keep a pointer to an already freed memory area and both use
that again in a subsequent call to send data and also free it again.
https://curl.se/docs/CVE-2021-22945.html
- CVE-2021-22946: Protocol downgrade required TLS bypassed
A user can tell curl to require a successful upgrade to TLS when speaking
to an IMAP, POP3 or FTP server (--ssl-reqd on the command line or
CURLOPT_USE_SSL set to CURLUSESSL_CONTROL or CURLUSESSL_ALL with libcurl).
This requirement could be bypassed if the server would return a properly
crafted but perfectly legitimate response.
This flaw would then make curl silently continue its operations without
TLS contrary to the instructions and expectations, exposing possibly
sensitive data in clear text over the network.
https://curl.se/docs/CVE-2021-22946.html
- CVE-2021-22947: STARTTLS protocol injection via MITM
When curl connects to an IMAP, POP3, SMTP or FTP server to exchange data
securely using STARTTLS to upgrade the connection to TLS level, the server
can still respond and send back multiple responses before the TLS upgrade.
Such multiple "pipelined" responses are cached by curl. curl would then
upgrade to TLS but not flush the in-queue of cached responses and instead
use and trust the responses it got before the TLS handshake as if they
were authenticated.
Using this flaw, it allows a Man-In-The-Middle attacker to first inject
the fake responses, then pass-through the TLS traffic from the legitimate
server and trick curl into sending data back to the user thinking the
attacker's injected data comes from the TLS-protected server.
Over POP3 and IMAP an attacker can inject fake response data.
https://curl.se/docs/CVE-2021-22947.html
In addition, 7.79.1 fixes a number of regressions in 7.79.0:
https://daniel.haxx.se/blog/2021/09/22/curl-7-79-1-patched-up-and-ready/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The file access protection built into Ghostscript proved insufficient for
the "%pipe%" PostScript device, when combined with Ghostscript's requirement
to be able to create and control temporary files in the conventional
temporary file directories (for example, "/tmp" or "/temp). This exploit is
restricted to Unix-like systems (i.e., it doesn't affect Windows). The most
severe claimed results are only feasible if the exploit is run as a "high
privilege" user (root/superuser level) \u2013 a practice we would discourage
under any circumstances.
For more details, see the advisory:
https://ghostscript.com/CVE-2021-3781.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which
allows remote attackers to discover cleartext credentials because they may
appear in SNI data.
https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html
Upstream unfortunately does not provide a public VCS (only source
snapshots), so fetch the security patch from Debian.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This is a minor release which provides fixes for CVE-2021-30858 and
a number of other potential security issues without an associated CVE.
Patch "0001-Add-ldp-and-stp-support-for-FP-registers-plus-some-b.patch"
is deleted as it has been included in this release.
Full release notes can be found at:
https://webkitgtk.org/2021/09/17/webkitgtk2.32.4-released.html
An accompanying security advisory has been published at:
https://webkitgtk.org/security/WSA-2021-0005.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This is a minor release which provides fixes for CVE-2021-30858 and
a number of other potential security issues without an associated CVE.
Patch "0001-Add-ldp-and-stp-support-for-FP-registers-plus-some-b.patch"
is deleted as it has been included in this release.
Full release notes can be found at:
https://wpewebkit.org/release/wpewebkit-2.32.4.html
An accompanying security advisory has been published at:
https://wpewebkit.org/security/WSA-2021-0005.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- SECURITY: Stop splitting on unicode separators in git references,
which could be maliciously used to install a different revision on the
repository. (#9827)
- Update hash of LICENSE.txt (update in year)
- Update indentation in hash file (two spaces)
https://pip.pypa.io/en/stable/news/#v21-2-4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
python-protobuf no longer supports python2, so depend on
BR2_PACKAGE_PYTHON3. Reverse dependencies already depend on
python3.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure with uclibc-ng raised since bump to
version 1.17 in commit 9badccc9d4:
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/lib/gcc/xtensa-buildroot-linux-uclibc/10.3.0/../../../../xtensa-buildroot-linux-uclibc/bin/ld: src/sae.o: in function `sae_rx_authenticate':
sae.c:(.text+0xd74): undefined reference to `reallocarray'
Fixes:
- http://autobuild.buildroot.org/results/c6d3f86282c44645b4f1c61882dc63ccfc8eb35a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The gdbinit supplied by Buildroot does two things:
A. specify the sysroot where gdb can find shared libraries
B. mark the sysroot as a 'safe path' for its auto-load feature, to make sure
that pretty printers for libstdc++.so are added automatically (see commit
6fb3216a80)
When debugging a core file, and the gdbinit file is specified via '-x'
rather than '-ix', then the order of these settings matters: If you first
set the sysroot, then gdb will immediately start finding the shared
libraries it needs for the core file, detect libstdc++ and its associated
libstdc++-gdb.py file, then give a big warning about safe paths:
warning: File ".../i686-buildroot-linux-gnu/sysroot/lib/libstdc++.so.6.0.24-gdb.py"
auto-loading has been declined by your `auto-load safe-path' set
to "$debugdir:$datadir/auto-load".
To enable execution of this file add
add-auto-load-safe-path .../i686-buildroot-linux-gnu/sysroot/lib/libstdc++.so.6.0.24-gdb.py
line to your configuration file "/home/me/.gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/me/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual. E.g., run from the shell:
info "(gdb)Auto-loading safe path"
and the pretty printing code is not loaded. This is because the second
line from the gdbinit file was not yet parsed at this point.
By changing the order (first configuring the safe path, then setting the
sysroot), this issue does not appear and everything is as expected.
Note that when '-ix' were used instead of '-x' to pass the gdbinit file to
gdb, then the order would not matter, because the entire gdbinit file would
be parsed before considering the core file.
However, even though the Buildroot manual now suggests '-ix', users may not
have noticed this change and continue to use '-x'.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
A gdbinit file passed via '-x' will be read _after_ parsing any
object/core file passed on the command-line. In cross-compilation context,
this is particularly a problem when loading a core file, because without the
'sysroot' specified in the gdbinit file, it will give a lot of warnings,
like:
warning: .dynamic section for "/lib/libstdc++.so.6" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib/librt.so.1" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib/libm.so.6" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib/libgcc_s.so.1" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib/libc.so.6" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib/ld-linux.so.2" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib/libanl.so.1" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib/libdl.so.2" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib/libpthread.so.0" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/usr/lib/libz.so.1" is not at the expected address (wrong library or version mismatch?)
warning: .dynamic section for "/lib/libnss_files.so.2" is not at the expected address (wrong library or version mismatch?)
warning: Could not load shared library symbols for 17 libraries, e.g. [...]
Use the "info sharedlibrary" command to see the complete listing.
Do you need "set solib-search-path" or "set sysroot"?
In contrast, the '-ix' option will load the specified gdbinit file _before_
parsing object/core files. This will remove said warnings.
See also: https://sourceware.org/bugzilla/show_bug.cgi?id=28330
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The example media-session pipewire session manager requires
pipewire to be built with examples enabled, add support for
enabling this while depending on examples being enabled.
To simplify adding support for additional session managers in
the future such as wireplumber we pass a comma separated list
to the -Dsession-managers meson config option. This also will
ensure that systemd services that depend on media-session are
only installed if media-session support is enabled.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
To avoid spending some time to build the x86_64 toolchain (~20min),
switch to corei7 cpu (Nahalem) and use the prebuilt Bootlin toolchain.
We have to use the "stable" Bootlin toolchain to use the same kernel version
for the toolchain kernel headers and the running kernel.
With the "bleeding-edge" toolchain we have the "kernel too old" issue
(running kernel 4.19 vs kernel headers 5.4)
Runtime tested locally.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Switch from the Buildroot internal toolchain for armv5 to
the prebuilt Bootlin external toolchain.
The test doesn't require to build a toolchain, there was
no prebuilt glibc toolchain recent enough at the time this
test has been introduced.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This test already use builtin kernel provided by the testsuite infra:
self.emulator.boot(arch="armv7",
kernel="builtin",
options=["-initrd", img])
But a second kernel is build from the its defconfig. This second kernel
is not used by the test.
The TestRust (using BR2_PACKAGE_HOST_RUST=y) is really long to build,
save some cpu time by removing the kernel build.
This unused kernel (based on 4.11.3 release) doesn't even build with
host gcc >= 10.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The kernel 5.5.7 curently used by the test doesn't build with host
gcc >= 10 due the gcc default -fno-common. See GCC 10 porting guide [1].
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x20): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
But we can't just update this test to the next linux kernel LTS 5.10.y since
the minimum gcc version has been updated to gcc 4.9 since 5.8 kernel [2]
and the Sourcery CodeBench ARM 2014.05 is used (gcc 4.8 based).
Enable arm cortex A9 and VFP support to switch to the ARM arm prebuilt
toolchain (the Bootlin toolchain could be used).
While at it use the prebuilt buildin kernel for the vexpress target
recently updated to 5.10.7.
Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/1564202094
[1] https://gcc.gnu.org/gcc-10/porting_to.html
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6ec4476ac82512f09c94aff5972654b70f3772b2
[3] 3cf2782906
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The kernel 4.16.7 curently used by the test doesn't build with host
gcc >= 10 due the gcc default -fno-common. See GCC 10 porting guide [1].
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x20): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
Bump to the next LTS release.
[1] https://gcc.gnu.org/gcc-10/porting_to.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The kernel 4.16.7 curently used by the test doesn't build with host
gcc >= 10 due the gcc default -fno-common. See GCC 10 porting guide [1].
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x20): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
Bump to the next LTS release.
[1] https://gcc.gnu.org/gcc-10/porting_to.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The kernel 4.11.3 curently used by the test doesn't build with host
gcc >= 10 due the gcc default -fno-common. See GCC 10 porting guide [1].
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x20): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
Bump to the next LTS release.
[1] https://gcc.gnu.org/gcc-10/porting_to.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The kernel 4.11.3 curently used by the test doesn't build with host
gcc >= 10 due the gcc default -fno-common. See GCC 10 porting guide [1].
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x20): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
Bump to the next LTS release.
[1] https://gcc.gnu.org/gcc-10/porting_to.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Update to version 0.10.1, which fixes the build when the DRM platform
module is enabled, fixes handling of absolute pointer events, and makes
the headless platform optional.
Although the headless platform is optional, Buildroot keeps it enabled
unconditionally (as previously) because the wpebackend-fdo dependency
is always needed anyway because Buildroot does not include any other
WPE backend.
Release notes:
https://wpewebkit.org/release/cog-0.10.1.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Also create a pipewire user, which is used for systemd service. There is
no sysvinit start script at the moment, but if there were, it should
also take care of changing the uid to pipewire before starting the
daemon.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add simple mixer python bindings to build when "Python support for
alsa-lib" is active. smixer-python is the only python module which
exists in alsa-lib. It is compatible with Python2 and Python3.
Signed-off-by: Illia Bitkov <illia.bitkov@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Added patch fixes linkage of libgc with external libtomic-ops.
Mono uses bundeled bdwgc which doesn't link external libatomic-ops.
Patch is a fix cherry-picked from bdwgc upstream.
Problem found on ARMv5 processors, on newer ARM processors
it uses header based functions and doesn't need built library.
Error:
/home/buildroot/autobuild/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/9.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: ../../external/bdwgc/.libs/libgc.a(gc.o): in function `GC_steal_mark_stack':
gc.c:(.text+0x2020): undefined reference to `AO_store_full_emulation'
Fixes:
http://autobuild.buildroot.net/results/ebc54e5dea63aca21a4072d294fdede41de559c7http://autobuild.buildroot.net/results/6d10a4bd43fbc9c1d3fa26d5eef394c8023cb85f
Signed-off-by: Illia Bitkov <illia.bitkov@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
license is now LGPL-3.0+ for both talloc and pytalloc. Therefore, remove
pytalloc.h from the license files.
Signed-off-by: David GOUARIN <david.gouarin@thalesgroup.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
If the toolchain does not have threads (e.g. br-arm-full-nothread),
compilation fails:
In file included from /home/fail/br-test-pkg/br-arm-full-nothread/build/libressl-3.3.3/crypto/cryptlib.c:117:
/home/fail/br-test-pkg/br-arm-full-nothread/build/libressl-3.3.3/crypto/../include/compat/pthread.h:114:15: fatal error: pthread.h: No such file or directory
114 | #include_next <pthread.h>
| ^~~~~~~~~~~
compilation terminated.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
COPYING was updated with a copy of the openssl licence since libgit2 now
include openssl headers so it can dlopen it:
openssl: dynamically load libssl and symbols (optionally)
Provide an interface around OpenSSL to dynamically load the
libraries and symbols, so that users can distribute a libgit2
library that is not linked directly against OpenSSL. This enables
users to target multiple distributions with a single binary.
This mechanism is optional and disabled by default. Configure cmake
with -DUSE_HTTPS=OpenSSL-Dynamic to use it.
We do not use that option so the headers are not even used, plus the
headers are not installed on the target anyway, so this patch includes
no license changes.
Upstream also stopped providing release tarballs, relying on
github-generated tarballs instead.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Plus, use two spaces for indentation in the hash file.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
License updated with a minor change at the copyright year.
SETUP_TYPE changed to setuptools.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Don't require wayland-scanner if tests are disabled to avoid the
following build failure raised since bump to version 1.23 in commit
7eedc9cc1e:
Build-time dependency wayland-scanner found: NO (tried pkgconfig and cmake)
../output-1/build/wayland-protocols-1.23/meson.build:11:0: ERROR: Dependency "wayland-scanner" not found, tried pkgconfig and cmake
Fixes:
- http://autobuild.buildroot.org/results/2744e50465a9cd9d3726d23298ad6c943ef49a21
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr:
- do not default to 'y'
- add comment
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
mesa3d uses very big switch statements, which causes the build to fail
on m68k, beause the offsets there are only 16-bit.
We fix that by using -mlong-jump-table-offsets on m68k, to use 32-bit
offsets for switch statements, but this is only available starting with
gcc 7 [0] [1].
Fixes:
http://autobuild.buildroot.net/results/60c4653c2a93125edbdd0beb43cd47301643464a/
Note: we have two packages that select mesa3d, but:
package/intel-mediadriver/
-> already depends on x86_64, so implies !m68k
package/x11r7/xdriver_xf86-video-imx-viv/
-> imx is an ARM, but xdriver_xf86-video-imx-viv is missing
a depends on BR2_arm (although the comments do have that
dependency). However, it depends on other imx related
packages, and they depend on either arm or aarch64, so
that implies !m68k.
As such, we do not need to propagate that new dependency.
[0] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57583#c15
[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57583#c16
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[yann.morin.1998@free.fr:
- add comment
- reword commit log, add BZ references, add non-propagation notes
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We need to backport a few upstream still-pending PRs, to fix
cross-compilation, out-of-tree installation, and to relax requirements
on some tools.
The python support PR is backported too, but because python support was
not tested, it is forcibly disabled.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr:
- expand commit log with explanations
- backport upstream 253 (python) too
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bump libfuse3 to version 3.10.5 and remove local patch that has been
upstreamed.
Release notes:
Various improvements to make unit tests more robust.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure with glibc >= 2.34:
ulockmgr_server.c:127:12: error: conflicting types for 'closefrom'; have 'int(int)'
127 | static int closefrom(int minfd)
| ^~~~~~~~~
In file included from ulockmgr_server.c:14:
/home/buildroot/autobuild/instance-1/output-1/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/unistd.h:363:13: note: previous declaration of 'closefrom' with type 'void(int)'
363 | extern void closefrom (int __lowfd) __THROW;
| ^~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/3769b18ca804fba3b5974af799972a7d889b39a6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The AKA backend for 3GPP2 requires libgmp (see
https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf). Since
the AKA backend for 3GPP2 is included by BR2_PACKAGE_STRONGSWAN_EAP,
when selecting a crypto backend different from
BR2_PACKAGE_STRONGSWAN_GMP, there is no guarantee the gmp package is
selected as well. When doing so, make fails since the package is in the
dependency chain but not selected:
$ make
Makefile:585: *** gmp is in the dependency chain of strongswan that has added it to its _DEPENDENCIES variable without selecting it or depending on it from Config.in. Stop.
make: *** [Makefile:23: _all] Error 2
To fix this, select BR2_PACKAGE_GMP when selecting BR2_PACKAGE_STRONGSWAN_EAP.
Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- CVE-2021-28902: In function read_yin_container() in libyang <= v1.0.225,
it doesn't check whether the value of retval->ext[r] is NULL. In some
cases, it can be NULL, which leads to the operation of
retval->ext[r]->flags that results in a crash.
- CVE-2021-28903: A stack overflow in libyang <= v1.0.225 can cause a denial
of service through function lyxml_parse_mem(). lyxml_parse_elem()
function will be called recursively, which will consume stack space and
lead to crash.
- CVE-2021-28904: In function ext_get_plugin() in libyang <= v1.0.225, it
doesn't check whether the value of revision is NULL. If revision is NULL,
the operation of strcmp(revision, ext_plugins[u].revision) will lead to a
crash.
- CVE-2021-28905: In function lys_node_free() in libyang <= v1.0.225, it
asserts that the value of node->module can't be NULL. But in some cases,
node->module can be null, which triggers a reachable assertion (CWE-617).
- CVE-2021-28906: In function read_yin_leaf() in libyang <= v1.0.225, it
doesn't check whether the value of retval->ext[r] is NULL. In some cases,
it can be NULL, which leads to the operation of retval->ext[r]->flags that
results in a crash.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Changelog (since 1.14, from [1]):
ver 1.17:
Fix issue with sending additional and vendor IEs.
Fix issue with IE ordering for 802.11-2020 support.
Fix issue with frequency update on channel switch events.
Fix issue with drivers and handling of IF_OPER_UP setting.
ver 1.16:
Fix issue with writing provisioning files with a passphrase.
Add support for Authenticator & Supplicant RSN Extension elements.
Add support for handling Transition Disable info.
Add support for SAE Hash-to-Element feature.
ver 1.15:
Add support for FT-over-DS procedure with multiple BSS.
Add support for estimation of VHT RX data rate.
Add support for exporting Daemon information.
[1] https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/ChangeLog
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Changelog (since 0.41, from [1]):
ver 0.43:
Add support for DHCP Rapid Commit feature.
Add support for DHCP authoritative mode feature.
ver 0.42:
Add support for constant time security functions.
Add support for manipulating DHCP leases.
[1] https://git.kernel.org/pub/scm/libs/ell/ell.git/tree/ChangeLog
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure with glibc >= 2.34:
/tmp/instance-0/output-1/host/lib/gcc/s390x-buildroot-linux-gnu/10.3.0/../../../../s390x-buildroot-linux-gnu/bin/ld: CMakeFiles/egltrace.dir/dlsym.cpp.o: in function `dlsym':
dlsym.cpp:(.text+0x34): undefined reference to `__libc_dlopen_mode'
/tmp/instance-0/output-1/host/lib/gcc/s390x-buildroot-linux-gnu/10.3.0/../../../../s390x-buildroot-linux-gnu/bin/ld: dlsym.cpp:(.text+0x46): undefined reference to `__libc_dlsym'
Fixes:
- http://autobuild.buildroot.org/results/ac5e5b1e30249ae0fb8b9179338b47c60c026bcc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
CVE-2021-29221 is a Windows specific issue:
A local privilege escalation vulnerability was discovered in Erlang/OTP
prior to version 23.2.3. By adding files to an existing installation's
directory, a local attacker could hijack accounts of other users running
Erlang programs or possibly coerce a service running with "erlsrv.exe" to
execute arbitrary code as Local System. This can occur only under specific
conditions on Windows with unsafe filesystem permissions.
So ignore it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issue:
- CVE-2021-40529: The ElGamal implementation in Botan through 2.18.1, as
used in Thunderbird and other products, allows plaintext recovery because,
during interaction between two cryptographic libraries, a certain
dangerous combination of the prime defined by the receiver's public key,
the generator defined by the receiver's public key, and the sender's
ephemeral exponents can lead to a cross-configuration attack against
OpenPGP
For more details, see the upstream bug and issue writeup:
- https://github.com/randombit/botan/pull/2790
- https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- CVE-2021-37701: Arbitrary File Creation/Overwrite via insufficient symlink
protection due to directory cache poisoning using symbolic links
- CVE-2021-37712: Arbitrary File Creation/Overwrite via insufficient symlink
protection due to directory cache poisoning using symbolic links
- CVE-2021-37713: Arbitrary File Creation/Overwrite on Windows via
insufficient relative path sanitization
- CVE-2021-39134: UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
- CVE-2021-39135: UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As the github repository has changed from github.com/AdoptOpenJDK/ to
github.com/adoptium, both versions are updated in the same patch.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
For the i.MX8 often an Image.gz is built. With these changes, if
BR2_LINUX_KERNEL_IMAGEGZ=y, the correct Image.gz file is now put into
the generated image instead of falling back to the non-existent zImage.
Signed-off-by: Hanspeter Portner <dev@open-music-kontrollers.ch>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before
1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in
kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 148e695e37 (package/kodi: bump version to 19.0-Matrix) extended
the set of required libraries for various "platform" backends, by
selecting those libraries from the blind options. For example, we have:
config BR2_PACKAGE_KODI_PLATFORM_SUPPORTS_GBM
bool
default y
depends on [...]
select BR2_PACKAGE_LIBINPUT
[...]
However, that option is true as soon as the requirements are met (the
depends on), even when Kodi itself is not enabled.
This means that extra libraries are pulled in to the build, even when
not required.
We fix that by moving the actual selects to the main symbol, along with
the proper conditions. This means that we have two lines that select
libxbcommon, under two different conditions; we could make that a single
select, but the codition would need to be on two lines anyway, so meh...
This is not an ideal solution, because it is a bit ugly, but:
1) adding three new blind options just for the select is kinda extreme
and superfluous;
2) our Kodi packaging is already a bit ugly anyway.
Fixes: #14206
Reported-by: Thomas Ruschival <t.ruschival@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
In order to add support for EFI-compatible ISO9660 images in future
patches, this commit switch the ISO9660 logic to use xorriso instead of
cdrkit. Indeed the genimageiso tool from cdrkit doesn't have the
--efi-boot option needed to generate an image compatible with EFI BIOS.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
[yann.morin.1998@free.fr: drop superfluous tool name from variable]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We will soon use xorriso in the ISO9660 image generation support, and
this requires having zlib support in host-xorriso.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure with gcc 4.8 raised since bump to
version 0.6.23 in commit e2f8050976:
exif-gps-ifd.c: In function 'exif_get_gps_tag_info':
exif-gps-ifd.c:62:3: error: 'for' loop initial declarations are only allowed in C99 mode
for (int i = 0; i < sizeof(exif_gps_ifd_tags) / sizeof(ExifGPSIfdTagInfo); ++i) {
^
exif-gps-ifd.c:62:3: note: use option -std=c99 or -std=gnu99 to compile your code
Fixes:
- http://autobuild.buildroot.org/results/7dd222e06d1e6611449fb8fe7516817c9ad43d65
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-3634: A flaw has been found in libssh in versions prior to
0.9.6. The SSH protocol keeps track of two shared secrets during the
lifetime of the session. One of them is called secret_hash and the other
session_id. Initially, both of them are the same, but after key
re-exchange, previous session_id is kept and used as an input to new
secret_hash. Historically, both of these buffers had shared length
variable, which worked as long as these buffers were same. But the key
re-exchange operation can also change the key exchange method, which can
be based on hash of different size, eventually creating "secret_hash" of
different size than the session_id has. This becomes an issue when the
session_id memory is zeroed or when it is used again during second key
re-exchange.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
protobuf moved from the google org to protocolbuffers in 2018.
There is a redirect but we should use the official url.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
pause() is defined in glibc since the very early times; it appears in
upstream commit 28f540f45bba (initial import) in 1995 [0].
Bluez has been defining a function named pause() for ages too, since
comit caab74c97542 (media: Implement new callbacks for pass-through
operations) in 2013 [1]
With the recent bump to glibc 2.34.xxx, the build now fails because the
two pause() clash:
profiles/audio/media.c:1284:13: error: conflicting types for 'pause'
1284 | static bool pause(void *user_data)
| ^~~~~
In file included from /tmp/instance-0/output-1/per-package/bluez5_utils/host/s390x-buildroot-linux-gnu/sysroot/usr/include/bits/sigstksz.h:24,
from /tmp/instance-0/output-1/per-package/bluez5_utils/host/s390x-buildroot-linux-gnu/sysroot/usr/include/signal.h:328,
from /tmp/instance-0/output-1/per-package/bluez5_utils/host/bin/../s390x-buildroot-linux-gnu/sysroot/usr/include/glib-2.0/glib/gbacktrace.h:36,
from /tmp/instance-0/output-1/per-package/bluez5_utils/host/bin/../s390x-buildroot-linux-gnu/sysroot/usr/include/glib-2.0/glib.h:34,
from profiles/audio/media.c:21:
/tmp/instance-0/output-1/per-package/bluez5_utils/host/s390x-buildroot-linux-gnu/sysroot/usr/include/unistd.h:489:12: note: previous declaration of 'pause' was here
489 | extern int pause (void);
| ^~~~~
The culprit is indeed glibc 2.34, as can be seen in this result matrix:
\ bluez5_utils
glibc \ 5.60 | 5.61
-------\-------+--------
2.33 | OK | OK
-------+-------+--------
2.34 | KO | KO
Even though we first bumped to glibc 2.34, then to blues5_utils 5.61,
we did not notice build issues with bluez5_utils 5.60 because the two
bumps were too close to each other for the failure to trigger in the
autobuilders.
The underlying reason that pause() is now causing issues with glibc 2.34
is not obvious: glibc is a big beast, and finding such issues is not
easy. However, we can see that the pause() provided by NPTL has been
dropped in favour of the generic one, so maybe this is causing symbol
visibility or weakness to change or something...
We fix that by renaming the local pause() in bluez5_utils with a
namespace-prefix, like some other functions there already have.
Fixes:
- http://autobuild.buildroot.org/results/c4f/c4fbface34be8815838fd7201621d7a8fddd32c5/
- http://autobuild.buildroot.org/results/62b/62b88740f19fbe4a1ad7959dc141d539eb88c1f8/
[0] https://sourceware.org/git/?p=glibc.git;a=commit;h=28f540f45bbacd939bfd07f213bcad2bf730b1bf
[1] https://github.com/bluez/bluez/commit/caab74c97542a56b591f0b16b44ab6ba4b40f0f5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: extend commit log with the glibc culprit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* add changelog and Signed-off-by to patches
* use correct name for patch 0002
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
xdg is needed (and can't be make optional as it is unconditionally used
in pulseaudio.fc) to fix the following build failure raised since commit
bf44a11cf6:
Compiling targeted policy.33
env LD_LIBRARY_PATH="/tmp/instance-0/output-1/host/lib:/tmp/instance-0/output-1/host/usr/lib" /tmp/instance-0/output-1/host/usr/bin/checkpolicy -c 33 -U deny -S -O -E policy.conf -o policy.33
policy/modules/apps/pulseaudio.te:44:ERROR 'attribute xdg_config_type is not declared' at token ';' on line 317285:
#line 44
typeattribute pulseaudio_xdg_config_t xdg_config_type;
checkpolicy: error(s) encountered while parsing configuration
make[1]: *** [Rules.monolithic:79: policy.33] Error 1
Fixes:
- http://autobuild.buildroot.org/results/818219c0f722080d9f6ef778fdc50e34dd4187ab
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Update download to use official gitlab source url.
Drop patches that are now upstream.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The mainline U-Boot can create an i.MX specific firmware image (e.g. flash.bin).
For this the i.MX firmware files (DDR, HDMI) must be in the toplevel directory.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
[yann.morin.1998@free.fr: simplify hook]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The version bump [1] for the rpm package to v4.17 added the newly
required dependency to Lua; however, the change limited support to only
v5.3 (and not higher). Correcting support for v5.3 or higher by making
a dependency on the Lua package and omitting older versions which are
not supported (specifically, the v5.1 series)
[1]: 429e247b86
Signed-off-by: James Knight <james.d.knight@live.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
openjdk needs host gcc >= 4.9 since bump to version 16.0.1+9 in commit
057e27029c and
https://github.com/openjdk/jdk/commit/2a8f92e7e71f7c1ed4010fa31f4b413758c8752a:
configure: Using gcc BuildC compiler version 4.8.5 [cc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-44)]
configure: Using gcc BuildC++ compiler version 4.8.5 [g++ (GCC) 4.8.5 20150623 (Red Hat 4.8.5-44)]
configure: Using gcc build linker version 2.27 [GNU ld version 2.27-44.base.el7]
[...]
g++: error: unrecognized command line option '-std=c++14'
Add a dependency on host gcc >= 4.9 for the OpenJDK 16 version only, so
that users can still use OpenJDK 11 on older distributions.
Fixes:
- http://autobuild.buildroot.org/results/7072308d148ccb8237180729551df65c87a76f11
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: limit the dependency to OpenJDK 16]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following recursive dependency added with commit
429e247b86:
package/openssl/Config.in:4:error: recursive dependency detected!
package/openssl/Config.in:4: symbol BR2_PACKAGE_OPENSSL is selected by BR2_PACKAGE_LIBGCRYPT
package/libgcrypt/Config.in:1: symbol BR2_PACKAGE_LIBGCRYPT is selected by BR2_PACKAGE_OPENSSL
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
If the ATF binary is used by U-Boot, the file is expected to be in the
toplevel directory.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
In mainline u-boot more and more imx8 boards are switched to binman
to create the imx specific image (flash.bin). To support this the
(lp)ddr firmware training files are needed. For this to work all files
should be made available to the U-Boot build.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Force relative file path resolution of DEVELOPERS file entries to use
forward-slash separators since pattern matching assumes forward slashes.
This is to help permit uses invoking `get-developers` on Platforms where
`os.sep` may not be a forward slash.
Signed-off-by: James Knight <james.d.knight@live.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Adjust the inclusion of the rpm2archive command as an option, to allow a
developer to opt-out of building/including the command if it is not
desired/needed for the target.
Signed-off-by: James Knight <james.d.knight@live.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix MKIMAGE_ARCH handling to avoid the following build failure:
/home/buildroot/autobuild/instance-0/output-1/build/host-uboot-tools-2021.07/tools/mkimage -C none -A openrisc -T script -d /home/buildroot/autobuild/instance-0/output-1/boot_script.txt /home/buildroot/autobuild/instance-0/output-1/build/host-uboot-tools-2021.07/tools/boot.scr
Invalid architecture, supported are:
alpha Alpha
arc ARC
arm ARM
arm64 AArch64
avr32 AVR32
blackfin Blackfin
ia64 IA64
invalid Invalid ARCH
m68k M68K
microblaze MicroBlaze
mips MIPS
mips64 MIPS 64 Bit
nds32 NDS32
nios2 NIOS II
or1k OpenRISC 1000
powerpc PowerPC
riscv RISC-V
s390 IBM S390
sandbox Sandbox
sh SuperH
sparc SPARC
sparc64 SPARC 64 Bit
x86 Intel x86
x86_64 AMD x86_64
xtensa Xtensa
Strangely enough, we only have autobuilder failures since July 2021 even
as or1k has been used since the addition of openriscv support in 2012:
https://github.com/u-boot/u-boot/commit/3ddcaccda3824e1c7f7266d543e4c0eb3ea9851c
For x86)64, we incorrectly mangle it to x86.
Finally, the comment about mips64 is wrong: mips64 *is* a valid
archtecture, and we anyway had no code to tweak that case.
Fixes:
- http://autobuild.buildroot.org/results/c3f0f2a3fb87d74bfdaccf9b94c66f0b5bae7520
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: extend commit log for mips64 and x86_64]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Build is broken since bump to version 3.0.0 in commit
45524f10cd because libxslt is needed
instead of expat since
https://github.com/arut/nginx-dav-ext-module/commit/37772c545314aa4a250066f4e7cbc8806d406fa8:
adding module in /tmp/instance-0/output-1/build/nginx-dav-ext-3.0.0
+ ngx_http_dav_ext_module was configured
checking for PCRE library ... found
checking for PCRE JIT support ... found
Package libxslt was not found in the pkg-config search path.
Perhaps you should add the directory containing `libxslt.pc'
to the PKG_CONFIG_PATH environment variable
Package 'libxslt', required by 'virtual:world', not found
Package libxslt was not found in the pkg-config search path.
Perhaps you should add the directory containing `libxslt.pc'
to the PKG_CONFIG_PATH environment variable
Package 'libxslt', required by 'virtual:world', not found
checking for libxslt ... not found
checking for libxslt in /usr/local/ ... not found
checking for libxslt in /usr/pkg/ ... not found
checking for libxslt in /opt/local/ ... not found
./configure: error: the HTTP XSLT module requires the libxml2/libxslt
libraries. You can either do not enable the module or install the libraries.
Fixes:
- http://autobuild.buildroot.org/results/8735d20ca7ccf4eda2f79f9400bed70474855b40
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Now that the qemu package has the BR2_PACKAGE_HOST_QEMU_USER_MODE_ARGS string,
the gobject-introspection g-ir-scanner-qemuwrapper script can pass that string
to qemu.
Add the QEMU_USERMODE_ARGS to g-ir-scanner-qemuwrapper.in and unconditionally
sed @QEMU_USERMODE_ARGS@ with BR2_PACKAGE_HOST_QEMU_USER_MODE_ARGS.
Fixes:
http://autobuild.buildroot.org/results/2e9dbc0d36600c09fa9e59ab1b1903c9f40661e8
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[Arnout: don't add QEMU_USERMODE_ARGS variable to shell script]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
For specific architectures, running qemu in user mode without any additional
options may fail if the host processor does not have the necessary instructions
to properly run qemu in user mode, which results in the following error:
"qemu: uncaught target signal 4 (Illegal instruction) - core dumped"
CoreI7 is one such architecture that has had consistent auto-build failures.
Add a new string in qemu/Config.in.host: BR2_PACKAGE_HOST_QEMU_USER_MODE_ARGS.
The default for the Corei7 architecture is directly from the OpenEmbedded
project found in meta/conf/machine/include/x86/tune-corei7.inc:
"-cpu Nehalem,check=false." Other architectures may be added to this string at
a later date if other failures occure.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- Add double quotes to prevent globbing and word splitting.
- Add indentations of continuation lines.
- Disable SC2181 and SC2016 as we explicitly do not want the variables
expanded in the echo.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
If GIR_EXTRA_LIBS_PATH is empty, the LD_LIBRARY_PATH variable is
":.libs:$(dirname $0)/../lib:$(dirname $0)/../../lib".
As discussed with Yann Morin, add a new variable, "GOI_LIBRARY_PATH" and
prepend ${GIR_EXTRA_LIBS_PATH:+${GIR_EXTRA_LIBS_PATH}:} to the path to fix the
above bug.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following static build failure on musl which is raised because
the "Check for directory libraries" in configure wrongly adds -DNO_DIR
when no directory library is needed:
/tmp/instance-0/output-1/host/bin/arm-buildroot-linux-musleabihf-gcc -c -D_FILE_OFFSET_BITS=64 -O2 -g0 -static -I. -DUNIX -DUIDGID_NOT_16BIT -DBZIP2_SUPPORT -DLARGE_FILE_SUPPORT -DUNICODE_SUPPORT -DNO_MKTIME -DNO_DIR -DHAVE_DIRENT_H -DHAVE_TERMIOS_H unix/unix.c
unix/unix.c:70:14: error: conflicting types for 'DIR'
70 | typedef FILE DIR;
| ^~~
Fixes:
- http://autobuild.buildroot.org/results/83a6e0c8c4ad026cb0261246e3b1a80d754454bd
Patch not sent upstream since upstream is dead.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Update to gcc 10.3, gdb 10.2, binutils 2.36.1, glibc 2.33.
Remove BR2_TOOLCHAIN_HAS_NATIVE_RPC since the support for obsolete
RPC was finally dropped in glibc in 2.32 (2020-08-04).
See "Release Note":
https://developer.arm.com/open-source/gnu-toolchain/gnu-a/downloads#
Tested with qemu_aarch64_virt_defconfig.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Update to gcc 10.3, gdb 10.2, binutils 2.36.1, glibc 2.33.
Remove BR2_TOOLCHAIN_HAS_NATIVE_RPC since the support for obsolete
RPC was finally dropped in glibc in 2.32 (2020-08-04).
See "Release Note":
https://developer.arm.com/open-source/gnu-toolchain/gnu-a/downloads#
Tested with qemu_arm_vexpress_defconfig.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Switch to meson-package to fix the following build failure raised since
bump of gobject-introspection to version 1.68.0 in commit
abc110e362:
Could not find GIR file 'Gio-2.0.gir'; check XDG_DATA_DIRS or use --includedir
error parsing file Polkit-1.0.gir: Failed to parse included gir Gio-2.0
If the above error message is about missing .so libraries, then setting up GIR_EXTRA_LIBS_PATH in the .mk file should help.
Typically like this: PKG_MAKE_ENV += GIR_EXTRA_LIBS_PATH="$(@D)/.libs"
Fixes:
- http://autobuild.buildroot.org/results/26bcb21900b403db690d6005dbef0a76ff494d6c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Bump the version to 1661 and remove the patch
0002-Remove-unused-global-variable-to-fix-compilation-with-GCC-10.patch.
This patch is no longer needed because the fix has been added upstream.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
environment-setup uses BASH_SOURCE which is bash specific. For other
shells, this variable is empty, leading to an error message and empty
SDK_PATH.
Zsh Uses $0. Unfortunately POSIX is not specifying how exactly $0
should behave when in sourced (or using special dot utility). So other
shell support have to be implemented in different manner.
Signed-off-by: Krzysztof Kanas <kkanas@fastmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Set includedir to $(STAGING_DIR)/usr/share/gir-1.0 instead of . in
Makefile.introspection or g-ir-compiler won't find .gir files resulting
in a build failure for autotools-based based programs such as gconf
since bump of gobject-introspection to version 1.68.0 in commit
abc110e362:
Could not find GIR file 'GObject-2.0.gir'; check XDG_DATA_DIRS or use --includedir
error parsing file GConf-2.0.gir: Failed to parse included gir GObject-2.0
Fixes:
- http://autobuild.buildroot.org/results/8180d893cbd27512915a7f8a3adb232b93a98ceb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Long ago, before SMCRoute had yet become a proper daemon and standalone
control tool, it was both. After the metamorphosis commands and options
had changed, a compat script was added to provide a smooth transition.
The compat script is still shipped in the tarball, and installed, but
only Debian still relies on it, so we prune it here to keep confusion
to a minimum, hopefully.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Same start order as mrouted, start after networking is up.
Custom command line options, like startup delay, or disable multicast
routing by default, can be added to the optional /etc/default/smcroute
env. file.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- Upstream has changed to tar.gz
- Drop _SOURCE, fixes check-package warning
- setpgrp not used anymore, no need to override configure cache
- Makefile no longer uses CC?=, drop comment
- Enable MRDISC build option, must be activated per phyint in
smcroute.conf, so safe to enable as a default build option
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Also correct the comment about installing the minified js file, which
was changed with the update to 3.0.5 in commit 42bf38dca.
Signed-off-by: Thomas Claveirole <thomas.claveirole@green-communications.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Install progress/usb services for swupdate based on meta-swupdate
configs.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since the website depends on the webserver being enabled we should
add a config option for it and make the website depend on that.
We should also ensure that the mongoose(webserver) config is present.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This needs to be set properly so that services work correctly.
Enable disable automatically based on BR2_PACKAGE_SYSTEMD state.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This ensures all tools/libraries will be properly installed.
Update SWUPDATE_BUILD_CMDS param ordering for consistency.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The swupdate services do not depend on
BR2_PACKAGE_SWUPDATE_INSTALL_WEBSITE, so install them unconditionally.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
In buildroot, stripping for the target is configured and implemented
with the global `BR2_STRIP_strip` option that drive the stripping in
the target-finalize step.
So, we explicitly disable stripping at build time for swupdate.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure on uclibc-ng raised since bump to
version 6.0.0 in commit 6b86c9335f:
../block/export/fuse.c: In function 'fuse_lseek':
../block/export/fuse.c:641:19: error: 'SEEK_HOLE' undeclared (first use in this function)
641 | if (whence != SEEK_HOLE && whence != SEEK_DATA) {
| ^~~~~~~~~
../block/export/fuse.c:641:19: note: each undeclared identifier is reported only once for each function it appears in
../block/export/fuse.c:641:42: error: 'SEEK_DATA' undeclared (first use in this function); did you mean 'SEEK_SET'?
641 | if (whence != SEEK_HOLE && whence != SEEK_DATA) {
| ^~~~~~~~~
| SEEK_SET
Fixes:
- http://autobuild.buildroot.org/results/33c90ebf04997f4d3557cfa66abc9cf9a3076137
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch adds runtime testing of the OCI archive created by the
sloci scripting. It launches a containerd instance, imports, and
runs the OCI container.
The existing QEMU AARCH64 kernel config was extended to enable common
options used by a container runtime (cgroup and overlayfs).
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
[Arnout: adapt file name which is arm64 now; add to DEVELOPERS]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add support to generate OCI (Open Container Initiative) images.
An OCI image consists of a manifest, an image index (optional), a set of
filesystem layers, and a configuration. The complete specification is
available in the link below:
https://github.com/opencontainers/image-spec/blob/master/spec.md
The image is generated with the host tool sloci-image, and config
options can be used to configure image parameters.
By default, the image is generated in a directory called rootfs-oci:
$ cd output/images
$ ls rootfs-oci/
blobs index.json oci-layout
Optionally, the image can be packed into a tar archive.
The image can be pushed to a registry using containers tools like
skopeo:
$ skopeo copy --dest-creds <user>:<pass> oci:rootfs-oci:<tag> \
docker://<user>/<image>[:tag]
And then we can pull/run the container image with tools like docker:
$ docker run -it <user>/<image>[:tag]
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
[Arnout:
- mention in help text that options are space separated;
- use GO_GOARCH and GO_GOARM for architecture;
- quote all arguments;
- don't cd to BINARIES_DIR;
- remove ROOTFS_OCI_IMAGE_NAME variable;
- remove wildcard from rm.
]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
sloci-image is a simple CLI tool for packing rootfs into a single-layer
OCI image.
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
[Arnout: correctly set PREFIX, add Matt to DEVELOPERS, add additional
patch]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure raised since commit
d39d8f7cee:
In file included from /home/buildroot/autobuild/instance-3/output-1/host/x86_64-buildroot-linux-musl/sysroot/usr/include/boost/math/common_factor.hpp:14,
from /home/buildroot/autobuild/instance-3/output-1/build/gnuradio-3.8.2.0/gr-digital/lib/symbol_sync_cc_impl.cc:30:
/home/buildroot/autobuild/instance-3/output-1/host/x86_64-buildroot-linux-musl/sysroot/usr/include/boost/math/common_factor_ct.hpp:17:68: error: _Pragma takes a parenthesized string literal
17 | BOOST_MATH_HEADER_DEPRECATED("<boost/integer/common_factor_ct.hpp>");
|
Fixes:
- http://autobuild.buildroot.org/results/7b4/7b46f51588144bca1d323230c378ce7f6ee999a8/build-end.log
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure with glibc >= 2.34:
In file included from /tmp/instance-0/output-1/host/arc-buildroot-linux-gnu/sysroot/usr/include/bits/local_lim.h:81,
from /tmp/instance-0/output-1/host/arc-buildroot-linux-gnu/sysroot/usr/include/bits/posix1_lim.h:161,
from /tmp/instance-0/output-1/host/arc-buildroot-linux-gnu/sysroot/usr/include/dirent.h:233,
from automount.c:22:
automount.c:87:37: error: initializer element is not constant
87 | size_t detached_thread_stack_size = PTHREAD_STACK_MIN * 144;
| ^~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/0c8ab8968b2adf6a5f8eeab00ce388968fa1c1d5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Update SITE to be synced with bayer2rgb-neon.
Use git as METHOD because no tarball is available for this version.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
sox also provides one or more libraries with headers, so also install
sox to staging.
Signed-off-by: Adrian Amaglio <nainformatique@gresille.org>
[Giulio: reword commit log]
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[yann.morin.1998@free.fr:
- further refine commit log
- move assignment in a more sensible location
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- CVE-2021-40346: An integer overflow exists in HAProxy 2.0 through 2.5 in
the htx_add_header() can be exploited to perform an HTTP request smuggling
attack, allowing an attacker to bypass all configured http-request HAProxy
ACLs and possibly other ACLs.
For more details, see the advisory:
https://www.mail-archive.com/haproxy@formilux.org/msg41114.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Version 1.46.3 had a regression, which meant the file that would store
the filesystem image had to pre-exist, or mkfs.ext2 would fail to
generate the filesystem:
mkfs.ext4: No such file or directory while trying to determine
filesystem size
The regression was fixed upstream, and is now part of the 1.46.4
release, so bump to that release.
Fixes: #14196
Additionally, as noticed by Romain, the defaults settings for generating
"small" filesystems have changed: the inode size has been increased fom
128 to 256 bytes in 1.46.4 [0]. This causes the number of inodes to
diverge slightly from the requested number; instead of 8 more inodes,
there are now 8 fewer than requested.
Adapt our test accordingly.
[0] https://github.com/tytso/e2fsprogs/commit/a23b50cdb55cb826b8745cbc37429c93f7b60c66
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Reported-by: Kevin Tomary <kevin.tomary@hotmail.com>
Reported-by: Leon de Rooij <leon@exquisip.nl>
Reported-by: Romain Naour <romain.naour@gmail.com>
Tested-by: Michael Walle <michael@walle.cc>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The fix for CVE-2021-33196 can be bypassed by crafted inputs. As a result, the
NewReader and OpenReader functions in archive/zip can still cause a panic or an
unrecoverable fatal error when reading an archive that claims to contain a large
number of files, regardless of its actual size.
This is CVE-2021-39293.
https://golang.org/doc/devel/release.html#go1.16.minor
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Explicitly indicate the file encoding to UTF-8 for the DEVELOPERS
document. This prevents Unicode decoding errors when printing E-Mail
entries with Unicode characters on systems using an alternative default
encoding (e.g. 'CP1252').
This corrects the following observed error:
$ ./utils/get-developers outgoing/*
Traceback (most recent call last):
File "utils\get-developers", line 105, in <module>
__main__()
File "utils\get-developers", line 47, in __main__
devs = getdeveloperlib.parse_developers()
File "...\buildroot\utils\getdeveloperlib.py", line 239, in parse_developers
for line in f:
File "...\Python<ver>\lib\encodings\cp1252.py", line 23, in decode
return codecs.charmap_decode(input,self.errors,decoding_table)[0]
UnicodeDecodeError: 'charmap' codec can't decode byte 0x81 in position 6659: character maps to <undefined>
Signed-off-by: James Knight <james.d.knight@live.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump to version 2.9.3:
This is a small bugfix release focusing on exfat and dosfstools upstream
changes, along with a couple of test fixes.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When BR2_PACKAGE_IMX_GPU_VIV_OUTPUT_FB is selected, the native windowing
will be set to vivante frame buffer.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changes since v2019.08.23:
- Some X11 improvements (fullscreen support)
- New EGL driver debug messages
- Wayland improvements (xdg_shell, fullscreen support)
- KMS/DRM/GBM improvements (use drmGetDevices2())
- Use eglGetPlatformDisplay() if available
- New "nullws" native windowing system
- License hash changed due to copyright date update
Fixes:
http://autobuild.buildroot.net/results/a950e90d5f8405534566df5c7a8875c293cf8845
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failures with gcc 11:
/home/buildroot/autobuild/instance-3/output-1/host/lib/gcc/arm-buildroot-linux-gnueabihf/11.1.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/buildroot/autobuild/instance-3/output-1/build/xvisor-0.3.0/build/drivers/drivers.o: in function `psmouse_extensions':
/home/buildroot/autobuild/instance-3/output-1/build/xvisor-0.3.0/drivers/input/mouse/psmouse-base.c:783: undefined reference to `lifebook_detect'
/home/buildroot/autobuild/instance-3/output-1/host/lib/gcc/arm-buildroot-linux-gnueabihf/11.1.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/buildroot/autobuild/instance-3/output-1/build/xvisor-0.3.0/drivers/input/mouse/psmouse-base.c:783: undefined reference to `alps_detect'
/home/buildroot/autobuild/instance-3/output-1/host/lib/gcc/arm-buildroot-linux-gnueabihf/11.1.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/buildroot/autobuild/instance-3/output-1/build/xvisor-0.3.0/drivers/input/mouse/psmouse-base.c:783: undefined reference to `ps2pp_init'
/home/buildroot/autobuild/instance-3/output-1/host/lib/gcc/arm-buildroot-linux-gnueabihf/11.1.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/buildroot/autobuild/instance-3/output-1/build/xvisor-0.3.0/drivers/input/mouse/psmouse-base.c:783: undefined reference to `trackpoint_detect'
/home/buildroot/autobuild/instance-3/output-1/host/lib/gcc/arm-buildroot-linux-gnueabihf/11.1.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/buildroot/autobuild/instance-3/output-1/build/xvisor-0.3.0/drivers/input/mouse/psmouse-base.c:783: undefined reference to `fsp_detect'
Fixes:
- http://autobuild.buildroot.org/results/69062b9c80567d135edd48890165e69881cf7295
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following uclibc build failure raised since at least bump to
version 0.11.0 in commit 0bc9c89612:
In file included from ../include/wlr/types/wlr_data_device.h:13,
from ../types/data_device/wlr_drag.c:7:
../include/wlr/types/wlr_seat.h:221:18: error: field 'last_event' has incomplete type
221 | struct timespec last_event;
| ^~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/3501ceb4290638b2f6d70aaa4d8ce74feec3a525
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fix the following build failure on riscv32:
In file included from thread/qmutex_linux.cpp:45,
from thread/qmutex.cpp:804:
thread/qfutex_p.h: In function 'int QtLinuxFutex::_q_futex(int*, int, int, quintptr, int*, int)':
thread/qfutex_p.h:116:30: error: '__NR_futex' was not declared in this scope; did you mean '_q_futex'?
116 | int result = syscall(__NR_futex, addr, op | FUTEX_PRIVATE_FLAG, val, val2, addr2, val3);
| ^~~~~~~~~~
| _q_futex
Fixes:
- http://autobuild.buildroot.org/results/ffedfc000029072d5d724e98ab4551fe973658ce
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Fix the following build failure raised since bump of libglib2 to version
2.68.1 in commit c72524fb1b:
../gstreamer/gstreamermm/register.h: In function 'GType Gst::register_mm_type(const gchar*)':
/home/buildroot/autobuild/run/instance-2/output-1/host/bin/../arm-buildroot-linux-gnueabihf/sysroot/usr/include/glib-2.0/glib/gatomic.h:117:19: error: argument 2 of '__atomic_load' must not be a pointer to a 'volatile' type
117 | __atomic_load (gapg_temp_atomic, &gapg_temp_newval, __ATOMIC_SEQ_CST); \
| ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/1c75cdcc183642fd4c15d56825848b83f2ad11a5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
The configure script fails to detect libpcap in static build because it
does not take into account the libnl dependency on link. As a result the
configure script silently disables mausezahn build even when
BR2_PACKAGE_NETSNIFF_NG_MAUSEZAHN is enabled. Add upstream patch to use
pkg-config for libpcap link flags.
Cc: Joris Lijssens <joris.lijssens@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to
avoid a potential race condition.
- bpo-41180: Add auditing events to the marshal module, and stop raising
code.__init__ events for every unmarshalled code object. Directly
instantiated code objects will continue to raise an event, and audit event
handlers should inspect or collect the raw marshal data. This reduces a
significant performance overhead when loading from .pyc files.
- bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to
get the fix for the CVE-2013-0340 “Billion Laughs” vulnerability. This
copy is most used on Windows and macOS.
- bpo-43124: Made the internal putcmd function in smtplib sanitize input for
presence of \r and \n characters to avoid (unlikely) command injection.
https://www.python.org/downloads/release/python-397/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Though several cross-compilation patches exist in buildroot's nginx
package dir they do not seem to address endianness.
The test program generated by the configure script compiles but fails
to run (as it is built for another architecture) but the script does
not distinguish between the failure to run the program and an
indication of certain endianness. As such the fallback of big-endian
is used. This setting then causes http2 headers (anything not in the
static dictionary) to come out as undecipherable trash on 64bit
targets (see ngx_http_v2_huff_encode_buf()).
This commit includes a patch to the configure script to allow a
`--force-endianness=big|little` flag as well as setting that flag in
buildroot's package makefile.
Signed-off-by: Nevo Hed <nhed+buildroot@starry.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Find libxcryt through pkg-config to avoid the following build failure:
/home/buildroot/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/riscv64-buildroot-linux-musl/10.2.0/../../../../riscv64-buildroot-linux-musl/bin/ld: .libs/passverify.o: in function `.L30':
passverify.c:(.text+0x368): undefined reference to `crypt_checksalt'
Fixes:
- http://autobuild.buildroot.org/results/20b14e222b35c2d1269960075832b784ba81aa1a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- NodeJS passes NULL for addr and 0 for addrlen to
ares_parse_ptr_reply() on systems where malloc(0) returns NULL. This
would cause a crash.
- If ares_getaddrinfo() was terminated by an ares_destroy(), it would
cause a crash
- Crash in sortaddrinfo() if the list size equals 0 due to an unexpected
DNS response
- Expand number of escaped characters in DNS replies as per RFC1035 5.1
to prevent spoofing follow-up
- Perform validation on hostnames to prevent possible XSS due to
applications not performing valiation themselves
https://c-ares.haxx.se/changelog.html#1_17_2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Some 3rd party vendor toolchains have multiple files which match
these glob patterns. In this case, the shell script failed.
Switching to use find and xargs solves the issue.
Signed-off-by: Jonah Petri <jonah@petri.us>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
rwmem is small tool to read & write device registers. Some of the
features include:
- support mmaped and i2c devices
- addressing with 8/16/32/64 bit addresses
- accessing 8/16/32/64 bit memory locations
- little and big endian addressess and accesses
- bitfields
- address ranges
- register description database
Python bindings are disabled for now.
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The Qt OPC UA module implements a Qt API to interact with OPC UA on
top of a 3rd party OPC UA stack.
The default is open62541, which is bundled by qt5opcua in version 1.0,
so we dont need to provide/depend on br's own open62541 package.
Another dependency is mbedtls, but it's optional.
Signed-off-by: Andreas Naumann <anaumann@ultratronik.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Vue Router is the official router for Vue.js.
Signed-off-by: Thomas Claveirole <thomas.claveirole@green-communications.fr>
[Arnout: use comment instead of submenu]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This tests build a bogus package that installs a binary built for the
host architecture into $(TARGET_DIR), which should cause a build
failure, at least as long as the host architecture isn't ARM.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
[yann.morin.1998@free.fr: drop uneeded subprocess import to fix flake8]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Some tests will need to grep through the build log to verify that some
features are working are expected. In order to allow them to open the
build log, we provide a new function called log_file_path(), which
returns the path to the log file if available.
We also use this function in open_log_file().
Note that open_log_file() cannot be used directly to grep through the
log file at the end of a build: because it opens in "a+" mode, it
greps starting from the end of the file.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since commit 39d334faa5 (package/pkg-qmake: add <pkg>_SYNC_QT_HEADERS
support), the qmake-package infra recognises said variable but the
manual has the wrong variable name, which is missing the "_QT" part.
We fix that by amending the manual to document the proper variable name.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
QT5_QT_CONF_FIXUP tweaks files for per-package directory build.
This is typically the kind of operation expected to be in
post-prepare hook.
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When using top level parallel build, independent qt5 packages may be
built in parallel. Because of their staging dirs being hardlinked, they
all use the same qt.conf file to manipulate during configure, while
another qt5 package might already use it. This leads to weird build failures
because the folders qmake is using are diverted in erratic ways.
Fix this by actually recreating a non-shared qt.conf file for every package.
Signed-off-by: Andreas Naumann <anaumann@ultratronik.de>
Reviewed-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This release includes the following changes:
- New features
- New 'sessionResume' service-level option to allow or disallow session resumption
- Added support for the new SSL_set_options() values.
- Download fresh ca-certs.pem for each new release.
- Bugfixes
- Fixed 'redirect' with 'protocol'. This combination is not supported by 'smtp', 'pop3' and 'imap' protocols.
- Enforced minimum WIN32 log window size.
- Fixed support for password-protected private keys with OpenSSL 3.0 (thx to Dmitry Belyavskiy).
- Added missing TLS options supported in OpenSSL 1.1.1k.
Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This release introduces meson build system support.
As meson files are only available in git, switch the location to
https://gitlab.freedesktop.org.
Add support for bash-completion.
Add an upstream patch fixing the compilation without gobject-intorspection.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Use BR2_PACKAGE_MESA3D_GBM instead of BR2_PACKAGE_MESA3D_OPENGL_EGL as
GBM can also be provided by a DRI driver
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The gitlab-ci support in test-pkg allows to parallelize the test-pkg
work into several gitlab jobs. It's much faster than local serialized
testing.
To trigger this, a developer will have to add, in the latest commit of
their branch, a token on its own line, followed by a configuration
fragment, e.g.:
test-pkg config:
SOME_OPTION=y
# OTHER_OPTION is not set
SOME_VARIABLE="some value"
This configuration fragment is used as input to test-pkg.
To be able to generate one job per test to run, we need the list of
tests in the parent pipeline, and the individual .config files (one per
test) in the child pipeline. We use the newly-introduced --prepare-only
mode to test-pkg, and collect all the generated .config files as
artefacts; those are inherited in the child pipeline via the
"needs::pipeline" and "needs::job" directives. This is a bit tricky,
and is best described by the Gitlab-CI documentation [0].
We also list those .config files to generate the actual list of jobs to
run in the child pipeline.
Notes:
- if the user provides an empty fragment, this is considered an error:
indeed, without a fragment (and the package name), there is no way
to know what to test;
- if that fragment yields an empty list of tests, then there is
nothing to test either, so that is also considered an error.
[0] https://docs.gitlab.com/ee/ci/yaml/README.html#artifact-downloads-to-child-pipelines
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[yann.morin.1998@free.fr:
- split the change to test-pkg to its own patch
- generate the actual yml snippet in support/scripts/generate-gitlab-ci-yml,
listing the .config files created by test-pkg
- some code-style-candies...
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Currently, running test-pkg is only done locally on the developers
machine.
In a follow up commit, we'll add the possibility to run test-pkg in a
gitlab-ci pipeline and, to speed things up, with one job per buildable
configuration.
As such, we will need to make sure that test-pkg only prepares the
configurations, and that it does not build them.
Add such a mode, with a new option, --prepare-only
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Update STM32F469-disco configuration files to operate with new kernel.
Result of make tinyconfig was taken as a starting point to fit kernel
into flash memory.
Current setup kernel + rootfs fits in 1.6MB on-chip flash memory
Fixes:
- Move kernel to new flash bank due to growth of dtb size
- Fix kernel start address in bootloader
- Remove outdated path which doesn't affect normal operation mode
For better binary size optimization gcc LTO is turned on.
Signed-off-by: Yauheni Saldatsenka <eugentoo@gmail.com>
[Arnout:
- squash 3 patches into 1;
- remove unused dts file;
- move linux/linux.config to linux-xip.config;
- add a sentence to readme to say SD card is not needed.
]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixing _sysconfigdata*.{py,pyc} was previously done by python package
infrastructure. Some packages use python stuff without using python
package infrastructure.
These packages perform overwrites and need the specific python fixup
to fix them.
In order to be sure to fix all of these packages, the python fixup
is moved to the generic package infrastructure and applied to all
packages.
This follows the same principle as for the .la libtool files fixup.
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
For per-package directories, we fixup the _sysconfigdata*.py files, so
that they get proper path pointing to the current package's direcotry
structure.
However, the corresponding, pre-compiled blobs _sysconfigdata*.pyc were
left around, and thus are inconsistent with their source. They might
also be regenerated when a package would install a python module; this
regeneration would trigger the soon-to-be-introduced overwrite
detection.
This commit simply removes _sysconfigdata*.pyc files; they will anyway
be regenerated by the PYTHON{,3}_CREATE_PYC_FILES target finalize hooks.
This is an efficient way to guarantee the consistency between the source
and precompiled versions, and to not trigger the overwrite detection.
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
[yann.morin.1998@free.frs: reword the commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Find used by PKG_PYTHON_FIXUP_SYSCONFIGDATA can fail if directories
are not present. This failure is silently ignored because find is
on the LHS of a pipe.
This commit fixes the find failure. HOST_DIR is used as the starting
point and the search is filtered on the expected directories.
This commit also adds -print0 and the $(Q) verbosity flag as minor
changes.
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
[yann.morin.1998@free.fr:
- split long line with the two -path options
- move "| xargs ..." onto its own line
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
With BR2_REPRODUCIBLE, our 'fakedate' wrapper script will end up in
host/bin/date. Currently, it iterates over all the 'date' found in PATH,
until it finds one that is not the script itself, in an attempt to avoid
infinite recursion by calling itself again and again.
This heuristic works OK in Buildroot, because host/bin/ is first in the
PATH, and so that means the first entry in the PATH is skipped.
However, this is going to fail as soon as our wrapper is not the first
in the PATH. Indeed, in that situation, the current heuristic will stop
on the first 'date' in the PATH, as it is not the script itself, and
since our script was executed, that probably means the first 'date' was
itself a wrapper that ended up calling us. So, calling it again will
eventually trickle to calling us again, and thus creating the loop our
heuristic was made to avoid.
This situation currently does not occur in Buildroot, because host/bin/
is first, *and* we have no package that provide their own 'date' wrapper
during their build steps.
But when we generate an SDK with BR2_REPRODUCIBLE, then our wrapper
script will be in sdk/bin/, and there is no longer any guarantee this
comes first in the PATH, thus opening the possibility that another
buildsystem based on our SDK, but which has its own 'date' wrapper, will
trigger this infinite recursion.
We fix that by iterating, in reverse order, over all the 'date' we can
find in PATH, and when we find ourselves, then we know the one we found
in the iteration just before is the one that we should call.
'which -a' is old enough that we can expect it to be always available;
it has been present at least since Debian Squeeze, released 2011.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix build of xen with 64 bites time_t:
/tmp/instance-0/output-1/build/xen-4.14.2/tools/qemu-xen/hw/input/virtio-input-host.c: In function 'virtio_input_host_handle_status':
/tmp/instance-0/output-1/build/xen-4.14.2/tools/qemu-xen/hw/input/virtio-input-host.c:198:28: error: 'struct input_event' has no member named 'time'
198 | if (gettimeofday(&evdev.time, NULL)) {
| ^
Fixes:
- http://autobuild.buildroot.org/results/136ce42f44bf48d3db4eda7b1548bf7ac1b97d51
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This version bump is needed to pass the ATF test with
hardening option enabled (-fstack-protector-strong)
With the version v2.2, ATF fail due to undefined references:
./build/juno/release/bl2u/arm_tzc400.o: In function `arm_tzc400_setup':
arm_tzc400.c:(.text.arm_tzc400_setup+0x10): undefined reference to `__stack_chk_guard'
arm_tzc400.c:(.text.arm_tzc400_setup+0x18): undefined reference to `__stack_chk_guard'
arm_tzc400.c:(.text.arm_tzc400_setup+0xb8): undefined reference to `__stack_chk_guard'
arm_tzc400.c:(.text.arm_tzc400_setup+0xcc): undefined reference to `__stack_chk_fail'
Since commit ccac9a5bbb, Buildroot no
longer forces ENABLE_STACK_PROTECTOR. However, we rely on the ATF build
system to handle it correctly, and this wasn't the case in v2.2.
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/1524842591
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When BR2_REPRODUCIBLE is set and host-coreutils needs to be built, the
fakedate script installed to 'host/bin/date' will be overwritten by
host-coreutils.
Besides, we do not need our host-coreutils for 'date' at all; we really
rely on the host system to provide it.
Unconditionally disable installing the 'date' binary in host-coreutils.
Note that we explicitly request only ln and realpath to be installed,
but the coreutils buildsystem does not strictly obey to that, as was
already noticed in 885e6fdb8a (package/coreutils: introduce a host
variant), which added that comment above HOST_COREUTILS_CONF_OPTS:
# Explicitly install ln and realpath, which we *are* insterested in.
# A lot of other programs still get installed, however, but disabling
# them does not gain much at build time, and is a loooong list that is
# difficult to maintain...
So, we also update that comment to explain why we still anyway disable
installation of 'date'.
Signed-off-by: Conrad Ratschan <conrad.ratschan@collins.com>
[yann.morin.1998@free.fr:
- unconditionally disable installing date
- extend comment and commit log to explain why we need
--enable-no-install-program=date despite the existing
--enable-install-program=ln,realpath
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Sam Voss <sam.voss@collins.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[yann.morin.1998@free.fr:
- introduce BUSYBOX_INSTALL_TELNET_SERVICE
- move _INSTALL_INIT_SYSTEMD alphabetically between openrc and sysv
- drop the comment about Type=simple (Arnout)
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since version 2.1.3 ubihealthd can be enabled without of ubifs-utils.
This also fixes usability of enabling BR2_PACKAGE_MTD_UBIHEALTHD.
BR2_PACKAGE_MTD_UBIFS_UTILS is a blind option. The only way to enable it
is to enable BR2_PACKAGE_MTD_MKFSUBIFS that selects it. ubihealthd
dependency on BR2_PACKAGE_MTD_UBIFS_UTILS makes enabling it unintuitive.
Cc: Markus Mayer <mmayer@broadcom.com>
Cc: Matt Weber <matthew.weber@collins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
resync the version with glibc package.
Dropped 2 patches (fixes backported from previous releases),
rebased 2 which are kept (only line numbers changed).
Suggested-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
[Arnout: resolve conflicts]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
the nabble.com link is dead and lore has a good search.
So use lore for the search form.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure without /usr/bin/msgfmt raised since the
addition of ushare in commit 74097fd659:
make[3]: Entering directory `/home/buildroot/autobuild/run/instance-3/output-1/build/ushare-2.1/po'
/usr/bin/msgfmt -c --statistics -o fr.gmo fr.po
make[3]: /usr/bin/msgfmt: Command not found
To fix this build failure, set GMSGFMT to $(HOST_DIR)/bin/msgfmt and
don't build po files if NLS is disabled
Fixes:
- http://autobuild.buildroot.org/results/9f6b5b8f38386135bacd2d8f6e97c1fea77bbe69
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The beaglev kernel is based on the 5.13 branch, update
the expected linux-headers version to 5.13.
This has been wrong ever since the bump of the kernel version in commit
9a1bd7cc1c: the headers were bumped to
5.12 instead of 5.13.
Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/1525740895
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Previously, alsa-plugins would not work if alsa-utils was installed
after it. This happened because:
1. alsa-plugins copies some files $(TARGET_DIR)/usr/share/alsa/alsa.conf.d
2. alsa-utils removes these files during installation ( rm -rf $(TARGET_DIR)/usr/share/alsa/;)
The `rm -rf` command was originally added as part of the fix for
https://bugs.buildroot.org/show_bug.cgi?id=1573 11 years ago.
The intention might have been to allow for unconfiguring some options
and then rebuilding alsa-utils. However, this is a scenario that does
not work anyway.
The simplest fix for the `alsa-plugins` compatibility issue appears to
be to remove the `rm -rf` command.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Maxime has not been contributing to Buildroot for several years, so it
doesn't make sense to keep him in the DEVELOPERS file and make us
think that those packages are being maintained and to Cc: him on
patches affecting those packages.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Some 3rd party vendor toolchains have multiple files which match
these glob patterns. In this case, the shell script failed.
Switching to use find and xargs solves the issue.
Signed-off-by: Jonah Petri <jonah@petri.us>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add libxcrypt optional dependency and fix the following build failure
with libxcrypt and uclibc-ng raised since the addition of libxcrypt in
commit 464bbe26ff:
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabihf/9.3.0/../../../../arm-buildroot-linux-uclibcgnueabihf/bin/ld: unix_chkpwd-passverify.o: in function `verify_pwd_hash':
passverify.c:(.text+0xab4): undefined reference to `crypt_checksalt'
Fixes:
- http://autobuild.buildroot.org/results/65d68b7c9c7de1c7cb0f941ff9982f93a49a56f8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
resync the version with glibc package.
Remove upstream patches.
Rebase remaining patches for glibc 2.33.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The tests.package.test_docker_compose.TestDockerCompose is broken
since the python-idna version bump to 3.0 because python-requests needs
python-idna < 3.0.
# docker-compose up -d
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/pkg_resources/__init__.py", line 583, in _build_master
File "/usr/lib/python3.9/site-packages/pkg_resources/__init__.py", line 900, in require
File "/usr/lib/python3.9/site-packages/pkg_resources/__init__.py", line 791, in resolve
pkg_resources.ContextualVersionConflict: (idna 3.2 (/usr/lib/python3.9/site-packages), Requirement.parse('idna<3,>=2.5'), {'requests'})
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/bin/docker-compose", line 6, in <module>
from pkg_resources import load_entry_point
File "/usr/lib/python3.9/site-packages/pkg_resources/__init__.py", line 3252, in <module>
File "/usr/lib/python3.9/site-packages/pkg_resources/__init__.py", line 3235, in _call_aside
File "/usr/lib/python3.9/site-packages/pkg_resources/__init__.py", line 3264, in _initialize_master_working_set
File "/usr/lib/python3.9/site-packages/pkg_resources/__init__.py", line 585, in _build_master
File "/usr/lib/python3.9/site-packages/pkg_resources/__init__.py", line 598, in _build_from_requirements
File "/usr/lib/python3.9/site-packages/pkg_resources/__init__.py", line 786, in resolve
pkg_resources.DistributionNotFound: The 'idna<3,>=2.5' distribution was not found and is required by requests
Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/1522848327
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
gcc 10.x is now used by default but the kernel 4.19 used by
test_docker_compose doesn't build with it.
Bump the kernel to 4.19.204 release that contains a lot of
fixes for newer gcc.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In versions > 0.21, the CMake script doesn't auto-enable features
according to what it detects in the environment; options have to be
explicitely enabled. Update the libiio.mk script accordingly.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Upstream commit [1] introduced an invocation of objcopy to generat
loader.txt. However, objcopy, if not provided with an output file, will
overwrite the input file. This is usually harmless because it will be
identical, but the timestamp is updated. This may cause 'empty' to be
newer than 'loader.txt', which causes 'loader.txt' and its dependencies
to be rebuilt during 'make install'
We provide a different set of parameters during 'make install'. In
particular, we no longer pass in HOST_CONFIGURE_OPTS, so we no longer
set LDFLAGS. Thus, there is no -Wl,rpath option that is passed in, which
causes the resulting binaries to have an incorrect RPATH.
Fix this by adding /dev/null as the output file in the objcopy
invocation.
Patch was sent upstream, but there's no mailing list, just a single
person.
Fixes: http://autobuild.buildroot.net/results/600/600aff5b839b48db80751cace5fa9670b7a3d698
(hopefully)
[1] https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=efd293947f940180eedd8d0915b124f4aedccc08
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Upstream commit [1] introduced an invocation of objcopy to generat
loader.txt. However, objcopy, if not provided with an output file, will
overwrite the input file. This is usually harmless because it will be
identical, but the timestamp is updated. This may cause 'empty' to be
newer than 'loader.txt', which causes 'loader.txt' and its dependencies
to be rebuilt during 'make install'
We provide a different set of parameters during 'make install'. In
particular, we no longer pass in HOST_CONFIGURE_OPTS, so we no longer
set LDFLAGS. Thus, there is no -Wl,rpath option that is passed in, which
causes the resulting binaries to have an incorrect RPATH.
Fix this by adding /dev/null as the output file in the objcopy
invocation.
Patch was sent upstream, but there's no mailing list, just a single
person.
Fixes: http://autobuild.buildroot.net/results/600/600aff5b839b48db80751cace5fa9670b7a3d698
(hopefully)
[1] https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=efd293947f940180eedd8d0915b124f4aedccc08
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The python2 support has been removed since the python-idna bump to version 3.2 [1]
[1] 0c7e30b43a
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure on riscv32:
../src/util/futex.h: In function 'sys_futex':
../src/util/futex.h:39:19: error: 'SYS_futex' undeclared (first use in this function); did you mean 'sys_futex'?
39 | return syscall(SYS_futex, addr1, op, val1, timeout, addr2, val3);
| ^~~~~~~~~
| sys_futex
Fixes:
- http://autobuild.buildroot.org/results/692700a5f967760a0b8cd358b1712f1d5a7b681e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
We generally prefer using make loops instead of shell loops. They
bring automatic error handling, as they abort the loop when there is
an error, without the need for "|| exit 1".
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The IMX_GPU_VIV_FIXUP_PKGCONFIG fixup is defined conditionally
depending on the value of IMX_GPU_VIV_LIB_TARGET, which means that
obviously only one of the definitions is possible. Make this clear by
using a ifeq ... else ifeq ... else ifeq ... endif logic.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We manually install pkg-config files from
$(@D)/gpu-core/usr/lib/pkgconfig to the STAGING_DIR right after
copying the entire $(@D)/gpu-core/usr/* files to STAGING_DIR. This
makes the manual copying of pkg-config files pretty useless.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The fixup of the pkg-config files modifies files in the build
directory (@D) but is done in the staging installation step, which
doesn't make much sense, especially since the build step already has
some fixup logic. So we move the fixup logic of the pkg-config files
into the build step.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The current restorecond upstream init script is no good fit for the
user space generated by buildroot, so we provide our own one.
Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix added by commit c20d31baf4 is
incomplete as polkit.loc must also be added to
$(HOST_DIR)/share/gettext/its
Additionally, the destination path for "$(INSTALL) -D" must be a
fully-qualified filename, not just the destination directory.
Fixes:
- http://autobuild.buildroot.org/results/170e4802b7b4e8e7dafa95ade549e8fd05e43bfd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: dest must be a filename, not a directory]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
GNU cpio through 2.13 allows attackers to execute arbitrary code via a
crafted pattern file, because of a dstring.c ds_fgetstr integer overflow
that triggers an out-of-bounds heap write. NOTE: it is unclear whether
there are common cases where the pattern file, associated with the -E
option, is untrusted data.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop libmcrypt which is a cryptographic package that is not maintained
anymore. Here is an extract of https://en.wikipedia.org/wiki/Mcrypt:
"The last update to libmcrypt was in 2007, despite years of unmerged
patches. These facts have led security experts to declare mcrypt
abandonware and discourage its use in new development.".
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop mcrypt which is a cryptographic package that is not maintained
anymore. Here is an extract of https://en.wikipedia.org/wiki/Mcrypt:
"The last update to libmcrypt was in 2007, despite years of unmerged
patches. These facts have led security experts to declare mcrypt
abandonware and discourage its use in new development."
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
d1fc0690ad (package/libvirt: fix dependencies on kernel headers)
forgot to update the conditions for the comment after the last-minute
changes by Yann.
Fix that.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In ccfc90e101 (package/libvirt: new package), last-minute changes
missed the depenecny on kernel headers; headers >= 3.12 are required for
all architectures, but AArch64, which requires 4.11 for HWCAP_CPUID:
../src/cpu/cpu_arm.c: In function 'virCPUarmCpuDataFromRegs':
../src/cpu/cpu_arm.c:562:20: error: 'HWCAP_CPUID' undeclared (first use in this function); did you mean 'HWCAP_PMULL'?
if (!(hwcaps & HWCAP_CPUID)) {
^~~~~~~~~~~
HWCAP_PMULL
Fixes:
- http://autobuild.buildroot.org/results/85bf7b4dad73a748bf439e63874eb64d9a53088f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- move AArch64 4.11 req. from _ARCH_SUPPORTS to BR2_PACKAGE_LIBVIRT
- add missing dependency on headers 3.12 for the rest
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Similarly to Uboot, this patch adds the ability to copy in and build
out-of-source device tree sources during an ATF build.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Strip xbr contracts which are used only for the xbr feature which is
entirely unsupported by buildroot.
Add patch to fix some xbr assets getting accidentially included.
Enable the optimized nvx cffi extension module when available.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
MPV is not only an application, but also a library, which should be avaliable in staging.
Signed-off-by: Zeno Endemann <zeno.endemann@mailbox.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This folder includes the fixfiles script that is used
by selinux autorelabel feature. Currently it installs
it under /usr/sbin.
Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The heirloom-mailx package exhibits gcc bug 101916 when built for the
SH4 architecture with optimization enabled, which causes a build failure.
As done for other packages in Buildroot work around this gcc bug by
setting optimization to -O0 if BR2_TOOLCHAIN_HAS_GCC_BUG_101916=y.
Also introduce HEIRLOOM_MAILX_CFLAGS as done for other packages and move
the already present -fPIC CFLAG to it.
Fixes:
http://autobuild.buildroot.net/results/911/911f5c024834741754102ff1bbb05c4a64c54a0b/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Build of gdb on riscv without host-gdb is broken since commit
4ecd247ead because BR2_GDB_VERSION_10 is
never defined if BR2_PACKAGE_HOST_GDB is not selected resulting in the
following build failure:
/bin/bash: line 0: cd: /tmp/instance-0/output-1/build/gdb-10.1/gdb/gdbserver: No such file or directory
So add a BR2_PACKAGE_GDB_TOPLEVEL hidden option as suggested by Thomas
Petazzoni.
Fixes:
- http://autobuild.buildroot.org/results/ce47d616ee79d5f735779570ebc3b4a9c0f64c6a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This reverts commit 46b8fb7500 indeed if
libressl is selected as the openssl provider, the BR2_PACKAGE_OPENSSL
conditition will always be used and the BR2_PACKAGE_LIBRESSL condition
will never be triggered. Moreover, libressl provides a pkg-config file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- CVE-2021-39240: An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3
before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme
and path portions of a URI have the expected characters. For example, the
authority field (as observed on a target HTTP/2 server) might differ from
what the routing rules were intended to achieve.
- CVE-2021-39241: An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2
before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method
name may contain a space followed by the name of a protected resource. It
is possible that a server would interpret this as a request for that
protected resource, such as in the "GET /admin? HTTP/1.1 /static/images
HTTP/1.1" example.
- CVE-2021-39242: An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3
before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an
attacker-controlled HTTP Host header, because a mismatch between Host and
authority is mishandled.
For more details, see the advisory:
https://www.mail-archive.com/haproxy@formilux.org/msg41041.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package has had build failures for a very long time, and these
issues have not been fixed, and it is now the number 1 build failure
reason in our autobuilders. It is time to acknowledge that the package
needs to be removed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure raised since the addition of the package
in commit ccfc90e101:
/tmp/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i686-buildroot-linux-uclibc/9.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: src/util/libvirt_util.a(viralloc.c.o): in function `virInsertElementsN':
viralloc.c:(.text+0x167): undefined reference to `libintl_dgettext'
Fixes:
- http://autobuild.buildroot.net/results/2349c55a4a42f08ca52700c60cda3065b0c4bd88
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update to AT91Bootstrap 4.0.0 version.
This package is now released under MIT license, and a license file was
added.
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since I've dealt and deal with toolchain bugs and their work-around
very often add myself to toolchain topic(toolchain/) as well as
package/binutils and package/gcc.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The language detection is falling back to the host system
Fortran compiler. An example of this is in RHEL7.9
(gcc4.8.5 20150623 (Red Hat 4.8.5-44)).
This patch bypasses detection and points to the location
where the compiler would be installed (if present). In the
cases where it doesn't exist, the detection falls through
and leaves Fortran disabled.
Fixes:
http://autobuild.buildroot.net/results/8354da225d1e5e337aa7ea62a7e6524fb5f1135f/
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also adds patch to make the jemalloc feature optional on musl, due to
toolchains not being supported by upstream project.
Signed-off-by: Sam Voss <sam.voss@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This includes the following changes:
7.15
- Kernel part changes
- netfilter: ipset: Fix maximal range check in hash_ipportnet4_uadt() (Nathan Chancellor)
7.14
- Userspace changes
- Add missing function to libipset.map and bump library version (reported by Jan Engelhardt)
- Kernel part changes
- 64bit division isn't allowed on 32bit, replace it with shift
7.13
- Userspace changes
- When parsing protocols by number, do not check it in /etc/protocols.
- Add missing hunk to patch "Allow specifying protocols by number"
- Kernel part changes
- Limit the maximal range of consecutive elements to add/delete fix
7.12
- Userspace changes
- Allow specifying protocols by number (Haw Loeung)
- Fix example in ipset.8 manpage discovered by Pablo Neira Ayuso.
- tests: add tests ipset to nftables (Pablo Neira Ayuso)
- add ipset to nftables translation infrastructure (Pablo Neira Ayuso)
- lib: Detach restore routine from parser (Pablo Neira Ayuso)
- lib: split parser from command execution (Pablo Neira Ayuso)
- Fix patch "Parse port before trying by service name"
- Kernel part changes
- Limit the maximal range of consecutive elements to add/delete (reported by Brad Spengler)
- Backport "netfilter: use nfnetlink_unicast()"
- Backport "netfilter: nfnetlink: consolidate callback type"
- Backport "netfilter: nfnetlink: add struct nfnl_info and pass it to callbacks"
- Backport "netfilter: add helper function to set up the nfnetlink header and use it"
Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The latest Go release, version 1.17, arrives six months after Go 1.16.
Most of its changes are in the implementation of the toolchain,
runtime, and libraries.
https://golang.org/doc/go1.17
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop autoreconf; tarball now ships the configure script.
Rename license files and update hashes. Added SPDX markers. No license
change.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
For MIPS64 architecture variants supported by Rust, we need to exclude
MIPS64R6, but due to a copy/paste mistake in commit
d69d40c029 ("package/rustc: add support
for Tier 1 and Tier 2 platform"), we used BR2_MIPS_CPU_MIPS32R6 for
both MIPS 32-bit and MIPS 64-bit configurations, while
BR2_MIPS_CPU_MIPS64R6 should be used on MIPS 64-bit.
Fixes:
http://autobuild.buildroot.net/8bab232eb98b164df300581ae019254bde7c8ca3/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When building protobuf for or1k -mcmodel=large is needed to link, so let's
add that gcc option in case we're building for or1k.
Upstream gcc doesn't have the -mcmodel=large option for or1k, but all
released Buildroot gcc versions have the patch to add it, so that's
fine.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When building libgeos for or1k -mcmodel=large is needed to link, so let's
add that gcc option in case we're building for or1k.
Upstream gcc doesn't have the -mcmodel=large option for or1k, but all
released Buildroot gcc versions have the patch to add it, so that's
fine.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
At the moment of gcc 11.1.0 release the OpenRisc patches for -mcmodel=large
were still pending. They have been upstreamed yesterday as pointed in gcc
bugzilla[1]. So they will be part of gcc 11.3.0 or maybe before on 11.2.
2. Anyway at the moment if we try to build packages libgeos and protobuf
with OpenRisc gcc 11.1.0 it fails due to missing -mcmodel=large. So let's
add OpenRisc patches for it as done for all the previous versions.
Fixes:
still not appeared on autobuilers
[1]: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99783
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add TARGET_NLS_DEPENDENCIES and host-gettext dependency to avoid the
following build failure in a per-package-directorie build with
host-cairo raised because fontconfig installs its ITS files in the wrong
directory (i.e. outside of gettext-tiny symlink):
mkdir -p /tmp/instance-0/output-1/per-package/host-cairo/host
rsync -a --link-dest=/tmp/instance-0/output-1/per-package/host-fontconfig/host/ /tmp/instance-0/output-1/per-package/host-fontconfig/host/ /tmp/instance-0/output-1/per-package/host-cairo/host
rsync -a --link-dest=/tmp/instance-0/output-1/per-package/host-freetype/host/ /tmp/instance-0/output-1/per-package/host-freetype/host/ /tmp/instance-0/output-1/per-package/host-cairo/host
rsync -a --link-dest=/tmp/instance-0/output-1/per-package/host-libglib2/host/ /tmp/instance-0/output-1/per-package/host-libglib2/host/ /tmp/instance-0/output-1/per-package/host-cairo/host
cannot delete non-empty directory: share/gettext
could not make way for new symlink: share/gettext
This only happens with per-package directories because then the rsync is
done. Otherwise the fontconfig installation will simply follow the
symlink.
The error of course exists for target as well, but doesn't occur in
autobuilders since it already fails for host.
Fixes:
- http://autobuild.buildroot.org/results/00e29958cecfffa4e994ab549637117dd8f55c30
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
commit f79a420825 (package/busybox/udhcpc.script: support RFC3442
static routes) used 'set --' clobbering the positional arguments, causing
the action argument to not be correctly forwarded to hook scripts for the
renew / bound cases if static routes are provided by the server.
As a workaround, save the action argument at the beginning of the script and
use that when calling hook scripts.
Reported-by: 王琦 <wangwangqi2011@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 5f432df7e2 ("boot/arm-trusted-firmware: change
ENABLE_STACK_PROTECTOR value when disabled") set
ENABLE_STACK_PROTECTOR=0 when disabled. But since we pass this value as
MAKE_OPT, the internal ATF logic that sets ENABLE_STACK_PROTECTOR again
based on its initial value breaks. This leads to build failure:
make[1]: *** [/builds/buildroot.org/buildroot/output/build/arm-trusted-firmware-v2.4/build/a80x0_mcbin/release/libc/assert.o] Error 1
aarch64-buildroot-linux-uclibc-gcc.br_real: error: unrecognized command-line option ‘-fstack-protector-0’; did you mean ‘-fstack-protector’?
Move ENABLE_STACK_PROTECTOR to make environment instead to allow make to
change its value.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1497663294
Cc: Dick Olsson <hi@senzilla.io>
Cc: Sergey Matyukevich <geomatsi@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The release contains a bugfix to fix the make install of the python
module after build changes introduced in this release RC1.
This release contains a number of bug fixes. There is a crash fix for
broken internal structures in stream reuse, that is used when many TCP
or TLS upstream connections are made. Also a number of features are added.
https://github.com/NLnetLabs/unbound/releases/tag/release-1.13.2
Signed-off-by: Kyle Harding <kyle@balena.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.16.7 (released 2021-08-05) includes a security fix to the
net/http/httputil package, as well as bug fixes to the compiler, the
linker, the runtime, the go command, and the net/http package.
https://golang.org/doc/devel/release#go1.16
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD)
through 2.3.2 allows remote attackers to cause a denial of service
(out-of-bounds read) via a crafted TGA file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
textview_uri_security_check in textview.c in Claws Mail before 3.18.0,
and Sylpheed through 3.7.0, does not have sufficient link checks before
accepting a click.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure without x_forwarded_for raised since
bump to version 1.3 in commit 3335c8d868:
/home/buildroot/autobuild/instance-3/output-1/build/nginx-naxsi-1.3/naxsi_src/naxsi_runtime.c: In function 'ngx_http_naxsi_data_parse':
/home/buildroot/autobuild/instance-3/output-1/build/nginx-naxsi-1.3/naxsi_src/naxsi_runtime.c:2846:20: error: 'ngx_http_headers_in_t' has no member named 'x_forwarded_for'
if (r->headers_in.x_forwarded_for.nelts >= 1) {
^
Fixes:
- http://autobuild.buildroot.org/results/cdbc1536f6b5de3d4c836efa2f0dcaf0cdbb1462
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure with gcc 11:
In file included from /tmp/instance-0/output-1/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/glib-2.0/glib/gthread.h:32,
from /tmp/instance-0/output-1/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/glib-2.0/glib/gasyncqueue.h:32,
from /tmp/instance-0/output-1/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/glib-2.0/glib.h:32,
from /tmp/instance-0/output-1/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/glib-2.0/gobject/gbinding.h:28,
from /tmp/instance-0/output-1/host/arm-buildroot-linux-gnueabihf/sysroot/usr/include/glib-2.0/glib-object.h:22,
from /tmp/instance-0/output-1/build/poppler-0.84.0/glib/poppler.h:22,
from /tmp/instance-0/output-1/build/poppler-0.84.0/glib/poppler-action.cc:19:
/tmp/instance-0/output-1/build/poppler-0.84.0/glib/poppler-action.cc: In function 'GType poppler_dest_get_type()':
/tmp/instance-0/output-1/build/poppler-0.84.0/glib/poppler-private.h:155:13: error: argument 2 of '__atomic_load' must not be a pointer to a 'volatile' type
155 | if (g_once_init_enter (&g_define_type_id__volatile)) { \
| ^~~~~~~~~~~~~~~~~
/tmp/instance-0/output-1/build/poppler-0.84.0/glib/poppler-action.cc:28:1: note: in expansion of macro 'POPPLER_DEFINE_BOXED_TYPE'
28 | POPPLER_DEFINE_BOXED_TYPE (PopplerDest, poppler_dest, poppler_dest_copy, poppler_dest_free)
| ^~~~~~~~~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/dfcaac6487aaeb10412c3fe72a23135f8a70fefe
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update Cage to version 0.1.4, which is a bug fix release that
supports using wlroots 0.14.x.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update to version 0.14.1, and adapt to upstream changes:
- seatd/libseat is now used unconditionally, the logind/elogind build
options have been removed (which can be used through seatd, no
functionality is lost).
- Now wlroots includes a software-based renderer (which uses pixman),
and the OpenGL ES one is optional. For now it is left always enabled
(as it was before) but this could be changed in the future.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update to version 1.21, which is required by newer wlroots releases.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This affects the package jszip before 3.7.0. Crafting a new zip file
with filenames set to Object prototype values (e.g __proto__, toString,
etc) results in a returned object with a modified prototype instance.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libfuse3 is an optional dependency which is enabled by default since
version 6.0.0 and
https://gitlab.com/qemu-project/qemu/-/commit/0c9b70d5900a5108e899edfdd6f3790f8cb6bdc2
So add this dependency and fix the following build failures on musl
raised since bump to version 6.0.0 in commit
6b86c9335f:
../block/export/fuse.c: In function 'fuse_fallocate':
../block/export/fuse.c:563:23: error: 'FALLOC_FL_ZERO_RANGE' undeclared (first use in this function)
563 | } else if (mode & FALLOC_FL_ZERO_RANGE) {
| ^~~~~~~~~~~~~~~~~~~~
../block/export/fuse.c:563:23: note: each undeclared identifier is reported only once for each function it appears in
../block/export/fuse.c: In function 'fuse_lseek':
../block/export/fuse.c:639:19: error: 'SEEK_HOLE' undeclared (first use in this function)
639 | if (whence != SEEK_HOLE && whence != SEEK_DATA) {
| ^~~~~~~~~
../block/export/fuse.c:639:42: error: 'SEEK_DATA' undeclared (first use in this function); did you mean 'SEEK_SET'?
639 | if (whence != SEEK_HOLE && whence != SEEK_DATA) {
| ^~~~~~~~~
| SEEK_SET
Fixes:
- http://autobuild.buildroot.org/results/0196609043bd37543e6a0d17ffc2254302ea7ba3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure with gcc 4.8 raised since bump to
version 4.3.2 in commit 91aa6efa85:
lib/tpm2_eventlog_yaml.c: In function 'yaml_uefi_var_unicodename':
lib/tpm2_eventlog_yaml.c:130:5: error: 'for' loop initial declarations are only allowed in C99 mode
for(size_t i = 0; i < data->UnicodeNameLength; ++i, tmp += ret) {
^
lib/tpm2_eventlog_yaml.c:130:5: note: use option -std=c99 or -std=gnu99 to compile your code
lib/tpm2_eventlog_yaml.c: In function 'yaml_specid_algs':
lib/tpm2_eventlog_yaml.c:335:5: error: 'for' loop initial declarations are only allowed in C99 mode
for (size_t i = 0; i < count; ++i, ++alg) {
^
Fixes:
- http://autobuild.buildroot.org/results/018c75cfbb34006c0bca52dcc255ad6f9cc43b77
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure with gcc 11:
In file included from src/mongo/db/query/plan_cache.h:36,
from src/mongo/db/catalog/collection_info_cache.h:33,
from src/mongo/db/catalog/collection.h:42,
from src/mongo/db/exec/requires_collection_stage.h:32,
from src/mongo/db/exec/delete.h:32,
from src/mongo/db/query/internal_plans.h:33,
from src/mongo/db/query/internal_plans.cpp:32:
src/mongo/db/exec/plan_stats.h:214:10: error: 'optional' in namespace 'std' does not name a template type
214 | std::optional<std::string> replanReason;
| ^~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/8c0875fa413923504515a83d8b679366418c2444
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
exec_prefix has been removed since version 1.66 and
https://gitlab.gnome.org/GNOME/gobject-introspection/-/commit/a88b1ac548516ab25140a2e9dea8cac894bbac93
resulting in the following build failure with rygel because libgee
installs Gee-0.8.gir in
output/host/aarch64-buildroot-linux-gnu/sysroot/share/gir-1.0/Gee-0.8.gir
instead of
output/host/aarch64-buildroot-linux-gnu/sysroot/usr/share/gir-1.0/Gee-0.8.gir:
Could not find GIR file 'Gee-0.8.gir'; check XDG_DATA_DIRS or use --includedir
error parsing file RygelCore-2.6.gir: Failed to parse included gir Gee-0.8
If the above error message is about missing .so libraries, then setting up GIR_EXTRA_LIBS_PATH in the .mk file should help.
Typically like this: PKG_MAKE_ENV += GIR_EXTRA_LIBS_PATH="$(@D)/.libs"
So replace exec_prefix by prefix
Fixes:
- http://autobuild.buildroot.org/results/b04b27bbb84fa6ab9a8441e7bd94aad45226dce9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure with gcc 11:
In file included from ../sconex/sconex.h:229,
from ../sconex/Descriptor.h:63,
from Descriptor.cpp:22:
Descriptor.cpp: In member function 'void scx::Descriptor::add_stream(scx::Stream*)':
Descriptor.cpp:150:22: error: ordered comparison of pointer with integer zero ('scx::Stream*' and 'int')
150 | DEBUG_ASSERT(stream>=0,"add_stream() Invalid stream");
| ~~~~~~^~~
Descriptor.cpp: In member function 'bool scx::Descriptor::remove_stream(scx::Stream*)':
Descriptor.cpp:204:22: error: ordered comparison of pointer with integer zero ('scx::Stream*' and 'int')
204 | DEBUG_ASSERT(stream>=0,"remove_stream() Invalid stream");
| ~~~~~~^~~
Fixes:
- http://autobuild.buildroot.org/results/ccc9562e83fd2bd312d21b3124be42dfe4b7e850
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
usbguard needs std::future to avoid the following build failure raised
since the addition of the package in commit
fbff7d7289:
In file included from src/Library/IPCClientPrivate.hpp:37:0,
from src/Library/IPCClientPrivate.cpp:24:
/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/arm-none-linux-gnueabi/include/c++/4.8.3/future:122:11: error: declaration of 'class std::promise<std::unique_ptr<google::protobuf::Message> >'
class promise;
^
src/Library/IPCClientPrivate.cpp: In member function 'usbguard::IPC::MessagePointer usbguard::IPCClientPrivate::qbIPCSendRecvMessage(usbguard::IPC::MessageType&)':
src/Library/IPCClientPrivate.cpp:244:26: error: invalid use of incomplete type 'class std::promise<std::unique_ptr<google::protobuf::Message> >'
auto future = promise.get_future();
^
Fixes:
- http://autobuild.buildroot.org/results/1c4e0dab5917e5559a97f7cf7a99e30a2b561fc9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix locale indepdendent which is enabled on musl since version 1.11.0
and
https://github.com/google/flatbuffers/commit/5f32f948102e65eaeea461b44f3b43f96c7a7a5a
resulting in the following build failure on snort3 since bump to version
3.1.6 in commit e66f2fd310:
In file included from /tmp/instance-0/output-1/host/x86_64-buildroot-linux-musl/sysroot/usr/include/flatbuffers/flexbuffers.h:24,
from /tmp/instance-0/output-1/host/x86_64-buildroot-linux-musl/sysroot/usr/include/flatbuffers/idl.h:26,
from /tmp/instance-0/output-1/build/snort3-3.1.6.0/src/network_inspectors/perf_monitor/fbs_formatter.cc:29:
/tmp/instance-0/output-1/host/x86_64-buildroot-linux-musl/sysroot/usr/include/flatbuffers/util.h: In function 'void flatbuffers::strtoval_impl(int64_t*, const char*, char**, int)':
/tmp/instance-0/output-1/host/x86_64-buildroot-linux-musl/sysroot/usr/include/flatbuffers/util.h:258:12: error: 'strtoll_l' was not declared in this scope; did you mean 'strcoll_l'?
258 | *val = __strtoll_impl(str, endptr, base);
| ^~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/68045b83e94f8caa337b1af7ed5f493ac1a55c47
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
osm2pgsql needs std::future since its addition in commit
46c4204286 to avoid the following build
failure:
In file included from /home/buildroot/autobuild/run/instance-3/output-1/build/osm2pgsql-1.4.2/src/db-copy.cpp:12:0:
/home/buildroot/autobuild/run/instance-3/output-1/build/osm2pgsql-1.4.2/src/db-copy.hpp:218:24: error: field 'barrier' has incomplete type
std::promise<void> barrier;
^
/home/buildroot/autobuild/run/instance-3/output-1/build/osm2pgsql-1.4.2/src/db-copy.hpp: In constructor 'db_cmd_sync_t::db_cmd_sync_t(std::promise<void>&&)':
/home/buildroot/autobuild/run/instance-3/output-1/build/osm2pgsql-1.4.2/src/db-copy.hpp:221:37: error: class 'db_cmd_sync_t' does not have any field named 'barrier'
: db_cmd_t(db_cmd_t::Cmd_sync), barrier(std::move(b))
^
In file included from /home/buildroot/autobuild/run/instance-3/output-1/build/osm2pgsql-1.4.2/src/middle.hpp:18:0,
from /home/buildroot/autobuild/run/instance-3/output-1/build/osm2pgsql-1.4.2/src/dependency-manager.cpp:11:
/home/buildroot/autobuild/run/instance-3/output-1/build/osm2pgsql-1.4.2/src/thread-pool.hpp: In member function 'void thread_pool_t::check_for_exceptions()':
/home/buildroot/autobuild/run/instance-3/output-1/build/osm2pgsql-1.4.2/src/thread-pool.hpp:49:19: error: invalid use of incomplete type 'class std::future<void>'
result.get();
^
Fixes:
- http://autobuild.buildroot.org/results/69528232ceba128a2e60aa778bb0943fdefc2ed1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Install polkit.its in $(HOST_DIR)/share/gettext/its as suggested by
https://gitlab.gnome.org/GNOME/gvfs/-/issues/508 to avoid the following
build failure with gvfs because polkit installs polkit.its in
$(STAGING_DIR)/usr/share/gettext:
FAILED: daemon/org.gtk.vfs.file-operations.policy
/tmp/instance-3/output-1/host/bin/meson --internal msgfmthelper daemon/org.gtk.vfs.file-operations.policy.in daemon/org.gtk.vfs.file-operations.policy xml /tmp/instance-3/output-1/build/gvfs-1.44.1/po
msgfmt: cannot locate ITS rules for daemon/org.gtk.vfs.file-operations.policy.in
Fixes:
- http://autobuild.buildroot.org/results/ba9a8b31e6e275d4db1905241a9153a0513eb335
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failures on arc and riscv32:
latency.c: In function 'display':
latency.c:326:21: error: format '%ld' expects argument of type 'long int', but argument 2 has type 'time_t' {aka 'long long int'} [-Werror=format=]
326 | ("RTT| %.2ld:%.2ld:%.2ld (%s, %Ld us period, "
| ~~~~^
| |
| long int
| %.2lld
327 | "priority %d)\n", dt / 3600,
| ~~~~~~~~~
| |
| time_t {aka long long int}
altency.c: In function ‘display’:
altency.c:262:21: error: format ‘%ld’ expects argument of type ‘long int’, but argument 2 has type ‘time_t’ {aka ‘long long int’} [-Werror=format=]
262 | ("RTT| %.2ld:%.2ld:%.2ld (%s, %Ld us period, "
| ~~~~^
| |
| long int
| %.2lld
263 | "priority %d)\n", dt / 3600,
| ~~~~~~~~~
| |
| time_t {aka long long int}
Fixes:
- http://autobuild.buildroot.org/results/448efe22e8fe058a1b354a3c124874e30b9ce138
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Correct RUBY_VERSION_EXT after commit be9783951d (package/ruby: security
bump to version 3.0.1):
ls output/target/usr/lib/ruby/
3.0.0 site_ruby vendor_ruby
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build with tslib is broken since bump to version 1.25.0 in commit
cf57eceabc:
/data/buildroot-autobuilder/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/powerpc-buildroot-linux-uclibc/9.3.0/../../../../powerpc-buildroot-linux-uclibc/bin/ld: src/lib/ecore_fb/libecore_fb.so.1.25.1.p/ecore_fb_ts.c.o: in function `_ecore_fb_ts_fd_handler':
ecore_fb_ts.c:(.text+0x4c): undefined reference to `ts_read_raw'
Fixes:
- http://autobuild.buildroot.org/results/fa111306b95316eed54771550474dae804fa261e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-latomic was added to extralibs to fix static build of ffmpeg in commit
fc8798197b. However, extralibs is not
added to libavformat.pc resulting in the following static build failure
of motion:
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/9.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: /home/buildroot/autobuild/instance-1/output-1/host/bin/../arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libavformat.a(fifo.o): in function `fifo_init':
/home/buildroot/autobuild/instance-1/output-1/build/ffmpeg-4.4/libavformat/fifo.c:519: undefined reference to `__atomic_store_8'
So add a patch to add extralibs (and so -latomic) to all pkg-config
files
Fixes:
- http://autobuild.buildroot.org/results/62ec618e40081a250b8129ec6f5a178eb06fba1d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure on musl raised since bump to version
3.0.9 in commit 28b4947ed8:
In file included from /tmp/instance-5/output-1/build/bullet-3.09/src/LinearMath/btScalar.h:289,
from /tmp/instance-5/output-1/build/bullet-3.09/src/LinearMath/btVector3.h:19,
from /tmp/instance-5/output-1/build/bullet-3.09/src/LinearMath/btConvexHullComputer.h:18,
from /tmp/instance-5/output-1/build/bullet-3.09/Extras/VHACD/src/VHACD.cpp:28:
/tmp/instance-5/output-1/build/bullet-3.09/Extras/BulletRobotics/../../Extras/VHACD/inc/vhacdMutex.h: In constructor 'VHACD::Mutex::Mutex()':
/tmp/instance-5/output-1/build/bullet-3.09/Extras/BulletRobotics/../../Extras/VHACD/inc/vhacdMutex.h:97:54: error: 'PTHREAD_MUTEX_RECURSIVE_NP' was not declared in this scope; did you mean 'PTHREAD_MUTEX_RECURSIVE'?
97 | VHACD_VERIFY(pthread_mutexattr_settype(&mutexAttr, PTHREAD_MUTEX_RECURSIVE_NP) == 0);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/79cd2024b3dfc8d3e896cdacf67fb891df81ca6e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure on musl raised since the addition of the
package in commit eb91fa730c:
/tmp/instance-1/output-1/build/ogre-1.12.0/OgreMain/src/OgreStringConverter.cpp: In static member function 'static bool Ogre::StringConverter::parse(const String&, Ogre::int32&)':
/tmp/instance-1/output-1/build/ogre-1.12.0/OgreMain/src/OgreStringConverter.cpp:253:22: error: 'strtol_l' was not declared in this scope; did you mean 'strtold_l'?
253 | ret = (int32)strtol_l(val.c_str(), &end, 0, _numLocale);
| ^~~~~~~~
| strtold_l
Fixes:
- http://autobuild.buildroot.org/results/491f89e45610a7752c0700ac02b80a92b7876ec3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
qt5declarative builds qmltyperegistrar for the host as part of its build
process.
When building qt target packages (which is the case for qt5declarative),
-spec devices/linux-buildroot-g++ is passed to qmake in QT5_QMAKE
variable and this spec currently has -latomic in its LIBS.
This -latomic makes it to the build of the host build of
qmltyperegistrar which is not useful.
This was discovered on Fedora 34 where libatomic is not pulled with gcc
package, therefore was missing on the host machine.
This makes sure that -latomic is not added for host build of qt
packages.
Fixes: 7d286be4f9 ("package/qt5base: link with -latomic when needed")
Cc: Quentin Schulz <foss@0leil.net>
Suggested-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the folllowing build failure with uclibc-ng which is raised since
activation of uclibc-ng in commit
a4dc754178:
In file included from ./sys/random.h:40,
from getrandom.c:22:
/tmp/instance-0/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/include/sys/random.h:27:35: error: unknown type name 'size_t'
27 | extern int getrandom(void *__buf, size_t count, unsigned int flags)
| ^~~~~~
/tmp/instance-0/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/include/sys/random.h:8:1: note: 'size_t' is defined in header '<stddef.h>'; did you forget to '#include <stddef.h>'?
7 | #include <features.h>
+++ |+#include <stddef.h>
8 |
Fixes:
- http://autobuild.buildroot.org/results/30105094e39374ec6d4e47e2fb5e99696f7f7981
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the follownig build failure on ARM big endian raised since bump to
version 3.68 in commit 0a73b9b962:
Linux2.6_aarch64_aarch64_be-linux-gnu-gcc_glibc_PTH_64_DBG.OBJ/Linux_SINGLE_SHLIB/sha256-armv8.o: In function `SHA256_Compress_Native':
sha256-armv8.c:(.text.SHA256_Compress_Native+0x0): multiple definition of `SHA256_Compress_Native'
Linux2.6_aarch64_aarch64_be-linux-gnu-gcc_glibc_PTH_64_DBG.OBJ/Linux_SINGLE_SHLIB/sha512.o:sha512.c:(.text.SHA256_Compress_Native+0x0): first defined here
Linux2.6_aarch64_aarch64_be-linux-gnu-gcc_glibc_PTH_64_DBG.OBJ/Linux_SINGLE_SHLIB/sha256-armv8.o: In function `SHA256_Update_Native':
sha256-armv8.c:(.text.SHA256_Update_Native+0x0): multiple definition of `SHA256_Update_Native'
Linux2.6_aarch64_aarch64_be-linux-gnu-gcc_glibc_PTH_64_DBG.OBJ/Linux_SINGLE_SHLIB/sha512.o:sha512.c:(.text.SHA256_Update_Native+0x0): first defined here
Fixes:
- http://autobuild.buildroot.org/results/237aba0c16a34fec1b0fe50fe08cace438eda1bf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the folllowing build failure with uclibc-ng which is raised since
bump to version 1.34 in commit 27fffea6db:
In file included from ./sys/random.h:40,
from getrandom.c:22:
/tmp/instance-0/output-1/per-package/tar/host/x86_64-buildroot-linux-uclibc/sysroot/usr/include/sys/random.h:27:35: error: unknown type name 'size_t'
27 | extern int getrandom(void *__buf, size_t count, unsigned int flags)
| ^~~~~~
/tmp/instance-0/output-1/per-package/tar/host/x86_64-buildroot-linux-uclibc/sysroot/usr/include/sys/random.h:8:1: note: 'size_t' is defined in header '<stddef.h>'; did you forget to '#include <stddef.h>'?
7 | #include <features.h>
+++ |+#include <stddef.h>
8 |
Fixes:
- http://autobuild.buildroot.org/results/f40e09d621ab5ba66dd97138dec174acfb7fda2a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure with libglib >= 2.68 raised since commit
c72524fb1b:
In file included from /tmp/instance-0/output-1/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/glib-2.0/glib/gatomic.h:31,
from /tmp/instance-0/output-1/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/glib-2.0/glib/gthread.h:32,
from /tmp/instance-0/output-1/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/glib-2.0/glib/gasyncqueue.h:32,
from /tmp/instance-0/output-1/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/glib-2.0/glib.h:32,
from /tmp/instance-0/output-1/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/libsigrokdecode/libsigrokdecode.h:25,
from /tmp/instance-0/output-1/build/pulseview-0.4.2/pv/data/decode/annotation.cpp:21:
/tmp/instance-0/output-1/host/opt/ext-toolchain/mips64el-buildroot-linux-uclibc/include/c++/8.4.0/type_traits:56:3: error: template with C linkage
template<typename _Tp, _Tp __v>
^~~~~~~~
/tmp/instance-0/output-1/build/pulseview-0.4.2/pv/data/decode/annotation.cpp:20:1: note: 'extern "C"' linkage started here
extern "C" {
^~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/33cbaaeefd8637bac4ad0fbbfae7c369de4875d2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit
cf176128ec ("boot/arm-trusted-firmware:
add SSP option"), we are passing ENABLE_STACK_PROTECTOR=none when we
want to disable SSP usage in TF-A. While this works fine in recent
versions of TF-A, older versions such as TF-A will end up passing
-fstack-protector-none in this situation, which fails as this is not a
valid gcc option (the valid gcc option is -fno-stack-protector).
To solve this, we pass ENABLE_STACK_PROTECTOR=0 which was in older
TF-A versions used to say "don't do anything with SSP", and is also
still supported in newer versions of TF-A.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1478738580
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
- CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
- CVE-2021-31799: A command injection vulnerability in RDoc
For more details, see the announcement:
https://www.ruby-lang.org/en/news/2021/07/07/ruby-3-0-2-released/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-22930: Use after free on close http2 on stream canceling (High)
Node.js is vulnerable to a use after free attack where an attacker might
be able to exploit the memory corruption, to change process behavior.
Drop 0002-Fix-build-with-ICU-68.patch as this is now fixed upstream since
https://github.com/nodejs/node/commit/e459c79b02
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We can drop all the patches as they have been sorted out in upstream.
The wrapped fmt was dropped, so drop the corresponding option.
The option to use a system pybind11 was named differently upstream, as a
feature rather as a boolean. Adapt accordingly.
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
[yann.morin.1998@free.fr: explain dropped/changed options]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Currently, for a static-only build, we pass -Dstatic-libc=true. The
reason for that was not recorded when the package was converted to
meson.
The -Dstatic-libc=true option, despite its name, is not about linking
statically against libc, but against libgcc and libstdc++.
In Buildroot, we forcibly pass -static when calling the compiler and
linker, so everything is already linked statically.
For a shared build, -Dstatic-libc=false has no effect at all.
Drop this option altogether, as it is not needed, and is confusing.
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
[yann.morin.1998@free.fr: expand commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Set warning_level to 1 instead of the default value of 2 to disable
stack-protector and avoid the following build failure since the addition
of the package in commit ccfc90e101:
/tmp/instance-5/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i686-buildroot-linux-uclibc/9.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: tests/commandhelper.p/commandhelper.c.o: in function `printInput':
commandhelper.c:(.text+0xad): undefined reference to `__stack_chk_guard'
Fixes:
- http://autobuild.buildroot.org/results/a2657eb18b579752c8217ab356adcb52931f6785
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- move to a separate assignment
- add a big fat comment to explain it
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since qemu started using ninja, they have the following fragment in the
Makefile:
MAKE.n = $(findstring n,$(firstword $(MAKEFLAGS)))
NINJAFLAGS = ... $(if $(MAKE.n), -n) ...
Buildroot's generated makefile in the O= directory invokes make in the
base buildroot with --no-print-directory. However, make's placement of
the --no-print-directory in MAKEFLAGS varies between the versions of
the host make; make 4.3 places that at the end while make 3.82 places
it at the beginning. As a result, if building on a system with an older
host make, qemu's makefile invokes `ninja -n` which does not generate
any outputs.
To reproduce, on a CentOS 7 machine or docker image:
mkdir /tmp/br-build && cd /tmp/br-build
make -C ~/buildroot pc_x86_64_bios_defconfig O=`pwd`
make menuconfig # Switch to glibc, enable "QEMU" and "QEMU tools"
make all # Build succeeds
find target -name qemu-img # No binary has been built
Pick up the fix commited in Qemu upstream.
Signed-off-by: Alexey Neyman <stilor@att.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This defconfig is download at91bootstrap3 using a tarball, not over
git.
Fixes:
configs/microchip_sama5d2_icp_mmc_dev_defconfig:63:warning: override: BR2_TARGET_AT91BOOTSTRAP3_CUSTOM_TARBALL changes choice state
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This defconfig is download at91bootstrap3 using a tarball, not over
git.
Fixes:
configs/microchip_sama5d2_icp_mmc_defconfig:20:warning: override: BR2_TARGET_AT91BOOTSTRAP3_CUSTOM_TARBALL changes choice state
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
RISC-V 32-bit was special cased to use glibc master as support was not
in a released version.
Recently 2.33 was released, so RV32 can now use the same glibc version
as other platforms.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Link with -latomic if needed to avoid the following build failure with
openssl:
configure:10549: checking for X509_STORE_CTX_new in -lcrypto
configure:10574: /tmp/instance-0/output-1/host/bin/sparc-linux-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g0 -static -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -I/tmp/instance-0/output-1/host/sparc-buildroot-linux-uclibc/sysroot/usr/include -static -L/tmp/instance-0/output-1/host/sparc-buildroot-linux-uclibc/sysroot/usr/lib conftest.c -lcrypto -lz >&5
/tmp/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/9.3.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: /tmp/instance-0/output-1/host/sparc-buildroot-linux-uclibc/sysroot/usr/lib/libcrypto.a(x509cset.o): in function `X509_CRL_up_ref':
x509cset.c:(.text+0xfc): undefined reference to `__atomic_fetch_add_4'
Ideally, mutt should use pkg-config but upstream don't want to use it:
https://gitlab.com/muttmua/mutt/-/merge_requests/25
Fixes:
- http://autobuild.buildroot.org/results/e357984853f8ca879156245717fadbeaa9b0dbae
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure with gcc 11:
linux.c:165:50: error: argument 7 of type 'const xen_pfn_t[]' {aka 'const long long unsigned int[]'} declared as an ordinary array [-Werror=vla-parameter]
165 | const xen_pfn_t arr[/*num*/], int err[/*num*/])
| ~~~~~~~~~~~~~~~~^~~~~~~~~~~~
In file included from linux.c:29:
private.h:35:50: note: previously declared as a variable length array 'const xen_pfn_t[num]' {aka 'const long long unsigned int[num]'}
35 | const xen_pfn_t arr[num], int err[num]);
| ~~~~~~~~~~~~~~~~^~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/f70d060cf50254694113f19f50a8ef96ef33dd1a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since bump to version 0.22.3 in commit b6576a458c (package/mpd: bump
to version 0.22.3), mpd needs gcc >= 8, as documented in their manual
[0], to avoid the following build failure with gcc 7.3.1:
/tmp/instance-7/output-1/host/opt/ext-toolchain/aarch64-linux-gnu/include/c++/7.3.1/bits/stl_tree.h:2091:28: error: no matching function for call to 'std::_Rb_tree<std::__cxx11::basic_string<char>, std::pair<const std::__cxx11::basic_string<char>, std::__cxx11::basic_string<char> >, std::_Select1st<std::pair<const std::__cxx11::basic_string<char>, std::__cxx11::basic_string<char> > >, std::less<std::__cxx11::basic_string<char> >, std::allocator<std::pair<const std::__cxx11::basic_string<char>, std::__cxx11::basic_string<char> > > >::_M_get_insert_unique_pos(std::pair<std::basic_string_view<char>, std::basic_string_view<char> >::first_type&)'
= _M_get_insert_unique_pos(_KeyOfValue()(__v));
~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/4888d99404cc4273349ab036035c5ff7e086b83e
[0] https://mpd.readthedocs.io/en/stable/user.html#compiling-from-source)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: reword commit log to reference the manual]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Disable vhost-user on uclibc-ng as it raises build failures since bump
to version 6.0.0 in commit 6b86c9335f and
https://github.com/qemu/qemu/commit/810033be083040591fee2fc09f2f294670ed1930
The issue is that F_ADD_SEALS and F_SEAL_xxx variables are not defined on
uclibc-ng (even if MFD_ALLOW_SEALING is defined) resulting in the
following build failure:
../subprojects/libvhost-user/libvhost-user.c:1637:22: error: 'F_ADD_SEALS' undeclared (first use in this function)
1637 | ret = fcntl(*fd, F_ADD_SEALS, flags);
| ^~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/9f393539931b51191cf7128e5c618c2398fc86c1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: use conditional block like for all other OPTS]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
After more than a decade, libESMTP version 1.0.6 is superceded. Despite
proving robust a little bitrot has occurred, especially regarding
OpenSSL support. The original application data APIs are prone to memory
leaks and are deprecated in favour of safer replacements. Version 1.1
updates libESMTP without breaking API and ABI compatibility and
provides a basis for future development.
In addition to updates to the codebase, documentation is modernised and
is more comprehensive.
All libESMTP users are encouraged to upgrade from version 1.0.6.
- Update license files
- Update indentation in hash file (two spaces)
- Switch to meson-package
- Handle threads and tls meson options
- libesmtp-config has been dropped:
https://github.com/libesmtp/libESMTP/issues/8
- Fix CVE-2019-19977: libESMTP through 1.0.6 mishandles domain copying
into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as
demonstrated by a stack-based buffer over-read.
https://github.com/libesmtp/libESMTP/releases/tag/v1.1.0https://libesmtp.github.io/changes-since-v1.0.6.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When the config fragment provided by the user is not usable with a
specific toolchain configuration, the resulting .config file was kept
around.
In a follow up commit, we'll need to know, from outside test-pkg, if a
specific configuration was indeed usable or not.
So, unless if the user actually requested to keep the build directories,
remove the .config file when it contains a configration that would be
skipped.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
In a followup commit, the make command used to log and display the last
lines on error will be used in another job.
Factorize it by introducing .run_make template.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
If the libzstd DSO is available, then link the tool
against it.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Create libzstd.pc in the build step instead of triggering a
lazy build during installation when it is missing.
Move PREFIX=/usr to ZSTD_OPTS. It is needed for building libzstd.pc
during the build step; for consistency, make sure it's available in all
steps.
Attach '-release' to the targets, since the default is to
build lib-release and zstd-release. Its only effect is to clear
DEBUGFLAGS (which are just warning flags).
Signed-off-by: Norbert Lange <nolange79@gmail.com>
[Arnout: add check-package disable]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This is based on Yann's and Arnout's experience with migrating
Buildroot.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
[yann.morin.1998@free.fr: add "For more details, "]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The pixman package exhibits gcc bug 101737 when built for the SH4
architecture with optimization enabled, which causes a build failure.
As done for other packages in Buildroot work around this gcc bug by
setting optimization to -O0 if BR2_TOOLCHAIN_HAS_GCC_BUG_101737=y.
Also let's add PIXMAN_CFLAGS and pass the Codesourcery work around CFLAGS
to it for consistency like we do for the rest of the packages.
Fixes:
http://autobuild.buildroot.net/results/b20/b20869bbb48edb1f0a847ea9e2e1a0462d6350be/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
MuPDF through 1.18.1 has an out-of-bounds write because the cached color
converter does not properly consider the maximum key size of a hash
table. This can, for example, be seen with crafted "mutool draw" input.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer
overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and
Pl_AES_PDF::finish) when a certain downstream write fails.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure with gcc 11:
In file included from /tmp/instance-4/output-1/build/uhd-3.15.0.0/host/lib/usrp/dboard/e3xx/e3xx_ad9361_iface.hpp:14,
from /tmp/instance-4/output-1/build/uhd-3.15.0.0/host/lib/usrp/dboard/e3xx/e3xx_ad9361_iface.cpp:7:
/tmp/instance-4/output-1/build/uhd-3.15.0.0/host/lib/include/uhdlib/utils/rpc.hpp: In function 'bool {anonymous}::await_rpc_connected_state(std::shared_ptr<rpc::client>, std::chrono::milliseconds)':
/tmp/instance-4/output-1/build/uhd-3.15.0.0/host/lib/include/uhdlib/utils/rpc.hpp:28:27: error: 'sleep_for' is not a member of 'std::this_thread'
28 | std::this_thread::sleep_for(std::chrono::milliseconds(1));
| ^~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/1591ff7fabb09e4eb79f3aa293fbb228c255c45b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
network-manager needs gcc >= 4.9 since bump to version 1.32.2 in commit
360d1aad84 to avoid the following build
failure:
src/libnm-core-impl/nm-setting-bond.c: At top level:
src/libnm-core-impl/nm-setting-bond.c:149:5: error: array initialized from non-constant array expression
NM_MAKE_STRV("stable", "bandwidth", "count");
^
Fixes:
- http://autobuild.buildroot.org/results/dc270ead82707f89d47616a0c18629715c6ea1a5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Existing patch is for 3.13.0 optee version but is located at the root
of optee-os folder, leading to error when applying it on more recent
version. Move it to a dedicated 3.13.0 folder.
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure with gcc 11:
/tmp/instance-0/output-1/build/libebml-1.4.2/src/EbmlString.cpp: In member function 'virtual filepos_t libebml::EbmlString::ReadData(libebml::IOCallback&, libebml::ScopeMode)':
/tmp/instance-0/output-1/build/libebml-1.4.2/src/EbmlString.cpp:147:41: error: 'numeric_limits' is not a member of 'std'
147 | auto Buffer = (GetSize() + 1 < std::numeric_limits<std::size_t>::max()) ? new (std::nothrow) char[GetSize() + 1] : nullptr;
| ^~~~~~~~~~~~~~
/tmp/instance-0/output-1/build/libebml-1.4.2/src/EbmlString.cpp:147:67: error: expected primary-expression before '>' token
147 | auto Buffer = (GetSize() + 1 < std::numeric_limits<std::size_t>::max()) ? new (std::nothrow) char[GetSize() + 1] : nullptr;
| ^
/tmp/instance-0/output-1/build/libebml-1.4.2/src/EbmlString.cpp:147:70: error: '::max' has not been declared; did you mean 'std::max'?
147 | auto Buffer = (GetSize() + 1 < std::numeric_limits<std::size_t>::max()) ? new (std::nothrow) char[GetSize() + 1] : nullptr;
| ^~~
| std::max
Fixes:
- http://autobuild.buildroot.org/results/3a28507127eae47994ca62e2b656da32bd2fb1f8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since its addition in commit fbff7d7289,
usbguard needs a crypto backend otherwise the build will fail on:
checking for sodium... no
checking for libcrypto... no
checking for powerpc-buildroot-linux-uclibc-libgcrypt-config... no
checking for libgcrypt-config... no
checking for LIBGCRYPT - version >= 1.5.0... no
configure: error: The selected crypto backend library is not available.
So select sodium as the default crypto backend as this is the default
choice in configure.ac.
Fixes:
- http://autobuild.buildroot.org/results/fb9865e2c65ea1dd9a657e1181a6c8c49481fda7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following static build failure with libsndfile raise since
commit dbc6e9e9f3:
/tmp/instance-3/output-1/host/lib/gcc/xtensa-buildroot-linux-uclibc/10.3.0/../../../../xtensa-buildroot-linux-uclibc/bin/ld: /tmp/instance-3/output-1/host/bin/../xtensa-buildroot-linux-uclibc/sysroot/usr/lib/libsndfile.a(libsndfile_la-flac.o): in function `flac_byterate':
flac.c:(.text+0xfc): undefined reference to `FLAC__StreamDecoderErrorStatusString'
Fixes:
- http://autobuild.buildroot.org/results/92ed30a6855ca11800b779718822bcba4a69c9a3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Use --without-foo options to disable unused features, as they have been
fixed since version 3.3.8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure with gcc 11:
/tmp/instance-1/output-1/build/libuwsc-3.3.5/src/lua/uwsc_lua.c: In function 'uwsc_lua_on':
/tmp/instance-1/output-1/build/libuwsc-3.3.5/src/lua/uwsc_lua.c:177:5: error: this 'else' clause does not guard... [-Werror=misleading-indentation]
177 | else
| ^~~~
/tmp/instance-1/output-1/build/libuwsc-3.3.5/src/lua/uwsc_lua.c:180:9: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'else'
180 | return 0;
| ^~~~~~
Fixes:
- http://autobuild.buildroot.org/results/1b031667e6d184493ea55ea6630272af4e475375
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
-std=c++11 has been wrongly removed from CFLAGS since commit
c5ca521e23 resulting in the following
build failure:
In file included from /home/buildroot/autobuild/run/instance-1/output-1/build/openzwave-62444b0f979c337d2091d77d89cf63c2ae9775cf/cpp/src/Driver.h:38:0,
from /home/buildroot/autobuild/run/instance-1/output-1/build/openzwave-62444b0f979c337d2091d77d89cf63c2ae9775cf/cpp/src/Manager.h:39,
from Main.cpp:37:
/home/buildroot/autobuild/run/instance-1/output-1/build/openzwave-62444b0f979c337d2091d77d89cf63c2ae9775cf/cpp/src/Node.h:566:32: error: 'std::shared_ptr' has not been declared
void SetProductDetails(std::shared_ptr<Internal::ProductDescriptor> product);
^
Fixes:
- http://autobuild.buildroot.org/results/a7999ffe3b93391b9a20dcfa3ddd9d21daf0cace
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
opcache needs dynamic library since version 8.0.0 and
https://github.com/php/php-src/commit/9a06876072b9ccb023d4a14426ccb587f10882f3
otherwise the build will fail on:
/tmp/instance-4/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/9.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: /tmp/instance-4/output-1/host/bin/../arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libc.a(__uClibc_main.os): in function `__uClibc_fini':
__uClibc_main.c:(.text+0x15c): undefined reference to `__fini_array_start'
/tmp/instance-4/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/9.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: __uClibc_main.c:(.text+0x160): undefined reference to `__fini_array_end'
Fixes:
- http://autobuild.buildroot.org/results/526d2e3108ff2506482d1665bcc3ed083961430f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure with wolfssl raised since bump to
version 3.12.1 in commit 4d85defa71:
/tmp/instance-4/output-1/build/libuhttpd-3.12.1/src/ssl/openssl.c: In function 'ssl_context_new':
/tmp/instance-4/output-1/build/libuhttpd-3.12.1/src/ssl/openssl.c:174:33: error: 'tls13_ciphersuites' undeclared (first use in this function)
174 | SSL_CTX_set_ciphersuites(c, tls13_ciphersuites);
| ^~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/25db1e999950bbee069ba7364a228184a6a77808
Note: we have a reference to a pull request on the 'ssl' repository,
because it is a git submodule of libuhttpd.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: explain the reference to ssl/pull/1]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
"This release brings in some missing MQTT v5 features, support for
websocket headers and proxies, ALPN protocol lists, adds the builder
pattern for options, and fixes a number of bugs in both the C++ library
and the underlying C lib."
https://github.com/eclipse/paho.mqtt.cpp/releases/tag/v1.2.0
This also makes the patch obsolete, since these changes have been merged upstream.
Signed-off-by: Daniel Lang <d.lang@abatec.at>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Highly parallel host-python3 builds sometimes fail with:
Exception in thread Thread-1:
Traceback (most recent call last):
File "/tmp/instance-3/output-1/host/lib/python3.9/threading.py", line 973, in _bootstrap_inner
self.run()
File "/tmp/instance-3/output-1/host/lib/python3.9/concurrent/futures/process.py", line 317, in run
result_item, is_broken, cause = self.wait_result_broken_or_wakeup()
File "/tmp/instance-3/output-1/host/lib/python3.9/concurrent/futures/process.py", line 376, in wait_result_broken_or_wakeup
worker_sentinels = [p.sentinel for p in self.processes.values()]
File "/tmp/instance-3/output-1/host/lib/python3.9/concurrent/futures/process.py", line 376, in <listcomp>
worker_sentinels = [p.sentinel for p in self.processes.values()]
RuntimeError: dictionary changed size during iteration
During the compile_all.py step of host-python3. This issue is reported
upstream at https://bugs.python.org/issue43498, and while not yet
fixed upstream, a PR was proposed with a possible fix for it. Seems
the PR seems reasonable, let's give it a chance and see if it improves
the situation.
Hopefully Fixes:
http://autobuild.buildroot.net/results/ae6c4ab292589a4e4442dfb0a1286349a9bf4d29/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* drop CMakeLists.txt patch applied upstream.
* Update patch for wrap_memcpy.cc to match changed target file.
* update patch numbering.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for xserver_xorg-server is added by the services/xserver module
in the SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use Buildroot's setting for optimization, zstd's build system
overrides CFLAGS (adds -O3), but MOREFLAGS can override again.
Quick tests show that using -O2 (like buildroot)
is actually a little faster than -O3 on x86_64 Atoms.
Disable the legacy format, these are just needed for
decompressing files created with pre-release version.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Dynamic build without threads is broken since bump to version 1.5.0 in
commit aad8bbf588
Indeed, dynamic library is built with threads support since
https://github.com/facebook/zstd/commit/91465e23b2710de031a762874cafb417f8b7556e
To fix this build failure, add -nomt if needed however libzstd-nomt is a
"special target that builds a library in single-thread mode _and_
without zstdmt_compress.c". For an unknown reason, this target fails to
build and don't create any symlinks so replace libzstd-{mt,nomt} by
lib-{mt,nomt} even if this will have the side effect of building a
shared and a static version of the library.
Move the existing HAVE_THREAD setting in the same condition.
While at it, also replace "libzstd.a libzstd" by "lib"
Fixes:
- http://autobuild.buildroot.org/results/e609601a0fc91c44d88a12c35b29ce937381462f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Arnout: move HAVE_THREAD in the same condition]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure raised since bump to version 3.4.7 in
commit bb75c4b541:
/tmp/instance-5/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/9.3.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: ui/qt/CMakeFiles/qtui.dir/sequence_diagram.cpp.o: undefined reference to symbol '__atomic_compare_exchange_4@@LIBATOMIC_1.0'
/tmp/instance-5/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/9.3.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: /tmp/instance-5/output-1/host/sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line
Fixes:
- http://autobuild.buildroot.org/results/6617ee0e0046a0452a1515b89e9c704b1c125ec4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Workaround for gcc bug 68485 doesn't work anymore since bump to version
3.21 in commit 5b3e721399 because CXXFLAGS
is appended after CFLAGS and does not contain -O0:
/tmp/instance-7/output-1/host/bin/microblazeel-linux-gcc -o rtcm2_json.os -c --sysroot=/tmp/instance-7/output-1/host/microblazeel-buildroot-linux-uclibc/sysroot -pthread -Wall -Wcast-align -Wextra -Wimplicit-fallthrough -Wmissing-declarations -Wmissing-prototypes -Wno-missing-field-initializers -Wno-uninitialized -Wpointer-arith -Wreturn-type -Wstrict-prototypes -Wvla -O0 -Os -g0 -pthread -fPIC -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -I/tmp/instance-7/output-1/host/microblazeel-buildroot-linux-uclibc/sysroot/usr/include/dbus-1.0 -I/tmp/instance-7/output-1/host/microblazeel-buildroot-linux-uclibc/sysroot/usr/lib/dbus-1.0/include rtcm2_json.c
during RTL pass: reload
rtcm2_json.c: In function ‘json_rtcm2_read’:
rtcm2_json.c:267:1: internal compiler error: in gen_reg_rtx, at emit-rtl.c:1155
267 | }
| ^
It should be noted that GPSD_CXXFLAGS was added 5 years ago with commit
b4c050e9af but was not actually used in
that commit or any later.
Fixes:
- http://autobuild.buildroot.org/results/fab33f25b08fa218af91640fdbd8c0dcf1d07228
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Set back -fPIC in CFLAGS which was wrongly removed as a side effect of
commit c5ca521e23.
Another side-effect of that commit was to remove
-DSYSCONFDIR="\"$(PREFIX)/etc/openzwave/\"" - however, we don't need
SYSCONFDIR to be set, since /etc/openzwave is checked first anyway (see
cpp/src/Options.cpp).
Fixes:
- http://autobuild.buildroot.org/results/161f53574697016ab8bdb91aaaf4a2be5410ebb0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This restricts the Erlang RISC-V update from
0bab8c1089 to only enabling RISCV_64
rather than enabling builds on all platforms with toolchains that
include atomics.
This fixes build errors on SPARCv8 and other platforms that look like
this:
/tmp/ccD9Q9F7.s: Assembler messages:
/tmp/ccD9Q9F7.s:230: Error: Architecture mismatch on "cas [%g3],%g2,%g1".
/tmp/ccD9Q9F7.s:230: (Requires v9|v9a|v9b|v9c|v9d|v9e|v9v|v9m|m8; requested architecture is v8.)
Fixes:
http://autobuild.buildroot.net/results/a57/a5779e22c41eb63b8400409f26f96b924fdde1bc/
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
armadillo can use lapack or openblas as BLAS provider. LAPACK support is
optional.
This patch
- adds an _ARCH_SUPPORTS variable to check if one is available
- adds an option to choose lapack or openblas as BLAS provider
The choice is required since applications may potentially need lapack.
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Force Release build to avoid the following build failure which is raised
since the addition of the package in commit
4634e84978:
/tmp/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i586-buildroot-linux-musl/9.3.0/../../../../i586-buildroot-linux-musl/bin/ld: cannot find -lasan
/tmp/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i586-buildroot-linux-musl/9.3.0/../../../../i586-buildroot-linux-musl/bin/ld: cannot find -lubsan
Fixes:
- http://autobuild.buildroot.org/results/83274082879f9599bc106e12a253f4b9229ea00b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Disable -Werror to avoid the following build failures raised since bump
to version 1.2.2 in commit b436b82411:
/tmp/instance-0/output-1/build/open62541-v1.2.2/arch/network_tcp.c: In function 'connection_recv':
/tmp/instance-0/output-1/build/open62541-v1.2.2/arch/network_tcp.c:96:5: error: conversion to 'unsigned int' from 'int' may change the sign of the result [-Werror=sign-conversion]
96 | UA_fd_set(connection->sockfd, &fdset);
| ^~~~~~~~~
/tmp/instance-6/output-1/build/open62541-v1.2.2/plugins/ua_pubsub_udp.c: In function 'UA_PubSubChannelUDPMC_receive':
/tmp/instance-6/output-1/build/open62541-v1.2.2/plugins/ua_pubsub_udp.c:477:21: error: conversion to '__suseconds_t' {aka 'int'} from 'UA_UInt32' {aka 'unsigned int'} may change the sign of the result [-Werror=sign-conversion]
477 | tmptv.tv_usec = (long int)(timeout % 1000000);
| ^
Fixes:
- http://autobuild.buildroot.org/results/911811de81d8abb2a31feb8f27af1592641c6fbc
- http://autobuild.buildroot.org/results/f0187b3f2d62e955fddeef4e90f84ba4fd642bd2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
To fix this bug we have to use an undocumented test variable to enable
the nightly target-applies-to-host feature so that the target linker
doesn't get used for host binaries like the build-script.
Fixes:
error: failed to run custom build command for `ripgrep v0.8.1 (/home/buildroot/buildroot/output/build/ripgrep-0.8.1)`
Caused by:
process didn't exit successfully: `/home/buildroot/buildroot/output/build/ripgrep-0.8.1/target/release/build/ripgrep-59eeb7069534e1ef/build-script-build` (exit status: 1)
--- stderr
/home/buildroot/buildroot/output/build/ripgrep-0.8.1/target/release/build/ripgrep-59eeb7069534e1ef/build-script-build: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /home/buildroot/buildroot/output/build/ripgrep-0.8.1/target/release/build/ripgrep-59eeb7069534e1ef/build-script-build)
Details:
https://github.com/rust-lang/cargo/issues/3349https://github.com/rust-lang/cargo/pull/9322
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Support for tpm2-tools is added by the services/tpm2 module in the
SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Support for tpm2-totp is added by the services/tpm2 module in the
SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Support for tpm2-abrmd is added by the services/tpm2 module in the
SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
GCC 11 defaults to C++17. Fix the following build failure with gcc 11:
In file included from _internal/Source/JSONDefs.h:12,
from _internal/Source/JSONDebug.h:4,
from _internal/Source/JSONNode.h:4,
from _internal/Source/JSONNode.cpp:1:
_internal/Source/JSONDefs/GNU_C.h:58:28: error: ISO C++17 does not allow dynamic exception specifications
58 | #define json_throws(x) throw(x)
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/1e66dff705bbb38e7e0f0e5864ce794b4345dcc6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
OpenCV-4's buildsystem will try to detect ccache and use it if
available. This may yield a system-installed ccache.
However, in Buildroot, ccache is entirely hidden away and handled in the
toolchain wrapper.
Forcibly disable detection of ccache.
Commit 505e7f4771 already applied this
change to opencv3.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Build with libmaxminddb is broken since bump to version 3.0.5 in commit
464d0be380 because of
https://github.com/SpiderLabs/ModSecurity/commit/785958f9b5089b918c7d054cbcc2fe4a3c7b3788
So revert this commit until upstream answer to comment to
https://github.com/SpiderLabs/ModSecurity/issues/2131
Reverting this commit requires autoreconfiguring, which itself causes
lots of warnings as configure.ac queries git to know the version of
various parts of libmodsecurity. However, it turns out that those
versions are only used to be displayed in the output of the configure
script, which is quite useless. The only one that is referenced
elsewhere is LIBINJECTION_VERSION, but it's in fact a different thing:
it is defined by others/libinjection/src/libinjection_sqli.c.
The only variable that was AC_SUBST() and therefore visible elsewhere
was MSC_GIT_VERSION, but it is not used anywhere in the code base,
except in the configure script itself.
Note that one patch is 0001 and the other 0003, because there was
already a 0002 patch.
Fixes:
- http://autobuild.buildroot.org/results/4c639fd967faa06f8ae362bacd38f3409c47267c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since upstream commit 5da4da99e0bb3d694e93046207ae4ce3b5545043, in
3.13.0, OP-TEE client unconditionally uses the MMC_IOC_MULTI_CMD
ioctl(). But this ioctl() was only introduced in kernel 4.3, so
earlier kernels did not have this definition.
This was clearly known when upstream started using this ioctl. From
the upstream commit 5da4da99e0bb3d694e93046207ae4ce3b5545043 commit
log:
As MMC_IOC_MULTI_CMD is available since linux 4.3, we should be safe to
use it by default on read / write block operations.
So let's propagate this dependency into Buildroot.
Fixes:
http://autobuild.buildroot.net/results/bd270a6793df499d5f52959e3de17f8a92d88305/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use pkg-config to find numa to avoid the following build failure when
checking for numa_available:
configure:9667: checking for numa_available in -lnuma
configure:9692: /tmp/instance-7/output-1/host/bin/microblazeel-linux-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -static -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -static conftest.c -lnuma >&5
/tmp/instance-7/output-1/host/opt/ext-toolchain/bin/../lib/gcc/microblazeel-buildroot-linux-uclibc/9.3.0/../../../../microblazeel-buildroot-linux-uclibc/bin/ld: /tmp/instance-7/output-1/host/microblazeel-buildroot-linux-uclibc/sysroot/usr/lib/libnuma.a(libnuma.o): in function `numa_node_to_cpus_v1':
(.text+0x2a80): undefined reference to `__atomic_fetch_and_1'
/tmp/instance-7/output-1/host/opt/ext-toolchain/bin/../lib/gcc/microblazeel-buildroot-linux-uclibc/9.3.0/../../../../microblazeel-buildroot-linux-uclibc/bin/ld: /tmp/instance-7/output-1/host/microblazeel-buildroot-linux-uclibc/sysroot/usr/lib/libnuma.a(libnuma.o): in function `numa_node_to_cpus_v2':
(.text+0x2ddc): undefined reference to `__atomic_fetch_and_1'
collect2: error: ld returned 1 exit status
Fixes:
- http://autobuild.buildroot.org/results/577a63432fba2f9ae1ed2c6c2a77c5ce54ac5521
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
GCC 11 defaults to C++17. Fix the following build failure with gcc 11:
In file included from details/shared-ptr/base.cxx:5:
../odb/details/shared-ptr/base.hxx:38:49: error: ISO C++17 does not allow dynamic exception specifications
38 | operator new (std::size_t, odb::details::share) throw (std::bad_alloc);
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/cfd5f92f0aa923815edba5fbfcd5b7b312d9d40e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When Bluetooth support is enabled ensure to enable the Audio and
HID plugins.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When BlueZ is enabled ensure to select the BlueZ HID Plugin for wiimote support.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When BlueZ is enabled ensure to select the BlueZ Audio Plugins.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When BlueZ is enabled ensure to select the BlueZ Audio Plugins.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When enabling the BlueZ plugin select the BlueZ Audio Plugins.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
brltty builds with bluetooth support when bluez is enabled.
Ensure the HID Plugin is enabled.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The A2DP/AVCRP plugins now have to be explicitly selected.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
the HID plugin now needs to be explictly enabled.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
as discussed on the mailinglist this drops the default y
entry for the now optional plugins and tools.
This might break backward compatibility but gives new users
a smaller initial footprint.
Further add a select for the options that required the HID
plugin at runtime.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The tools are currently always build and installed. In many cases
those tools are not needed in a production system. So make this
step optional. This saves up to 2MB on the target.
Further tweak the deprecated option. It has effects when the --enable-tools
is set as well as when --enable-client is set. So explain this in the
options description and update the install step for gatttool to only be
added when client is enabled.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since the bump to version 2.0.8 in commit
f5906644b4, bird uses a home-grown "GNU Autoconf
2.69e" instead of standard autoconf 2.69 to generate the configure
script. This fork seems to generate incorrect code: it uses
ac_test_CFLAGS=${CFLAGS+y}
to remember if CFLAGS was saved, while standard autoconf uses
ac_test_CFLAGS=${CFLAGS+set}
The configure.ac code itself, however, uses
if test "$ac_test_CFLAGS" != set ; then
to check if CFLAGS was overridden.
Thus, Buildroot's CFLAGS are not taken into account and this leads to
the following build failure:
checking for glob.h... no
configure: error: glob.h not found.
This build failure is raised because -g0 and -g are both passed to gcc:
configure:5207: checking for glob.h
configure:5230: /data/buildroot-autobuilder/instance-0/output-1/host/bin/mips64el-linux-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g0 -pthread -fno-strict-aliasing -fno-strict-overflow -flto -Wall -Wextra -Wstrict-prototypes -Wno-parentheses -Wno-pointer-sign -Wno-missing-field-initializers -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -pthread -flto=4 -g conftest.c >&5
/data/buildroot-autobuilder/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/mips64el-buildroot-linux-uclibc/8.4.0/../../../../mips64el-buildroot-linux-uclibc/bin/ld: /tmp/ccDboxph.ltrans0.ltrans.o:(.debug_info+0x2a): undefined reference to `conftest.c.0943dc99'
/data/buildroot-autobuilder/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/mips64el-buildroot-linux-uclibc/8.4.0/../../../../mips64el-buildroot-linux-uclibc/bin/ld: /tmp/ccDboxph.ltrans0.ltrans.o:(.debug_info+0x2f): undefined reference to `conftest.c.0943dc99'
-g0 is passed by buildroot and -g is passed by bird if
$ac_test_CFLAGS" != set (since version 2.0.7 and
https://gitlab.nic.cz/labs/bird/-/commit/cc95b4594ac924b40325a4f1adcae5312179db40)
To fix this, we can simply run autoreconf and generate a correct
configure script.
Fixes:
- http://autobuild.buildroot.org/results/1d2acc9f6b8830adc8b62d6b2e55837abae561a9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Now that we have 2.35, 2.36 and 2.37, with 2.36 as the default, we can
remove 2.34.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Now that we have added version 2.37, it's time to use the 2.36.x
series as the default version.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Arnout: also update default in binutils.mk]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
State of the patches:
- 0001-sh-conf.patch
Refreshed
- 0002-poison-system-directories.patch
Refreshed, but needed some adaptations as the bfd_boolean type no
longer exists, and the standard "bool" type is now used instead.
- 0003-or1k-Fix-issue-with-plt-link-failure-for-local-calls.patch
Drop, present in 2.37, merged upstream as
a76ef689b60405e494cb99e198acf3c82f467f7d
- 0004-or1k-Implement-relocation-R_OR1K_GOT_AHI16-for-gotha.patch
Drop, present in 2.37, merged upstream as
0b3e14c90283c5d234884d0ebe8510bc3c9bc687
- 0005-or1k-Avoid-R_OR1K_GOT16-overflow-failures-in-presenc.patch
Drop, present in 2.37, merged upstream as
3c3de29b048bca6b4aa4235c647b9328e71801b6
- 0006-or1k-Support-large-plt_relocs-when-generating-plt-en.patch
Drop, present in 2.37, merged upstream as
284a1309021a0ef4c29f198470d95652f02b13f0
- 0007-bfd-elf32-or1k-fix-building-with-gcc-version-5.patch
Refreshed
- 0008-or1k-fix-pc-relative-relocation-against-dynamic-on-P.patch
Refreshed
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Support for wireguard-tools is added by the services/wireguard module in
the SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for squid is added by the services/squid module in the SELinux
refpolicy.
Moreover, add apache module as for now it is unconditionally used in
squid.fc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for tftpd is added by the services/tftp module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for proftpd is added by the services/ftp module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for vsftpd is added by the services/ftp module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for samba4 is added by the services/samba module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Set DEBUG_FLAGS and RELEASE_FLAGS to an empty value to remove -Werror
and fix the following build failure with gcc 11:
/tmp/instance-5/output-1/build/openzwave-62444b0f979c337d2091d77d89cf63c2ae9775cf/cpp/src/command_classes/AssociationCommandConfiguration.cpp: In member function 'virtual bool OpenZWave::Internal::CC::AssociationCommandConfiguration::HandleMsg(const uint8*, uint32, uint32)':
/tmp/instance-5/output-1/build/openzwave-62444b0f979c337d2091d77d89cf63c2ae9775cf/cpp/src/command_classes/AssociationCommandConfiguration.cpp:191:85: error: 'this' pointer is null [-Werror=nonnull]
191 | group->ClearCommands(nodeIdx);
| ~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/05ad5cc1f593704ef032f3c5278695247450b94b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure with gcc 11:
In file included from Source/FreeImage/../OpenEXR/IlmImf/ImfHeader.h:51,
from Source/FreeImage/../OpenEXR/IlmImf/ImfOutputFile.h:46,
from Source/FreeImage/PluginEXR.cpp:33:
Source/OpenEXR/Imath/ImathVec.h:228:41: error: ISO C++17 does not allow dynamic exception specifications
228 | const Vec2 & normalizeExc () throw (IEX_NAMESPACE::MathExc);
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/953cd07402fe2f99f2361a3b4a7b086a88e0d72d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure with gcc 11:
In file included from ../include/loki/SmartPtr.h:33,
from SmartPtr.cpp:20:
../include/loki/SmallObj.h: At global scope:
../include/loki/SmallObj.h:462:57: error: ISO C++17 does not allow dynamic exception specifications
462 | static void * operator new ( std::size_t size ) throw ( std::bad_alloc )
|
Fixes:
- http://autobuild.buildroot.org/results/768727160beaca5df3ef18be29cfbaa3ced67ad5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
rtl_433 (despite the name) is a generic data receiver, mainly for the
433.92 MHz, 868 MHz (SRD), 315 MHz, 345 MHz, and 915 MHz ISM bands.
https://github.com/merbanan/rtl_433
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: forcibly disable building docs and tests]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- [High] OCSP verification issue when response is for a certificate with
no relation to the chain in question BUT that response contains the
NoCheck extension which effectively disables ALL verification of that
one cert.
- [Low] OCSP request/response verification issue. In the case that the
serial number in the OCSP request differs from the serial number in
the OCSP response the error from the comparison was not resulting in a
failed verification.
- [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in
base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier.
Versions 4.6.0 and up contain a fix and do not need to be updated for
this report.
https://github.com/wolfSSL/wolfssl/blob/v4.8.1-stable/ChangeLog.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for vnstat is added by the services/vnstatd module in the
SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for quagga is added by the services/zebra module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for postgresql is added by the services/postgresql module in the
SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for ulogd is added by the services/ulogd module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for smstools3 is added by the services/smstools module in the
SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for smartmontools is added by the services/smartmon module in
the SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for rsync is added by the services/rsync module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for rpcbind is added by the services/rpcbind module in the
SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This package has some udev tools to assist with printer autodetection.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr:
- add missing dependency to host-pkgconf
- add patch for --with-cups-config
- use that to point to cups-config in staging
- append-assign in conditional blocks
- license to be GPL-2.0-or-later (not GPL-2.0-only)
- fix check-package
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 9dfbbbb410 wrongly removed
dependency on host-python3 or host-python resulting in the following
build failure:
cp -rp /tmp/instance-2/output-1/build/host-gtest-1.11.0/googlemock/scripts/generator/cpp /tmp/instance-2/output-1/per-package/host-gtest/host/lib/python2.7/site-packages
cp: cannot create directory '/tmp/instance-2/output-1/per-package/host-gtest/host/lib/python2.7/site-packages': No such file or directory
Fixes:
- http://autobuild.buildroot.org/results/a1d2e100a65d7c1c39c20bdd5bf687a804c94305
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for rabbitmq-server is added by the services/rabbitmq module in
the SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure with gcc 11:
In file included from ../../ibrdtn/data/PrimaryBlock.h:30,
from ../../ibrdtn/data/Serializer.h:27,
from ../../ibrdtn/data/Block.h:29,
from ../../ibrdtn/data/Bundle.h:27,
from ../../ibrdtn/api/Client.h:26,
from Client.cpp:22:
/tmp/instance-0/output-1/host/bin/../arm-buildroot-linux-gnueabihf/sysroot/usr/include/ibrcommon-1.0/ibrcommon/thread/Mutex.h:43:40: error: ISO C++17 does not allow dynamic exception specifications
43 | virtual void trylock() throw (MutexException) = 0;
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/c2d9033c68b5c1407d2cf87b98dff61958b8e7b6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure with gcc 11:
In file included from dumapp.cpp:39:
dumapp.h:88:49: error: ISO C++17 does not allow dynamic exception specifications
88 | void * DUMA_CDECL operator new(DUMA_SIZE_T) throw(std::bad_alloc);
| ^~~~~
While at it, also drop DUMA_CPP which does not seem to be set since the
addition of the package back in 2013 in commit
bda69bf4e4
Fixes:
- http://autobuild.buildroot.org/results/ed838a55f09841a643b05e5a7a7ca0a9d2882acd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
01.org url is permission denied. There seems to be no project page
anymore. Use kernel.org repo with cleaner https url.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since the update of gpsd to 3.21, olsr was failing to build with:
src/gpsdclient.c: In function 'nmeaInfoFromGpsd':
src/gpsdclient.c:373:14: error: 'struct gps_data_t' has no member named 'status'
373 | if (gpsdata->status == STATUS_NO_FIX) {
| ^~
This is due to an API change in gpsd. This commit fixes that by
backporting an upstream commit from olsr.
Fixes:
http://autobuild.buildroot.net/results/d8c5564b24ff5b646cdd786d07b3a45ce5fa01ea/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The foo-update-config and foo-update-defconfig targets only work if a
custom config file was defined. Remove those targets entirely if they
don't work to begin with.
This was originally handled with an error condition in the
kconfig-package-update-config macro. However, it makes more sense to
simply remove the target if it anyway can't be used.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[yann.morin.1998@free.fr: move PHONY before corresponding rule]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When the savedefconfig target is not supported by a kconfig package,
(like is the case for busybox) it doesn't make sense to define
busybox-savedefconfig or busybox-update-defconfig. Calling these leads
to an error from busybox itself "No rule to make target
'savedefconfig'.", which may be confusing.
Only define the savedefconfig and update-defconfig target if
$(2)_KCONFIG_SUPPORTS_DEFCONFIG is YES.
Note that we also need to define it as phony in the condition, otherwise
'make busybox-update-defconfig' will just say "Nothing to be done" and
we really want the error "No rule to make target
'busybox-update-defconfig'".
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[yann.morin.1998@free.fr: move PHONY before corresponding rule]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add apache module as for now it is unconditionally used in apcupsd.fc to
fix build failure raised since dc8b2905f1
Fixes:
- No autobuilder failures yet
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
These minor releases include a security fix according to the new security policy (#44918).
crypto/tls clients can panic when provided a certificate of the wrong type for the negotiated parameters.
net/http clients performing HTTPS requests are also affected. The panic can be triggered by an attacker
in a privileged network position without access to the server certificate's private key, as long as a trusted
ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with
Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher
suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.
This is CVE-2021-34558.
View the release notes for more information:
https://golang.org/doc/devel/release.html#go1.16.minor
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Build is broken since commit f043646044
because services/mta module is mandatory with fetchmail
Fixes:
- No autobuilder failures yet
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
fail2ban is a daemon to ban hosts that cause multiple authentication
errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0
through 0.11.2, there is a vulnerability that leads to possible remote
code execution in the mailing action mail-whois. Command `mail` from
mailutils package used in mail actions like `mail-whois` can execute
command if unescaped sequences (`\n~`) are available in "foreign" input
(for instance in whois output). To exploit the vulnerability, an
attacker would need to insert malicious characters into the response
sent by the whois server, either via a MITM attack or by taking over a
whois server. The issue is patched in versions 0.10.7 and 0.11.3. As a
workaround, one may avoid the usage of action `mail-whois` or patch the
vulnerability manually.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
SDL2 autotools-provided sdl2-config.cmake uses the absolute /usr prefix.
For this reason, we previously removed it (as of d59261836a).
This commit fixes sdl2-config.cmake to use relative paths instead.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Change from makefile to makefile.unix:
- brings pkgconfig support (libtomcrypt.pc will be installed)
- remove NODOCS (legacy, not used anymore)
- remove INSTALL_USER/INSTALL_GROUP (not needed for makefile.unix)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
While Erlang will use it's own atomic operations, it can also use gcc
__atomic_* builtins. This is now listed in Erlang's HOWTO/INSTALL.md.
This change was necessary on RISC-V, since Erlang didn't have a built-in
implementation, but it was able to use gcc's __atomic_* functions.
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
osm2pgsql is a tool for loading OpenStreetMap data into a
PostgreSQL / PostGIS database suitable for applications like
rendering into a map, geocoding with Nominatim, or general analysis.
https://osm2pgsql.org
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following static build failure with nginx raised since bump of
libmodsecurity to version 3.0.5 in commit
464d0be380:
/home/buildroot/autobuild/instance-2/output-1/host/lib/gcc/xtensa-buildroot-linux-uclibc/10.3.0/../../../../xtensa-buildroot-linux-uclibc/bin/ld: /home/buildroot/autobuild/instance-2/output-1/host/bin/../xtensa-buildroot-linux-uclibc/sysroot/usr/lib/libmodsecurity.a(libmodsecurity_la-transaction.o): in function `std::basic_streambuf<char, std::char_traits<char> >::sbumpc() [clone .isra.0]':
transaction.cc:(.text+0x40): undefined reference to `std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_dispose()'
Fixes:
- http://autobuild.buildroot.org/results/e5a9eb8448980f1c5cafe97180b7d1f48ddf02ca
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Starting with nmap 7.91, ncat segfaults on an attempt to use it for a
Unix-domain socket (`ncat -U path`). The fix has been committed to nmap
in r38121.
Signed-off-by: Alexey Neyman <stilor@att.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add option that enables gpsd python support including modules, tools,
and gpsfake test harness. If python is enabled then install python
modules unconditionally. Note that gpsd python modules run compatibly
under Python 2 and 3.x for x >= 2. So enable gpsd python support when
any Python version is enabled in board configuration. If no Python is
enabled, but gpsd Python support is requested, then select Python 3.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[yann.morin.1998@free.fr: fix check-package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Update gpsd to latest release v3.21:
- bump version
- update checksums
- remove patch for v3.20: it is not needed for v3.21
- remove obsolete options and add them to Config.in.legacy
Signed-off-by: Olivier Dautricourt <olivier.dautricourt@orolia.com>
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We need to backport an aarch64 patch to prevent a crash.
Fixes:
==654== Conditional jump or move depends on uninitialised value(s)
==654== at 0x68CF9D0: contains (Range.h:115)
==654== by 0x68CF9D0: mark (JITStubRoutineSet.h:57)
==654== by 0x68CF9D0: mark (ConservativeRoots.cpp:127)
==654== by 0x68CF9D0: genericAddPointer<JSC::CompositeMarkHook> (ConservativeRoots.cpp:69)
==654== by 0x68CF9D0: genericAddSpan<JSC::CompositeMarkHook> (ConservativeRoots.cpp:101)
==654== by 0x68CF9D0: JSC::ConservativeRoots::add(void*, void*, JSC::JITStubRoutineSet&, JSC::CodeBlockSet&) (ConservativeRoots.cpp:147)
==654== by 0x68EA5BB: JSC::MachineThreads::gatherConservativeRoots(JSC::ConservativeRoots&, JSC::JITStubRoutineSet&, JSC::CodeBlockSet&, JSC::CurrentThreadState*, WTF::Thread*) (MachineStackMarker.cpp:202)
==654== by 0x68D885B: _ZZN3JSC4Heap18addCoreConstraintsEvENUlRT_E0_clINS_11SlotVisitorEEEDaS2_ (Heap.cpp:2740)
==654== by 0x68EFF7B: JSC::MarkingConstraint::execute(JSC::SlotVisitor&) (MarkingConstraint.cpp:58)
==654== by 0x68F3D83: JSC::MarkingConstraintSolver::runExecutionThread(JSC::SlotVisitor&, JSC::MarkingConstraintSolver::SchedulerPreference, WTF::ScopedLambda<WTF::Optional<unsigned int> ()>) (MarkingConstraintSolver.cpp:237)
==654== by 0x68D4413: JSC::Heap::runTaskInParallel(WTF::RefPtr<WTF::SharedTask<void (JSC::SlotVisitor&)>, WTF::RawPtrTraits<WTF::SharedTask<void (JSC::SlotVisitor&)> >, WTF::DefaultRefDerefTraits<WTF::SharedTask<void (JSC::SlotVisitor&)> > >) (Heap.cpp:3061)
==654== by 0x68F3E9F: runFunctionInParallel<JSC::MarkingConstraintSolver::execute(JSC::MarkingConstraintSolver::SchedulerPreference, WTF::ScopedLambda<WTF::Optional<unsigned int>()>)::<lambda(JSC::SlotVisitor&)> > (Heap.h:397)
==654== by 0x68F3E9F: JSC::MarkingConstraintSolver::execute(JSC::MarkingConstraintSolver::SchedulerPreference, WTF::ScopedLambda<WTF::Optional<unsigned int> ()>) (MarkingConstraintSolver.cpp:66)
==654== by 0x68F4033: JSC::MarkingConstraintSolver::drain(WTF::BitVector&) (MarkingConstraintSolver.cpp:97)
==654== by 0x68F4B2F: JSC::MarkingConstraintSet::executeConvergenceImpl(JSC::SlotVisitor&) (MarkingConstraintSet.cpp:114)
==654== by 0x68F4C6B: JSC::MarkingConstraintSet::executeConvergence(JSC::SlotVisitor&) (MarkingConstraintSet.cpp:83)
==654== by 0x68D9BC7: JSC::Heap::runFixpointPhase(JSC::GCConductor) (Heap.cpp:1378)
==654== by 0x68D9E93: runCurrentPhase (Heap.cpp:1208)
==654== by 0x68D9E93: JSC::Heap::runCurrentPhase(JSC::GCConductor, JSC::CurrentThreadState*) (Heap.cpp:1176)
==654== Uninitialised value was created by a stack allocation
==654== at 0x5AC3E80: JSC::ARM64Assembler::linkJump(JSC::AssemblerLabel, JSC::AssemblerLabel, JSC::ARM64Assembler::JumpType, JSC::ARM64Assembler::Condition) [clone .isra.0] (ARM64Assembler.h:2556)
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure with nios2 raised since bump to version
1.2.2 in commit b436b82411:
/home/buildroot/autobuild/instance-1/output-1/build/open62541-v1.2.2/src/ua_types_encoding_binary.c: In function 'unpack754':
/home/buildroot/autobuild/instance-1/output-1/build/open62541-v1.2.2/src/ua_types_encoding_binary.c:322:12: error: conversion to 'long double' from 'long long int' may alter its value [-Werror=conversion]
result /= (1LL<<significandbits);
^~
Fixes:
- http://autobuild.buildroot.org/results/c0a33dbada549c480bc741c1c8177b788ff053db
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Build of avrcp without a2dp is broken since commit
fb9fc969d9:
/home/buildroot/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-uclibc/9.3.0/../../../../x86_64-buildroot-linux-uclibc/bin/ld: profiles/audio/bluetoothd-avrcp.o: in function `avrcp_handle_set_volume':
avrcp.c:(.text+0x9c4): undefined reference to `media_transport_update_device_volume'
However, build of a2dp without avrcp is also broken:
/data/buildroot-autobuilder/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/riscv32-buildroot-linux-gnu/10.2.0/../../../../riscv32-buildroot-linux-gnu/bin/ld: profiles/audio/bluetoothd-media.o: in function `.L50':
media.c:(.text+0x508): undefined reference to `avrcp_unregister_player'
/data/buildroot-autobuilder/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/riscv32-buildroot-linux-gnu/10.2.0/../../../../riscv32-buildroot-linux-gnu/bin/ld: profiles/audio/bluetoothd-media.o: in function `match_endpoint_by_path':
media.c:(.text+0x824): undefined reference to `avrcp_register_player'
Fixes:
- http://autobuild.buildroot.org/results/d54cdfc03212fff772a863d1bc8afd3cfb605831
- http://autobuild.buildroot.org/results/64d75af986a4d6e9c5a176efb6e22046f4d82350
So make a single audio option for a2dp and avrcp
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit e43c050944 introduced two flake8
errors:
utils/scanpypi:300:26: E231 missing whitespace after ','
utils/scanpypi:302:9: F841 local variable 'setup' is assigned to but never used
The first one is easily fixed. The second one needs a little bit of
explanation. Before commit e43c0509, the return value of
imp.load_module() was used to be able to explicitly call the 'setup'
function in it in case the metadata was not populated. Since that
commit, calling that function is no longer needed, since setup.py is
executed in exactly the same way as when it's run from the command line,
so if that doesn't work, it's completely broken anyway. Therefore, we
can simply discard the return value of imp.load_module().
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The rootfses, unlike packages, do not have stampfiles to represent
whether they are built or not. Indeed, we always rebuild the rootfs, and
there is a single step to do.
Hpwever, people (and scripts) who want to report on the build progress,
will want to know whether each rootfs has been built already or not.
Expose in show-info the name of the file that wil contain the rootfs
image.
$(1)_FINAL_IMAGE_NAME is set by the fs infrastructure, but initramfs
doesn't use the infrastructure. So to support that one as well, set
image_name to null if $(1)_FINAL_IMAGE_NAME is not set.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Vadim Kochan <vadim4j@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: eeppeliteloop@gmail.com
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Change sources location from bintray to github since bintray doesn't
work anymore.
Use commit hash for version instead of git tag to avoid breaking
existing source caches.
Signed-off-by: Daniil Stas <daniil.stas@posteo.net>
Cc: Baruch Siach <baruch@tkos.co.il>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This bug has been fixed upstream and backported to buildroot binutils
package. So let's remove it from toolchain/Config.in and from packages
that are affected by it:
- libgeos
- postgis
- protobuf
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
clapack has been unmaintained for a couple of years. It is
semi-automatically generated from lapack sources using the f2c
fortran-to-C converter, which itself is pretty much unmaintained.
Remove the package. Remove the dependency on !CLAPACK from lapack.
Automatically select lapack from legacy if possible.
Cc: Alexandre PAYEN <alexandre.payen@smile.fr>
Cc: Benjamin Kamath <kamath.ben@gmail.com>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Cc: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
BlueZ builds a lot of Classic BT profiles by default but allows
to disable them. This is especially handy when only BLE is needed
and enabled in the kernel.
Otherwise this yields warnings like this on bootup:
profiles/network/bnep.c:bnep_init() kernel lacks bnep-protocol support
src/plugin.c:plugin_init() System does not support network plugin
Also it allows to disable btmon which should not be needed on
production systems and is ~800KB in size.
Expose those options but default to 'y' to no break existing
configurations.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
From the release notes:
================================================================================
Redis 6.2.5 Released Wed Jul 21 16:32:19 IDT 2021
================================================================================
Upgrade urgency: SECURITY, contains fixes to security issues that affect
authenticated client connections on 32-bit versions. MODERATE otherwise.
Fix integer overflow in BITFIELD on 32-bit versions (CVE-2021-32761).
An integer overflow bug in Redis version 2.2 or newer can be exploited using the
BITFIELD command to corrupt the heap and potentially result with remote code
execution.
See https://github.com/redis/redis/blob/6.2.5/00-RELEASENOTES
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for modem-manager is added by the services/modemmanager module
in the SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In case the setup.py file of a python package does not directly call the
'setup' method, utils/scanpypi was hoping there be a 'main' function which
would do the work, normally called via a construct like:
if __name__ == '__main__':
main()
However, this construct is nonstandard, and there are packages in PyPI which
call 'setup()' directly from the 'if' statement, without a main() method.
But scanpypi does not actually need to make such assumption: when loading
the module, it can decide the name to be '__main__', just as if setup.py
would be loaded interactively.
Additionally, remove some logic seemingly related to the previous trick of
calling 'main'. There should not be a problem in keeping already loaded
modules in sys.modules, as this is the purpose of sys.modules.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Even though the directory containing a package's setup.py was added to
sys.path, some setup.py implementations rely on the fact that it is placed
in sys.path[0].
An example package is 'cram' which failed to be added with scanpypi:
Traceback (most recent call last):
File "utils/scanpypi", line 756, in <module>
main()
File "utils/scanpypi", line 703, in main
package.load_setup()
File "utils/scanpypi", line 303, in load_setup
setup = imp.load_module('setup', s_file, s_path, s_desc)
File "/usr/lib/python3.8/imp.py", line 234, in load_module
return load_source(name, filename, file)
File "/usr/lib/python3.8/imp.py", line 171, in load_source
module = _load(spec)
File "<frozen importlib._bootstrap>", line 702, in _load
File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 783, in exec_module
File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
File "/tmp/scanpypi-2pzc5wb_/python-cram/cram-0.7/setup.py", line 44, in <module>
long_description=long_description(),
File "/tmp/scanpypi-2pzc5wb_/python-cram/cram-0.7/setup.py", line 20, in long_description
return open(os.path.join(sys.path[0], 'README.rst')).read()
FileNotFoundError: [Errno 2] No such file or directory: '.../buildroot/utils/README.rst'
The corresponding code from cram's setup.py is:
def long_description():
"""Get the long description from the README"""
return open(os.path.join(sys.path[0], 'README.rst')).read()
Indeed, the Python documentation says:
https://docs.python.org/3.8/library/sys.html#sys.path
"...
As initialized upon program startup, the first item of this list,
path[0], is the directory containing the script that was used to invoke
the Python interpreter.
..."
Fix this by inserting explicitly at index 0 instead of appending to
sys.path.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- change clock_gettime option from yes/no style to disable/enable one
(still omitting the explicit disable to keep the configure logic
defaulting to yes in case no rdtsc is available)
- change to set all available configure options:
* '--enable-daemon': previous default
* '--disable-diagnostic': previous default
* '-disable-init': do not install init files as buildroot ships its
own sysv/systemd init files
* '--disable-nistest': disable tests, previous default
* '--disable-enttest': new option, disable tests
* '--disable-olt': previous default was yes, disable builtin test
* '--enable-tune': previous default
- add patch to fix uclibc compile (disable dependency on sys/auxv.h
introduced with upstream commit [1])
Changelog ([2]):
- made enttest configurable
- havegecmd.c - new command added to close the communication socket
[Werner Fink]
[1] https://github.com/jirka-h/haveged/commit/26d35af198da01220ba4f7a1b987f17012476c00
[2] https://github.com/jirka-h/haveged/releases/tag/v1.9.14
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- add patch for qv4regexp_p to include c++ limits include (instead of plain
c limit.h)
Fixes:
In file included from jsruntime/qv4regexp_p.h:62,
from jsruntime/qv4regexp.cpp:40:
../3rdparty/masm/yarr/Yarr.h:46:44: error: ‘numeric_limits’ is not a member of ‘std’
46 | static const unsigned offsetNoMatch = std::numeric_limits<unsigned>::max();
| ^~~~~~~~~~~~~~
../3rdparty/masm/yarr/Yarr.h:46:59: error: expected primary-expression before ‘unsigned’
46 | static const unsigned offsetNoMatch = std::numeric_limits<unsigned>::max();
| ^~~~~~~~
- add patch for qqmlprofilerevent_p to include c++ limits include
Fixes:
In file included from qqmlprofilertypedevent_p.h:43,
from qqmlprofilertypedevent.cpp:40:
qqmlprofilerevent_p.h: In member function ‘void QQmlProfilerEvent::assignNumbers(const Container&)’:
qqmlprofilerevent_p.h:314:65: error: ‘numeric_limits’ is not a member of ‘std’
314 | static_cast<quint16>(numbers.size()) : std::numeric_limits<quint16>::max();
| ^~~~~~~~~~~~~~
qqmlprofilerevent_p.h:314:87: error: expected primary-expression before ‘>’ token
314 | static_cast<quint16>(numbers.size()) : std::numeric_limits<quint16>::max();
| ^
qqmlprofilerevent_p.h:314:90: error: ‘::max’ has not been declared; did you mean ‘std::max’?
314 | static_cast<quint16>(numbers.size()) : std::numeric_limits<quint16>::max();
| ^~~
| std::max
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
gdb can automatically load certain files as described in [1]. Such files
could install pretty-printers for complex data structures.
libstdcxx (C++ standard library) provided by gcc, is one example of a
library for which such auto-load file is available. But there are other
examples too, like libglib2.
However, gdb will only auto-load files if the file is located in one of the
locations treated as 'safe'. The Buildroot sysroot is not by default in that
list.
Provide a better debugging experience by adding the sysroot to the 'safe'
list, via the gdbinit file prepared by Buildroot.
[1] https://sourceware.org/gdb/onlinedocs/gdb/objfile_002dgdbdotext-file.html
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
gcc installs a libstdcxx-...so-gdb.py file that gdb will load automatically
when it loads libstdcxx.so, via the mechanism described at [1].
However, the auto-load file installed by gcc contains hardcoded paths
referring to the location where the (external) toolchain was built, which
are normally not available.
Fix up the paths in the load file so that the pretty printers can be loaded
automatically.
Note that gdb will only auto-load the file if its location is marked as
'safe'. A subsequent commit will take care of that.
Technically, there could be more than one load file, e.g. in lib and
usr/lib, so fix them all. This was for example observed in
BR2_TOOLCHAIN_EXTERNAL_ARM_AARCH64.
In a very specific case with a local custom toolchain, there were actually
two 'python' directories, which would break the sed command, so arbitrarily
limit to the first one encountered.
[1] https://sourceware.org/gdb/onlinedocs/gdb/objfile_002dgdbdotext-file.html
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When enabling Python 3 support in gdb < 10, gdb segfaults at startup.
The issue is was resolved by the following upstream gdb commit,
present since gdb 10.1:
commit c47bae859a5af0d95224d90000df0e529f7c5aa0
Author: Kevin Buettner <kevinb@redhat.com>
Date: Wed May 27 20:05:40 2020 -0700
Fix Python3.9 related runtime problems
[...]
This commit backports this fix to all relevant gdb versions supported
in Buildroot.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- overwrite cross-compiled mariadb_config executable (used from the
mysql_config script) by a native/host compiled one
Fixes (qt5base configure):
Trying source 0 (type mysqlConfig) of library mysql ...
+ .../host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/mysql_config --version
> .../host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/mysql_config: line 100: \
.../host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/mariadb_config: cannot execute binary file: Exec format error
with
$ file host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/mariadb_config
host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/mariadb_config: ELF 64-bit LSB pie executable, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, for GNU/Linux 5.10.0, with debug_info, not stripped
Reported-by: Scott Bartolett <SBartolett@thorlabs.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Create a symlink for libglx.so and drop libnvidia-wfb.so (aka libwfb.so)
since all selectable xserver versions in Buildroot provide their own.
VDPAU libraries should be installed into /usr/lib/vdpau/
https://download.nvidia.com/XFree86/Linux-x86_64/390.67/README/installedcomponents.html
Also, allow specifying target subdirectory per library and respect it in
the install loop.
Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Parallelizes locale generation based on `BR2_JLEVEL` setting.
Locale generation always runs during the finalize stage and can consume
a significant amount of time. Parallelizing it greatly reduces that time
on multi-core machines.
To parallelize it, we first invoke `localedef` for every locale in
parallel with the `--no-archive` option. This creates the intermediate
locale data instead of writing to the finally archive directly.
Then, we invoke `localedef` again once to create the archive from the
intermediate compiled locale data files.
We have to do it this way because `localedef` does not do any locking
when writing to the archive file, so calling it without `--no-archive`
concurrently could result in a corrupt archive file or an archive file
that is missing some locales.
While we're at it, make two additional improvements:
- Remove locale-archive before adding to it. Otherwise, repeated
applications of target-finalize will keep on growing the file.
- Sort the locales when creating locale-archive so its contents are
reproducible.
We use `find` to collect the installed locales rather than LOCALES. This
makes it possible for something else (skeleton, overlay, custom package)
to create and install additional locales and still have them added to
locale-archive.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[Arnout:
- Remove -j$(PARALLEL_JOBS), it's already part of $(MAKE)
- Remove HOST_DIR, TARGET_DIR, STAGING_DIR, they're already exported
- Extend commit message
]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The nios2 architecture is already excluded from PIC/PIE due to issues,
and we're going to also exclude Microblaze, so let's introduce a
BR2_PIC_PIE_ARCH_SUPPORTS hidden boolean to facilitate adding this new
architecture exclusion.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit e6b3913cfc converted busybox to the generic kconfig help text
infrastructure, but set the wrong variable to flag that it doesn't
support defconfig files. Fix that.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Some external packages call pg_config to determine the installed
PostgreSQL cflags_sl option. Add this output to Buildroots own
pg_config, so these packages correctly compile.
Default value is defined at src/template/linux as:
Extra CFLAGS for code that will go into a shared library
CFLAGS_SL="-fPIC"
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
python-paramiko has a dependency on C++ support, which was added in
commit 2d7b73cf75 in 2016.
When python-pysftp was added in commit
3b920487ba in 2020, this C++ dependency
was not propagated, even though python-pysftp selects python-paramiko.
This commit fixes this issue by propagating the dependency, which
fixes this warning:
WARNING: unmet direct dependencies detected for BR2_PACKAGE_PYTHON_PARAMIKO
Depends on [n]: (BR2_PACKAGE_PYTHON [=n] || BR2_PACKAGE_PYTHON3 [=y]) && BR2_PACKAGE_PYTHON3 [=y] && BR2_INSTALL_LIBSTDCPP [=n]
Selected by [y]:
- BR2_PACKAGE_PYTHON_PYSFTP [=y] && (BR2_PACKAGE_PYTHON [=n] || BR2_PACKAGE_PYTHON3 [=y]) && BR2_PACKAGE_PYTHON3 [=y]
That occurs with configuration with C++ disabled, but python-pysftp
enabled.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As Thomas put it:
The <pkg>_HELP_CMDS variable allows packages using the
kconfig-package infrastructure to display their specific
targets related to the handling of their configuration.
However, it was not consistently used and handled by the
different packages.
So, this commit switches all the kconfig-based package to use the
generic help helper.
As a consequence:
- all kconfig packages now advetise their kconfig-related actions,
where some were previously missing: at91bootstrap3, linux-backports,
swupdate, xvisor;
- busybox advertises it does not support defconfig files;
- the 'foo-savedfconfig' action is no longer advertised: it is to be
considered an internal implementation detail.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Currently, as Thomas pointed out [0], the help for kconfig packages is
not consistently used and handled by the different packages.
This commit introduces a generic help text for kconfig packages, that is
based on what the package declares:
- the list of kconfig editors it supports;
- whether it is possible to save back the configuration (impossible if
the package uses an in-tree defconfig file);
- whether the package actually supports (loading and saving) defconfig
files, by introducing a new variable a package can set if it does
not (only busybox is known to be in that case).
That new help helper is only used if the package does not already define
its own help, to be consistent with what we do for other _CMDS.
[0] http://lists.busybox.net/pipermail/buildroot/2021-July/313570.html
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Currently, we define the default values for kconfig-specific variables
after we call into the generic package infrastructure.
So far, this was totally unconsequential, because there was no kconfig
variable that could influence the generic parts. But conversely, there
are generic variables that do influence the kconfig part (e.g. $(2)_DIR
that is used in some dependency definitions), but none that do influence
the kconfig variables.
However, we are going to add a new kconfig-related variable that will
have an impact on the generic parts, so we will want that kconfig
variable to be defined before calling into the generic infrastructure.
For consistency, move all the defaults before calling the generic infra.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Let's bump at to version 3.2.2 by:
- moving SITE to http://software.calhariz.com/at that is the official at
realease site while the actual(https://salsa.debian.org/debian/at)
doesn't provide consitent tarballs.
- rebasing 2 local patches(some some of them has not been accepted upstream
because of removing -g root -o root while installing, while other simply
has not been taken into account for 1 year.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This makes it easier for packages that depend on lapack to get
their dependencies correct.
The !uClibc dependency is also not sufficient: indeed, musl too does not
provide _fpu_control; only glibc does. This is the same situation as for
clapack. Add a comment about this, to mirror clapack.
Since the !glibc dependency only exists for PowerPC, treat it as
an architecture dependency.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[yann.morin.1998@free.fr:
- fpu_control depends on glibc, not on !uclibc
- add or update comments accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This makes it easier for packages that depend on clapack to get
their dependencies correct.
Since the glibc dependency only exists for PowerPC, treat it as
an architecture dependency.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This reverts commit 1ad3de2abd.
Indeed, the tarball changed, so its hash changed; this is going to
cause the traditional hash clash with the existing archive on s.b.o.
or on users machines...
Reported-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch replace matchpathcon calls in the auditd init script by
calls to selabel_lookup. Indeed, matchpathcon is now deprecated, and
this causes warning during the boot process.
Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that Spidermonkey is no longer required to build the polkit package, and
no other packages require Spidermonkey, and python2 is required to build the
package, it is safe to drop the package.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This test script tests polkit with and without systemd.
The Systemd test does the following:
- The brtest user attempts to restart the systemd-timesyncd service and is
denied.
- A systemd-timesyncd-restart.rules file provided by polkit-rules-test
is copied from /root/ to /etc/polkit-1/rules.d
- The brtest user attempts to restart the systemd-timesyncd service and should
now succeed.
The initd test does the following:
- The brtest user attempts to run the test application "hello-polkit" with the
command "pkexec hello-polkit" and is denied.
- A hello-polkit.rules file provided by polkit-rules-test is copied from /root/
to /etc/polkit-1/rules.d
- The brtest user attempts to re-run the test hello-polkit binary with
"pkexec hello-polkit" and succeeds.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The Polkit source does not come with non-systemd init script. Add one that is
modeled after package/busybox/S01syslogd.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Unfortunately, as of commit 3e1d61868fa8bfc586099302e931433270e5d17d, polkit
requires mozjs >= 78, which means spidermonkey is too old. As such, this patch
is larger than usual.
Spidermonkey has a few major issues:
- The source directory after compilation is enormous (2.7G!)
- The shared library is 24MB stripped!
- It requires python2 to build, which is EOLed, and Buildroot is working
towards removing. See: https://elinux.org/Buildroot:Python2Packages
Instead of going through the arduous task of updating Spidermonkey, there is a
better solution: use duktape.
There has been a pending patch for over a year that incorporates duktape as an
optional backend for polkit found here:
https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/35
As Thomas Petazzoni put it:
"As I am subscribed to notifications on this merge request, I have been
following the intermittent discussions taking place on this topic.
And indeed, discussions have been sparse, and the polkit maintainer reaction
has not been very supportive. It even feels like they are trying to find
every possible argument or small issue not to merge the duktape integration."
Many people have come out to support using duktape, and many users, including
myself, have used polkit with duktape for as long as the above merge request has
been around without issues; merging in the above merge request is an acceptable
exception to the typical Buildroot package policies.
As Thomas also suggested, I have forked polkit on Github
(https://github.com/aduskett/polkit-duktape), with the above duktape
merge request applied, and a release made with the same tag as upstream (0.119).
I refrained from also adding 0001-make-netgroup-support-optional.patch as it is
outside of the scope of why the fork exists.
Changes:
- refactor 0001-make-netgroup-support-optional.patch to work with 0.119 and
duktape.
- Remove upstream incorporated 0002-jsauthority-memleak.patch
- Remove upstream 0003-polkit-0.116-pkttyagent-sigttou-bg-job.patch
- Remove any trace of spidermonkey from polkit, udisks, and systemd-polkit
- Add duktape as a dependency of polkit
- Change POLKIT_SITE to the above polkit-duktape GitHub repository.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Change sources location from bintray to github since bintray doesn't
work anymore
Signed-off-by: Daniil Stas <daniil.stas@posteo.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Python is removed as dependency.
gtest uses python for self-tests which are not run by buildroot,
and the remaining scripts are not used by the build, and aren't
maintained or supported.
Special handling for gtest-config and gmock-config is removed as well,
the CMake Buildsystem now does take care of those.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
[Arnout: still install gmock_gen.py]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure raised since bump to version 1.2.5.1 in
commit af19131543:
/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/9.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: ../src/.libs/libasound.a(control_symbols.o):(.data+0x4): undefined reference to `_snd_module_control_empty'
Fixes:
- http://autobuild.buildroot.org/results/a8fd791ba4c289cc4fc744a8ff9615bacd9558f3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We need to backport an aarch64 patch to prevent a crash.
Fixes:
==654== Conditional jump or move depends on uninitialised value(s)
==654== at 0x68CF9D0: contains (Range.h:115)
==654== by 0x68CF9D0: mark (JITStubRoutineSet.h:57)
==654== by 0x68CF9D0: mark (ConservativeRoots.cpp:127)
==654== by 0x68CF9D0: genericAddPointer<JSC::CompositeMarkHook> (ConservativeRoots.cpp:69)
==654== by 0x68CF9D0: genericAddSpan<JSC::CompositeMarkHook> (ConservativeRoots.cpp:101)
==654== by 0x68CF9D0: JSC::ConservativeRoots::add(void*, void*, JSC::JITStubRoutineSet&, JSC::CodeBlockSet&) (ConservativeRoots.cpp:147)
==654== by 0x68EA5BB: JSC::MachineThreads::gatherConservativeRoots(JSC::ConservativeRoots&, JSC::JITStubRoutineSet&, JSC::CodeBlockSet&, JSC::CurrentThreadState*, WTF::Thread*) (MachineStackMarker.cpp:202)
==654== by 0x68D885B: _ZZN3JSC4Heap18addCoreConstraintsEvENUlRT_E0_clINS_11SlotVisitorEEEDaS2_ (Heap.cpp:2740)
==654== by 0x68EFF7B: JSC::MarkingConstraint::execute(JSC::SlotVisitor&) (MarkingConstraint.cpp:58)
==654== by 0x68F3D83: JSC::MarkingConstraintSolver::runExecutionThread(JSC::SlotVisitor&, JSC::MarkingConstraintSolver::SchedulerPreference, WTF::ScopedLambda<WTF::Optional<unsigned int> ()>) (MarkingConstraintSolver.cpp:237)
==654== by 0x68D4413: JSC::Heap::runTaskInParallel(WTF::RefPtr<WTF::SharedTask<void (JSC::SlotVisitor&)>, WTF::RawPtrTraits<WTF::SharedTask<void (JSC::SlotVisitor&)> >, WTF::DefaultRefDerefTraits<WTF::SharedTask<void (JSC::SlotVisitor&)> > >) (Heap.cpp:3061)
==654== by 0x68F3E9F: runFunctionInParallel<JSC::MarkingConstraintSolver::execute(JSC::MarkingConstraintSolver::SchedulerPreference, WTF::ScopedLambda<WTF::Optional<unsigned int>()>)::<lambda(JSC::SlotVisitor&)> > (Heap.h:397)
==654== by 0x68F3E9F: JSC::MarkingConstraintSolver::execute(JSC::MarkingConstraintSolver::SchedulerPreference, WTF::ScopedLambda<WTF::Optional<unsigned int> ()>) (MarkingConstraintSolver.cpp:66)
==654== by 0x68F4033: JSC::MarkingConstraintSolver::drain(WTF::BitVector&) (MarkingConstraintSolver.cpp:97)
==654== by 0x68F4B2F: JSC::MarkingConstraintSet::executeConvergenceImpl(JSC::SlotVisitor&) (MarkingConstraintSet.cpp:114)
==654== by 0x68F4C6B: JSC::MarkingConstraintSet::executeConvergence(JSC::SlotVisitor&) (MarkingConstraintSet.cpp:83)
==654== by 0x68D9BC7: JSC::Heap::runFixpointPhase(JSC::GCConductor) (Heap.cpp:1378)
==654== by 0x68D9E93: runCurrentPhase (Heap.cpp:1208)
==654== by 0x68D9E93: JSC::Heap::runCurrentPhase(JSC::GCConductor, JSC::CurrentThreadState*) (Heap.cpp:1176)
==654== Uninitialised value was created by a stack allocation
==654== at 0x5AC3E80: JSC::ARM64Assembler::linkJump(JSC::AssemblerLabel, JSC::AssemblerLabel, JSC::ARM64Assembler::JumpType, JSC::ARM64Assembler::Condition) [clone .isra.0] (ARM64Assembler.h:2556)
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
A flaw was found in mupdf 1.18.0. Double free of object during
linearization may lead to memory corruption and other potential
consequences.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes:
- http://autobuild.buildroot.net/results/24230242c15eb379d653c957a08621f8a1fac55e
ssl/qdtls_openssl.cpp: In member function ‘bool dtlsopenssl::DtlsState::initCtxAndConnection(QDtlsBasePrivate*)’:
ssl/qdtls_openssl.cpp:717:9: error: ‘q_SSL_set_psk_server_callback’ was not declared in this scope; did you mean ‘q_SSL_set_psk_use_session_callback’?
717 | q_SSL_set_psk_server_callback(newConnection.data(), dtlscallbacks::q_PSK_server_callback);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| q_SSL_set_psk_use_session_callback
ssl/qdtls_openssl.cpp:719:9: error: ‘q_SSL_set_psk_client_callback’ was not declared in this scope; did you mean ‘q_SSL_set_psk_use_session_callback’?
719 | q_SSL_set_psk_client_callback(newConnection.data(), dtlscallbacks::q_PSK_client_callback);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| q_SSL_set_psk_use_session_callback
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
diff in README:
- Copyright (c) 1997, 2000, 2002, 2013 Jay Rogers. All rights
+ Copyright (c) 1997, 2000, 2002, 2013, 2021 Jay Rogers. All rights
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
LICENSE was reformated, the copyright holder is unchanged:
This software is copyright (c) 2012 by John Scoles.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This release includes the following changes:
- Security bugfixes
OpenSSL DLLs updated to version 1.1.1k.
- New features
Client-side "protocol = ldap" support (thx to Bart Dopheide and Seth Grover).
- Bugfixes
The test suite fixed not to require external connectivity.
Fixed paths in generated manuals (thx to Tatsuki Makino).
Fixed configuration reload when compression is used.
Fixed compilation with early releases of OpenSSL 1.1.1.
Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update to add lxc and qemu options for libvirt under the daemon
config option
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Update to add the libvirtd daemon for libvirt
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
[Arnout: put all CONF_OPTS that depend on LIBVIRT_DAEMON together]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Libvirt is collection of software that provides a convenient way to
manage virtual machines and other virtualization functionality, such as
storage and network interface management. These software pieces include
an API library, a daemon (libvirtd), and a command line utility (virsh).
http://libvirt.org/
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
[Arnout:
- Re-introduce BR2_PACKAGE_LIBVIRT_ARCH_SUPPORTS
- Put all Config.in comments on one line
- Put the comment before the option itself (makes sure sub-option
indention is good)
- Remove spurious BR2_PACKAGE_NETCAT dependency
- Alphabetically order dependencies in Config.in
- Add select of libglib2
- Alphabetically order CONF_OPTS
]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
rpcgen patches raise a build failure with host-libtirpc since commit
0a5a9741e0 because rpcgen is not provided
by modern glibc:
rpcgen -h -o tirpc/rpcsvc/crypt.h tirpc/rpcsvc/crypt.x
make[1]: rpcgen: No such file or directory
Those patches were added to build rpcbind back in 2012 with commit
18828103cd however they don't seem to be
needed anymore as rpcbind builds fine without them
So drop those patches and autoreconf as well as the host-nfs-utils
dependency from the target variant.
Fixes:
- http://autobuild.buildroot.org/results/6607cb9bec426b8c78e649484d5a149a1bf12a7f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changelog ([1], [2]):
- Build: fix bug: won't compile with --enable-libxml2, introduced with
Release 1.44 (December 2015).
- Build: update config.guess and config.sub so Configure can recognize
newer environments.
- Build: Fix link failure in several tools because they fail to link the
Curl library. Don't know how long this was broken.
- Build: Eliminate compiler warnings with GCC 6.3
- Code cleanups - trailing white space, compile warnings
- Abyss: fix bug: wild memory reference when server times out waiting for
request header. Introduced with Release 1.44 (December 2015).
[1] http://xmlrpc-c.sourceforge.net/change.html
[2] http://xmlrpc-c.sourceforge.net/change_advanced.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- change to SVN download (according to [1] only 1.51.x available
via Sourceforge download)
- remove 0001-use-correct-curl-config.patch
(upstream applied)
Changelog ([2], [3]):
- Build: Use 'curl-config' found at configure time, not at make time.
- Build: fix bug: ignores LDFLAGS_FOR_BUILD, LDFLAGS_PERSONAL, and
LDFLAGS_PTHREAD when building the build tool Gennmtab.
- Build: fix bug: won't compile with --enable-libxml2, introduced with
Release 1.44 (December 2015).
- Abyss: fix bug: wild memory reference when server times out waiting for
request header. Introduced with Release 1.44 (December 2015).
[1] http://xmlrpc-c.sourceforge.net/downloading.php
[2] http://xmlrpc-c.sourceforge.net/change.html
[3] http://xmlrpc-c.sourceforge.net/change_stable.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
See https://golang.org/doc/install/source#bootstrapFromSource
All Go compiler versions > 1.4.x (old) are written in Go, and require a existing
compiled Go version to use to build from source. Buildroot uses a 1.4.x version
in the "go-bootstrap" package to build a C-based Go compiler, and then uses that
compiler to build the main "host-go" compiler.
This commit updates to the latest 1.4.x go-bootstrap branch version recommended
in the documentation, which includes more compatibility fixes.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
gcc 11.1 is around, gcc 10.2 is the default version, so drop
8.4 in order to reduce the gcc choice.
For PowerPC SPE, introduce BR2_GCC_VERSION_POWERPC_SPE
to avoid removing defconfigs arcturus_ucp1020_defconfig,
freescale_p1025twr_defconfig and qemu_ppc_mpc8544ds_defconfig
that are still used by some users [1].
BR2_GCC_VERSION_POWERPC_SPE use the same gcc version (8.4), no
change expected.
[1] 96e80ad214
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Oleksandr Zhadan <oleks@arcturusnetworks.com>
Cc: Michael Durrant <mdurrant@ArcturusNetworks.com>
Cc: Matthew Weber <matthew.weber@collins.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
During testing of bluez-alsa in particular, there is no compilation
dependency - but, some configurations will request the load of a
particular plugin:
ALSA lib dlmisc.c:337:(snd_dlobj_cache_get0) \
Cannot open shared library libasound_module_rate_samplerate_best.so \
(/usr/lib/alsa-lib/libasound_module_rate_samplerate_best.so: \
cannot open shared object file: No such file or directory)
Adding in the alsa-plugins package allows to build build the
appropriate plugins.
Signed-off-by: Charles Hardin <ckhardin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This version bump is needed prior to the introduction of alsa-plugins
1.2.5.
As part of this bump, we drop 0002-dlmisc-the-snd_plugin_dir_set.patch
which was an upstream backport, and we introduce
0002-fix-build-with-disable-ucm.patch to fix the build of alsa-lib
when UCM support is disabled. This patch is also backported from
upstream.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
In file included from ../gst-libs/gst/gl/gstglwindow.c:54:
../gst-libs/gst/gl/wayland/gstglwindow_wayland_egl.h:25:10: fatal error: xdg-shell-client-protocol.h: No such file or directory
25 | #include "xdg-shell-client-protocol.h"
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Other changes:
- Change license to GPL-3.0 and BSD-3-Clause
- Change license file to LICENSE and naxsi_src/ext/libinjection/COPYING
- Update license hash's in nginx-naxsi.hash
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested with ./utils/test-pkg -p nginx -a on Fedora 34
45 builds, 6 skipped, 0 build failed, 0 legal-info failed
Other changes:
- Rebase needed patches.
- Update license hash due to year change.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The configure script uses pkg-config to detect the location of
tmpfiles.d but imposes an unspecified ordering dependency with systemd.
Instead of relying on systemd being built before cryptsetup, set the
directory path explcitly, and ensure it is not set when systemd-tmpfiles
is disabled.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Recent tarballs from PyPI use setuptools instead of distutils, so
change `PYTHON_PYMUPDF_SETUP_TYPE`.
They also include a license file, so include it and a hash for it.
This version also has a new dependency: freetype2.
PYTHON_PYMUPDF_REMOVE_PATHS is updated to take the new dependency into
account, but also the sed command are changed to delete include lines
instead of turning them into empty strings. Indeed, empty include
strings lead to using multiple `-I` flags which were not followed by
anything. Depending on the number of empty include strings (because
two successive `-I` "cancel" each other out), it would have failed to
compile.
Also, it turns out the patch version of python-pymupdf doesn't have to
match mupdf's version (e.g. python-pymupdf 1.18.14 is compatible with
mupdf 1.18.*) so while at it, remove the word "exactly" from the
comment.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
It turns out the patch version of python-pymupdf doesn't have to match
mupdf's version (i.e. python-pymupdf 1.18.14 is compatible with mupdf
1.18.*) so remove the word "exactly" from the comment.
mupdf now has a new dependency: gumbo-parser.
gumbo-parser is included when downloading the sources for mupdf, but
instead we use the version provided by Buildroot.
While at it, take the chance to (based on previous review comments):
- Fix indentation in the hash file (two spaces).
- Switch to using the ".xz" archive.
- Add a conditional on freeglut.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Gumbo is an implementation of the HTML5 parsing algorithm implemented
as a pure C99 library with no outside dependencies.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Link with TARGET_NLS_LIBS if needed to avoid the following build
failure:
/home/buildroot/autobuild/run/instance-2/output-1/host/opt/ext-toolchain/bin/../lib/gcc/xtensa-buildroot-linux-uclibc/9.3.0/../../../../xtensa-buildroot-linux-uclibc/bin/ld: lib/libgranite.so.5.4.0.p/meson-generated_Application.c.o: in function `_vala_array_free.constprop.0':
Application.c:(.text+0x340): undefined reference to `libintl_bindtextdomain'
Fixes:
- http://autobuild.buildroot.org/results/d754cb776a1e11031cef4e66d45619aad5c4575d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add rtl8812au-aircrack-ng (alternative to rtl8821au), recommended
e.g. for Alfa cards ([1]) and as opposed to rtl8821au does not crash
in case of configured for IBSS mode and supports iw set freq command in
monitor mode.
[1] https://docs.alfa.com.tw/Support/Linux/RTL8811AU
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- update hash of WHENCE file
- update BRCM_BCM43XX and BRCM_BCM43XXX entries (omitting the new ones with
spaces in the path name 'brcm/brcmfmac43430a0-sdio.ONDA-V80 PLUS.txt' and
'brcm/brcmfmac43455-sdio.MINIX-NEO Z83-4.txt') and convert to one
entry per line format (easier to parse and update)
- fix WHENCE evaluation for new link entries with spaces (otherwise
reports the following warning '/bin/sh: line 1: test: too many arguments'
and does not create the link), e.g.:
Link: brcm/brcmfmac43455-sdio.Raspberry\ Pi\ Foundation-Raspberry\ Pi\ 4\ Model\ B.txt -> brcmfmac43455-sdio.raspberrypi,4-model-b.txt
Link: brcm/brcmfmac43455-sdio.Raspberry\ Pi\ Foundation-Raspberry\ Pi\ Compute\ Module\ 4.txt -> brcmfmac43455-sdio.raspberrypi,4-model-b.txt
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove duplicated entries for brcmfmac4366b-pcie.bin and
brcmfmac4366c-pcie.bin (present since addition with
commit ca6e3f4b90)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The default setting with miniuart-bt requires hciattach which is a
deprecated utility in BlueZ. Setting the krnbt parameter switches to
the modern method of using serdev in the kernel removing the need for
any userspace configuration to enable the Bluetooth controller.
This is documented as applying to all Raspberry Pi variants so just
enable it globally.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The overriden service files appear to have compatibility issues
with upstream rpcbind, don't replace the bundled service files.
We need to build with --enable-warmstarts as this is required
by the systemd service files.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove 0001-Move-README-to-reStructured-text.patch
since it has been merged upstream.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump OP-TEE Client package version to OP-TEE release 3.13.0.
Remove patch since addressed in that release.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump OP-TEE OS package version to OP-TEE release 3.13.0.
Add a patch already merged OP-TEE to fix build issue seen with 3.13.0
on some BR toolchain.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently mx6cubox uses a custom boot.scr.txt script
and custom image generation scripts: genimage.cfg, post-build.sh
and post-image.sh.
Switch to using the more standard extlinux.conf solution
and remove the custom scripts in favor of the standard
board/freescale/common/imx/post-image.sh one.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Tested-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
a10_olinuxino is not switched to extlinux.conf, so the broken symlinks
are replaced by the previous content from a20_olinuxino.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The urlify feature in the systemd pager is only supported by the full
less package and not busybox less, enable only for builds with full
less support.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
imx7d-sdb has been converted to use disto boot in U-Boot.
Add extlinux.conf support so that the board can boot correctly.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, only SPL is supported when BR2_LINUX_KERNEL_INSTALL_TARGET=y
is selected.
Support non-SPL case too.
This is needed for booting imx7d-sabresd, for example.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
V4L cx231xx devices need a firmware to be useful. So this patch adds
a submenu for V4L firmwares and an option for cx231xx devices.
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This new attempt to maintain p7zip is already picked up by Distributions.
It fixes CVE-2016-9296, CVE-2017-17969, CVE-2018-5996 and CVE-2018-10115.
Signed-off-by: André Zwing <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This enables EROFS big pcluster images for buildroot.
Signed-off-by: Gao Xiang <hsiangkao@aol.com>
[yann.morin.1998@free.fr: must be a multiple of 4KiB]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Currently wandboard uses a custom boot.scr.txt script
and custom image generation scripts, genimage.cfg and
post-build.sh.
Switch to using the more standard extlinux.conf solution
and remove the custom scripts in favor of the standard
board/freescale/common/imx/post-image.sh one.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Only 0600 rights are allowed for the rules.conf. This file is read when the
usbguard daemon starts and will prevent it to run otherwise.
As Git only tracks the executable bit, setting the right permissions in the
package makefile is the cleanest solution, in particular when providing this
file from a rootfs overlay.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
comment message for gqrx is always displayed. This is due to an invert
dependency: GQRX depends on !BR2_STATIC_LIBS so comment must depends
on BR2_STATIC_LIBS.
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Change download location to the project's page so that
we still can get *.tar.gz file instead of *.zip.
The LICENSE file has changed the copyright year from 2015
to 2020.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
usbguard doesn't build on musl because it uses GNU version of strerror_r
as well as basename resulting in the following build failure:
In file included from ./src/Library/public/usbguard/Rule.hpp:24,
from src/CLI/usbguard-rule-parser.cpp:23:
./src/Library/public/usbguard/Exception.hpp: In static member function 'static std::string usbguard::ErrnoException::reasonFromErrno(int)':
./src/Library/public/usbguard/Exception.hpp:129:72: error: no matching function for call to 'std::__cxx11::basic_string<char>::basic_string(int)'
129 | return std::string(strerror_r(errno_value, buffer, sizeof buffer));
|
Fixes:
- http://autobuild.buildroot.org/results/ac1fd7b8c7bd65c73a9213a40c5ed1c39204dab0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update patch
This will fix the following build failure with gssdp 1.2.3 which is
raised since commit 7a2f73e993:
FAILED: vala/gssdp-1.2.vapi
/home/buildroot/autobuild/run/instance-1/output-1/host/bin/vapigen --quiet --library=gssdp-1.2 --directory=/home/buildroot/autobuild/run/instance-1/output-1/build/gssdp-1.2.3/build/vala --pkg=gio-2.0 --pkg=libsoup-2.4 --metadatadir=/home/buildroot/autobuild/run/instance-1/output-1/build/gssdp-1.2.3/vala /home/buildroot/autobuild/run/instance-1/output-1/build/gssdp-1.2.3/build/libgssdp/GSSDP-1.2.gir
GSSDP-1.2.gir:1656.5-1656.29: error: unknown child element `docsection' in `namespace'
https://github.com/GNOME/vala/blob/0.52.4/NEWS
Fixes:
- http://autobuild.buildroot.org/results/e531029f75c8d6886f797b5bd01795d16f6848f3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add missing stdarg.h include for va_list/va_start/va_end.
Fixes:
- http://autobuild.buildroot.net/results/88f4ea971875b1a5eb88662326d9343341eaaea2
microtek.c: In function ‘MDBG_INIT’:
microtek.c:163:3: error: unknown type name ‘va_list’
163 | va_list ap;
| ^~~~~~~
microtek.c:78:1: note: ‘va_list’ is defined in header ‘<stdarg.h>’; did you forget to ‘#include <stdarg.h>’?
77 | #include "microtek.h"
+++ |+#include <stdarg.h>
78 |
microtek.c:164:3: warning: implicit declaration of function ‘va_start’; did you mean ‘sane_start’? [-Wimplicit-function-declaration]
164 | va_start(ap, format);
| ^~~~~~~~
| sane_start
microtek.c:165:54: warning: passing argument 4 of ‘vsnprintf’ makes pointer from integer without a cast [-Wint-conversion]
165 | vsnprintf(_mdebug_string, MAX_MDBG_LENGTH, format, ap);
| ^~
| |
| int
In file included from ../include/sane/sanei_config.h:50,
from microtek.c:70:
.../host/x86_64-buildroot-linux-uclibc/sysroot/usr/include/stdio.h:359:57: note: expected ‘__va_list_tag *’ but argument is of type ‘int’
359 | const char *__restrict __format, __gnuc_va_list __arg)
| ~~~~~~~~~~~~~~~^~~~~
microtek.c:166:3: warning: implicit declaration of function ‘va_end’ [-Wimplicit-function-declaration]
166 | va_end(ap);
| ^~~~~~
and
sm3600-scanutil.c: In function ‘debug_printf’:
sm3600-scanutil.c:69:3: error: unknown type name ‘va_list’
69 | va_list ap;
| ^~~~~~~
sm3600-scanutil.c:48:1: note: ‘va_list’ is defined in header ‘<stdarg.h>’; did you forget to ‘#include <stdarg.h>’?
47 | #include "sm3600-scantool.h"
+++ |+#include <stdarg.h>
48 |
sm3600-scanutil.c:75:3: warning: implicit declaration of function ‘va_start’; did you mean ‘sane_start’? [-Wimplicit-function-decla
ration]
75 | va_start(ap,szFormat);
| ^~~~~~~~
| sane_start
sm3600-scanutil.c:76:28: warning: passing argument 3 of ‘vfprintf’ makes pointer from integer without a cast [-Wint-conversion]
76 | vfprintf(stderr,szFormat,ap);
| ^~
| |
| int
In file included from ../include/sane/sanei_config.h:50,
from sm3600.c:70:
.../host/x86_64-buildroot-linux-uclibc/sysroot/usr/include/stdio.h:339:23: note: expected ‘__va_list_tag *’ but argument is of type
‘int’
339 | __gnuc_va_list __arg);
| ~~~~~~~~~~~~~~~^~~~~
In file included from sm3600.c:94:
sm3600-scanutil.c:77:3: warning: implicit declaration of function ‘va_end’ [-Wimplicit-function-declaration]
77 | va_end(ap);
| ^~~~~~
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
CVE-2016-4983 is an issue in a postinstall script in the dovecot rpm,
which is part of the Red Hat packaging and not part of upstream dovecot
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
CVE-2019-15513 was fixed upstream in 2015 with commit
19e29ffc15dbd958e8e6a648ee0982c68353516f, which is older than the commit
we currently use in LIBUCI_VERSION.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: reword comment and commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- add upstream patch fixing gcc-11 compile failure (missing
limits include)
Fixes:
In file included from ../../../include/QtCore/5.15.2/QtCore/private/qoffsetstringarray_p.h:1,
from ../../dbus/qdbuserror.cpp:44:
../../../src/corelib/tools/qoffsetstringarray_p.h:70:22: error: ‘numeric_limits’ is not a member of ‘std’
70 | Last <= std::numeric_limits<quint8>::max(),
| ^~~~~~~~~~~~~~
../../../src/corelib/tools/qoffsetstringarray_p.h:70:43: error: wrong number of template arguments (1, should be 3)
70 | Last <= std::numeric_limits<quint8>::max(),
| ^
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This reverts commit b991962993, which was
incomplete and did not actually fix the issue it purported to fix, and
we'll soon commit a proper fix.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: explain the reason for reverting]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 2eaa6d0f36 (boot/uboot: fix uboot building host tools on x86
architecture) added use of $(PKG_CONFIG_HOST_BINARY), but forgot to add
the corresponding build-ordr dependency.
Add this missing depenency now.
Additionally, the associated test had an explicit host pkgconf enbled in
its configuration. This is superfluous now that uboot properly depends
on host-pkgconf, so drop that from the test.
Note: it hapenned to work, because host-pkgconf, when explicitly enabled
in the configuration, and without per-package directories, would build
before uboot and thus be available. This would fail with PPD, though,
and thus would break for TLPB.
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Avahi 0.8 allows a local denial of service (NULL pointer dereference and
daemon crash) against avahi-daemon via the D-Bus interface or a "ping
.local" command.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
PuTTY through 0.75 proceeds with establishing an SSH session even if it
has never sent a substantive authentication response. This makes it
easier for an attacker-controlled SSH server to present a later spoofed
authentication prompt (that the attacker can use to capture credential
data, and use that data for purposes that are undesired by the client
user).
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 56b28d3ee1 (mpg123: bump to version 1.13.1) added the
--disable-lfs-alias option, without explaining why it was needed.
However, this causes undefined references for apps that want to link
against mpg123.
The help for that option is pretty explicit that this is a dangerous
option to use:
disable alias wrappers for largefile bitness (mpg123_seek_32 or
mpg123_seek_64 in addition to mpg123_seek, or the other way around;
It is a mess, do not play with this!)
The default is that it is enabled, so leave it at it.
Signed-off-by: Bruno Marie <gameblabla@protonmail.com>
[yann.morin.1998@free.fr: rework commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Most distributions include a duktape.pc file bundled with the duktape
development package. As the duktape source does not include a .pc file,
add one to the package/duktape directory and install it to the staging
directory. This is used by the polkit duktape patch later in the series.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix build failure with gcc 4.8 which is raised since bump to version
2.72.0 in commit 8e5f7f1cfc:
In file included from /tmp/instance-0/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/resolv.h:65:0,
from /tmp/instance-0/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/glib-2.0/gio/gnetworking.h:40,
from ../libsoup/soup-address.c:14:
/tmp/instance-0/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/arpa/nameser.h:115:2: error: unknown type name 'u_char'
const u_char *_msg, *_eom;
^
Fixes:
- http://autobuild.buildroot.org/results/56b9cb987e25b99d6fed16c537552f47c3376f21
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure with gcc 11:
text/qbytearraymatcher.h:103:38: error: 'numeric_limits' is not a member of 'std'
103 | const auto uchar_max = (std::numeric_limits<uchar>::max)();
| ^~~~~~~~~~~~~~
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Tested-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add config option for systemd-sysext.
Add config option for systemd-oomd.
Add new host-python3-jinja2 dependency.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix CVE-2021-33503: An issue was discovered in urllib3 before 1.26.5.
When provided with a URL containing many @ characters in the authority
component, the authority regular expression exhibits catastrophic
backtracking, causing a denial of service if a URL were passed as a
parameter or redirected to via an HTTP redirect.
https://github.com/urllib3/urllib3/blob/1.26.6/CHANGES.rst
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
NOTE: 0001-lib-fs-fix-issue-when-name-open-_to_handle_at-is-not.patch
will be merged in 5.14.0.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bugfix release, mainly solves a few issues with input events,
drag-and-drop, and a few crashes. Release notes:
https://webkitgtk.org/2021/07/09/webkitgtk2.32.2-released.html
The patch for building against uClibc has been included in this release,
therefore "0001-Support-building-against-uClibc.patch" is removed.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bugfix release, mainly solves a few issues with input events and a
few crashes. Release notes:
https://wpewebkit.org/release/wpewebkit-2.32.2.html
The patch for building against uClibc has been included in this release,
therefore "0001-Support-building-against-uClibc.patch" is removed.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Build with wolfssl is broken since bump to version 3.12.1 in commit
4d85defa71:
/data/buildroot-autobuilder/instance-0/output-1/build/libuhttpd-3.12.1/src/ssl/openssl.c: In function 'ssl_context_new':
/data/buildroot-autobuilder/instance-0/output-1/build/libuhttpd-3.12.1/src/ssl/openssl.c:180:32: error: 'SSL_OP_NO_SSLv3' undeclared (first use in this function); did you mean 'WOLFSSL_OP_NO_SSLv3'?
180 | SSL_CTX_set_options(c, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1);
| ^~~~~~~~~~~~~~~
| WOLFSSL_OP_NO_SSLv3
This build failure is raised by
https://github.com/zhaojh329/libuhttpd/commit/0fb46935f0cd5f737c6f4e6053d62268aca793a7
as since this commit, libuhttpd expects that SSL_OP_NO_xxx are defined
by wolfssl
Fixes:
- http://autobuild.buildroot.org/results/79e3fa697537f2e33863e490b74ec881993eae73
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We have a chicken and egg problem: validation of DNSSEC signatures
doesn't work without a correct clock, but to set the correct clock we
need to contact NTP servers which requires resolving a hostname, which
would normally require DNSSEC validation.
Let's break the cycle by excluding NTP hostname resolution from
validation for now.
Details:
https://github.com/systemd/systemd/commit/abf4e5c1d3ad767bc0ed67883e8e4d916af095ec
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When building openal we were seeing the assert failure:
/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
pc-relative relocation against dynamic symbol alSourcePausev
/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
pc-relative relocation against dynamic symbol alSourceStopv
/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
pc-relative relocation against dynamic symbol alSourceRewindv
/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-uclibc/9.3.0/../../../../or1k-buildroot-linux-uclibc/bin/ld: CMakeFiles/OpenAL.dir/al/source.cpp.o:
pc-relative relocation against dynamic symbol alSourcePlayv
collect2: error: ld returned 1 exit status
So add patches to fix this binutils assert link failure on OpenRisc.
It's been suggested upstream and it's pending here:
https://sourceware.org/pipermail/binutils/2021-July/117334.html
Fixes:
http://autobuild.buildroot.net/results/c96/c96f2600f227d6c76114b9fbc41f74a57e40415a/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Running stm32mp1 watchdog is properly recognized and handled by kernel
watchdog framework since Linux v5.6. For details see the Linux commit
85fdc63fe256 ("drivers: watchdog: stm32_iwdg: set WDOG_HW_RUNNING at
probe"). So U-Boot config fragment can be safely removed without
adding userspace watchdog daemon.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The stm32mp157 images successfully boot only once. Subsequent boot
attempts fail to reach U-Boot. The root cause turns out to be in U-Boot
corruption during the first boot. The stm32mp1 U-Boot stores its
environment at the end of GPT partition named 'ssbl' since v2020.10-rc2.
However Buildroot genimage template for stm32mp157 boards creates 'ssbl'
partition w/o extra space for U-Boot primary and redundant environments.
This patch explicitly specifies 'ssbl' partition size that should be
enough for both u-boot.stm32 image (~1M) and both environments (16K).
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Tested-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Unfortunately, this e-mail is boucing:
<ycardaillac@sepro-group.com>: host
seprogroup-com01c.mail.protection.outlook.com[104.47.9.36] said: 550 5.4.1
Recipient address rejected: Access denied. AS(201806281)
[VE1EUR03FT036.eop-EUR03.prod.protection.outlook.com] (in reply to RCPT TO
command)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We need to backport a commit to fix a build failure on non-x86.
Also update hash file formatting (2 spaces)
Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In new kernels sunxi-mmc driver has been switched to asynchronous probe.
As a result, mmc (SD/eMMC) indexes can be shuffled breaking board boot.
Switch to GPT partitions to use partition labels instead of explicit
mmcblk device names. Note that the default GPT partition table location
conflicts with the SPL location, so move GPT table after bootloaders.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Bump Linux to 5.12.2 and U-Boot to 2021.04.
Introduce minor cleanup: use SPL options instead of custom image options
for combined SPL image.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Bump Linux to 5.12.2 and U-Boot to 2021.04.
Introduce minor cleanup: use SPL options instead of custom image options
for combined SPL image.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Bump Linux to 5.12.2 and U-Boot to 2021.04.
Introduce minor cleanup: use SPL options instead of custom image
options for combined SPL image.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Debug messages in rtl8189fs are enabled by default. Add patch
that disables debug messages to make driver less noisy.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Update out-of-tree driver to make it work with Linux kernel v5.12.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Disable -Werror to avoid the following build failure which is raised
since the addition of the package in commit
daae311490
../seatd/seat.c: In function 'seat_activate_device':
../seatd/seat.c:374:48: error: unused parameter 'client' [-Werror=unused-parameter]
374 | static int seat_activate_device(struct client *client, struct seat_device *seat_device) {
| ~~~~~~~~~~~~~~~^~~~~~
Fixes:
- http://autobuild.buildroot.org/results/0ec925aab23d83c52684f5fea7a4395c93a674c4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Tested-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
libbpf does not support all architectures, for example ARM is not
supported resulting in the following build failure:
bpf.c:53:4: error: #error __NR_bpf not defined. libbpf does not support your arch.
# error __NR_bpf not defined. libbpf does not support your arch.
^
Fixes:
- http://autobuild.buildroot.org/results/288d54100a2e736195a3a04a9e2e035d02ea5c16
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Update the commit id for u-boot to include fixes from the starfive-tech
u-boot repository:
494e5ef7b807 jh7100: Enable full 2M L2 cache
4571f5a4e1e4 vic7100: enable cache ways (L2 cache)
abb06422a5cd Remove fdt_high and initrd_high for Starfive
93099a61c7b0 starfive: beaglev: Disable SIFIVE_CLINT and enable RISCV_TIMER
bfb5abac3d1f Revert "riscv: Enable the SiFive CLINT block driver in S-Mode(VIC7100 ONLY)"
7b70e1d44ba9 defconfig: enable cache_wayenable for better performance
7c585978616b configs: earlycon=sbi is deprecated
The commit abb06422a5cd ("Remove fdt_high and initrd_high for Starfive")
has removed the need for buildroot to patch the fdt_addr_r address.
Update linux from commit in the old 5.10 branch that Fedora image was
using to head of esmil_starlight branch [1] which is currently based
on 5.13-rc5 and represents the best kernel for this board [2]. This
commit was tagged as buildroot-20210609 because the branch gets rebased
regularly.
In addition, the updated kernel now has jh7100-beaglev-starlight.dtb so
buildroot no longer needs to copy the dtb from u-boot.
[1] https://github.com/starfive-tech/linux/tree/esmil_starlight
[2] https://github.com/starfive-tech/linux/issues/26
Signed-off-by: Drew Fustini <drew@beagleboard.org>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[Arnout: add comment to refer to the tag in linux repo]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This causes build failure for the first host python package get built,
because the $(STAGING_DIR)/usr/lib/python* may not yet exist by tht
time, so find will whine and fail.
This was was alrady the case for the existing find call, a few lines
above, but that was ignored as find is a left-hand-side of a pipe, so
its return code was ignored.
Fixes:
http://autobuild.buildroot.org/results/860a188bd270c59b1fee2f56f31e73689f0e4979/build-end.log
... where we can see the two find error messages, but only the second
one causes the breakage.
This reverts commit 836528f03e.
Reported-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Herve Codina <herve.codina@bootlin.com>
For per-package directories, we fixup the _sysconfigdata*.py files, so
that they get proper path pointing to the current package's direcotry
structure.
However, the corresponding, pre-compiled blobs _sysconfigdata*.pyc were
left around, and thus are inconsistent with their source. They might
also be regenerated when a package would install a python module; this
regeneration would trigger the soon-to-be-introduced overwrite
detection.
This commit simply removes _sysconfigdata*.pyc files; they will anyway
be regenerated by the PYTHON{,3}_CREATE_PYC_FILES target finalize hooks.
This is an efficient way to guarantee the consistency between the source
and precompiled versions, and to not trigger the overwrite detection.
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
[yann.morin.1998@free.frs: reword the commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
APACHE_FIXUP_APR_LIBTOOL tweaks files for per package directory build.
This is typically the kind of operation expected to be in
post-prepare hook.
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Original APR_UTIL_FIX_RULES_MK_LIBTOOL tweaked libtool and rules.mk.
libtool is provided by a dependency (apr). It needs to be tweaked
and, as an apr-util external file, this tweak is relevant in
<PKG>_POST_PREPARE_HOOKS.
rules.mk is generated by apr-util configure step and it is private
to apr-util. The modification performed needs to be kept in
<PKG>_POST_CONFIGURE_HOOKS.
This commit splits original APR_UTIL_FIX_RULES_MK_LIBTOOL and
attaches each part to the correct hook.
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Currently, when a package needs to modify files it inherits from its
dependencies, because they contain paths, we can only do that in a
pre- or post-configure hook.
However, whatever is done as part of those hooks, will be accounted
to the package itself, and thus will trigger file-overwrite detection.
So, we need a way to be able to actually modify files before we
start monitoring changes in those files.
We introduce a new set of hooks that an individual package can set,
or that a package infra can set, and that are called right before
we snapshot the state of target, and host (to which staging belongs),
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
fixup-libtool-files was called on per-package STAGING_DIR.
Some host-xxxx packages have their .la files with directories
pointing outside their own per-package directory.
This commit, calling fixup-libtool-files on HOST_DIR, fixes this
issue.
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Some packages (autotools for instance) install documentation
files using install-info. This program adds an entry in
the Info directory file (share/info/dir) and this causes
TARGET_DIR and/or HOST_DIR overwrite.
In order to avoid this overwrite this patch removes the Info
directory file right after any installation.
In order to be as generic as possible, this patch introduces
a new tooling to remove useless and conflicting files based
on the file and/or directory list <PKG>_DROP_FILES_OR_DIRS.
share/info/dir file is added for every packages in this list.
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
[yann.morin.1998@free.fr:
- don't expand when nothing to remove
- do not add '/' between $(1) and % as files' paths are
already absolute
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
host-e2fsprogs package overwrites the fsck program and some
manpages previously installed by host-util-linux package.
This patch simply disables fsck in host-e2fsprogs.
host-e2fsprogs is used to build final ext{2,3,4} images.
The missing host-e2fsprogs fsck tool (filesystem integrity check
tool) in HOST_DIR should not lead to issues.
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Enabling -DNEBUG, although correct on the paper, causes a lot of
packages to fail to build because they explicitly require not building
with NDEBUG; they use assert() to check actual runtime errors and expect
it to not be elidded away (sometimes with side effects in the arguments
passed to assert().
This reverts commit 5a8c50fe05, as
discussed on the list:
http://lists.busybox.net/pipermail/buildroot/2021-July/313646.html
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Other changes:
- Rename 0034-lib-crypt-uClibc-ng-doesn-t-set-errno-when-encryptio.patch to
0035-lib-crypt-uClibc-ng-doesn-t-set-errno-when-encryptio.patch, as to not
overlap with 0034-Add-an-option-to-disable-the-berkeleydb-module.patch
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The build failed with gazillions of:
"gpg-error.h:1211:2: error: stray '\' in program"
This is already fixed by upstream commit
33593864cd54143db594c4237bba41e14179061c, which we backport. It is
backported as patch 0001, and the existing 0001 renamed to 0002, as it
appears later in the libgpg-error Git history.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix CVE-2021-33560: Libgcrypt before 1.8.8 and 1.9.x before 1.9.3
mishandles ElGamal encryption because it lacks exponent blinding to
address a side-channel attack against mpi_powm, and the window size is
not chosen appropriately. (There is also an interoperability problem
because the selection of the k integer value does not properly consider
the differences between basic ElGamal encryption and generalized ElGamal
encryption.) This, for example, affects use of ElGamal in OpenPGP.
https://dev.gnupg.org/T5305
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
PostGIS 3.1.2
2021/05/21
* Bug Fixes
- #4871, TopoGeometry::geometry cast returns NULL for empty
TopoGeometry objects (Sandro Santilli)
- #4826, postgis_tiger_geocoder Better answers when no zip is provided
(Regina Obe)
- #4817, handle more complex compound coordinate dystems (Paul Ramsey)
- #4842, Only do axis flips on CRS that have a "Lat" as the first column (Paul Ramsey)
- Support recent Proj versions that have removed pj_get_release (Paul Ramsey)
- #4835, Adjust tolerance for geodetic calculations (Paul Ramsey)
- #4840, Improper conversion of negative geographic azimuth to positive (Paul Ramsey)
- #4853, DBSCAN cluster not formed when recordset length equal to minPoints (Dan Baston)
- #4863, Update bboxes after scale/affine coordinate changes (Paul Ramsey)
- #4876, Fix raster issues related to PostgreSQL 14 tablefunc changes
(Paul Ramsey, Regina Obe)
- #4877, mingw64 PostGIS / PostgreSQL 14 compile (Regina Obe, Tom Lane)
- #4838, Update to support Tiger 2020 (Regina Obe)
- #4890, Change Proj cache lifetime to last as long as connection (Paul Ramsey)
- #4845, Add Pg14 build support (Paul Ramsey)
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update the chromebook elm configuration to use v5.10 which is an LTS.
With v5.10, none of the patches previously needed to enable the display
are needed anymore. Deleting them and making minor updates to the linux
kernel configuration.
Signed-off-by: Bilal Wasim <bilal.wasim@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Other changes:
- Remove BR2_PACKAGE_PHP_EXT_JSON as the json extension is now an
integral part of PHP and is no longer optional. Due to this, it is
not added to Config.in.legacy.
- Move BR2_PACKAGE_PHP_EXT_XMLRPC to Config.in.legacy as the extension has
been removed. See https://wiki.php.net/rfc/unbundle_xmlprc for an
explination.
- Add a new patch that allows for opcache to cross-compile with PHP8.
- Explicitly disable opcache-jit when opcache is enabled, as the JIT fails
to cross-compile.
- --enable-maintainer-zts is now --enable-zts
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
These patches are necessary for compiling against php8. These patches also
retain the ability to compile against PHP7.2
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
These patches are necessary for compiling against php8. These patches also
retain the ability to compile against PHP7.2 and should be removed during the
next version bump.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Other changes:
- Change --with-gnupg=$(STAGING_DIR)/usr/include to
--with-gnupg=$(STAGING_DIR)/usr as the make system appends /include to the
gnupgp path now.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The make all command run the tools/makefile on the process.
This makefile use "pkg-config" command to support static link.
The issue is the use of pkg-config configured for crosscompiling
to build binaries tools for host architecture.
To fix it, I add pkg-config environment variable to configure it for host.
Add a test to avoid future regress on the build of U-boot.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
[yann.morin.1998@free.fr:
- fix mixed space-TAB indentation
- fix check-package
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop upstream patch.
Add another patch to fix build with musl.
Update COPYING hash because of date change.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Along with version bump, update hash file to two space format and
switch to HTTPS URL.
Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Note, that the download URL has changed for the new release.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
[yann.morin.1998@free.fr: move 'v' out of _VERSION]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Remove patches that now are upstream.
Upstream changes:
- Implement p10 thread controls
- Update p10 sbefifo chip-ops
- For p10 switch default backend to sbefifo
- Separate sbe api into new header libpdbg_sbe.h
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
[yann.morin.1998@free.fr: drop "exit $?" in post-image.sh]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Update to last version of gcnano-binaries compatible with kernel
from StMicroelectronics version 5.10
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
python2 contains a bundled copy of libffi which is currently out of sync with
the latest libffi release. There is an option to use a system libffi, buildroot
already uses it for the target python2 build and for python3. In python3, the
bundled copy doesn't exist anymore and the system-provided libffi is required.
The bundled copy currently fails to build on aarch64 host due to a missing
definition of AARCH64_CALL_CONTEXT_SIZE. This define was removed from the
headers in recent libffi releases and the host compiler might be including the
system headers before the bundled headers.
To solve this and since buildroot already relies on system libffi for target
python2 and python3 anyway, switch host python2 to use system libffi.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Reviewed-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 3cf2782906 (support/testing/infra/emulator.py: update pre-built
kernels) bumped the default kernels used by the testing infra.
However, the newer armv7 kernel (at least) no longer has support for
lz4-compressed squashfs filesystems.
This breaks the squashfs test:
Filesystem uses "lz4" compression. This is not supported
List of all partitions:
1f00 131072 mtdblock0
(driver?)
1f01 32768 mtdblock1
(driver?)
b300 2048 mmcblk0
driver: mmcblk
No filesystem could mount root, tried:
squashfs
Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(179,0)
Updating the kernel again is a little bit cumbersome, while fixing the
actual test is relatively trivial, so this is what we do: we switch
over to lzo, which is supported by the new kernel:
# zcat /proc/config.gz |grep SQUA
CONFIG_SQUASHFS=y
CONFIG_SQUASHFS_ZLIB=y
# CONFIG_SQUASHFS_LZ4 is not set
CONFIG_SQUASHFS_LZO=y
# CONFIG_SQUASHFS_XZ is not set
While at it, also drop the superfluous line disabling gzip compression:
it is part of a choice, so enabling one (lzo here) forcibly disables the
others (of which gzip).
Fixes: 3cf2782906
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Will avoid the following warning:
WARNING: Image format was not specified for
'/home/thomas/projets/outputs/TestExt3/images/rootfs.ext3' and
probing guessed raw. Automatically detecting the format is
dangerous for raw images, write operations on block 0 will be
restricted. Specify the 'raw' format explicitly to remove the
restrictions.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
All the tests that are using if=sd as a Qemu options are changed to
use infra.img_round_power2() instead of simply extending the size of
the image to the next MB boundary, which is not longer sufficient with
Qemu >= 5.1.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: drop now-useless imports]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since Qemu 5.1, SD card images must have a size that are a power of
two. While some filesystem (such as ext2/3/4) allow to specify the
expected size of the filesystem, others such as SquashFS do not have
this capability.
We were already extending the size of such images to the next 1 MB
boundary using "truncate -s %1M", but that is no longer sufficient. So
instead, we introduce a helper function that extends the size of an
image to the next power of two.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr:
- use f.trunctate() rather than subprocess.call([truncate,...])
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since Qemu 5.1, the SD card size must be a power of two, so the
default size for ext2/3/4 filesystem images of 60 MB is not
suitable. Since 16 MB is used for the Ext4 test, let's use the same
value for the other tests as well (ext2, ext2r1, ext3). Without this
change, the ext2, ext2r1 and ext3 simply fail to run under Qemu >=
5.1.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The BRTest() class implements an assertRunOk() method that does the
very common work of running a command inside the emulator, and
checking that it is successful.
This commit changes all locations where this .assertRunOk() method can
be used, instead of open-coding the same logic.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bump U-Boot and Linux kernel versions. Updating U-Boot to 2021.04
requires the following two changes.
First, after switching to binman, u-boot.itb is no more generated for
64-bit sunxi boards. Combined u-boot-sunxi-with-spl.bin image should
be used instead. This image contains SPL, U-Boot, and FIT image,
where FIT image contains other binaries such as BL31 and SCP.
Second, new U-Boot enables support for System Control Processor (SCP)
firmware. SCP firmware is included by default into FIT image in the
combined u-boot-sunxi-with-spl.bin binary. When SCP is not available
or not needed, it should be explicitly disabled by pointing to an
empty file. Support for Allwinner SCP firmware is not yet available
neither in Buildroot nor in mainline kernel. So disable it for now
using custom U-Boot build options.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Switch to mainline TF-A that provides basic support for H5 and A64.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bump U-Boot version in TestATFAllwinner. Updating U-Boot version to
2021.04 requires the following two changes.
First, after switching to binman, u-boot.itb is no more generated for
64-bit sunxi boards. Combined u-boot-sunxi-with-spl.bin image should
be used instead. This image contains SPL, U-Boot, and FIT image,
where FIT image contains other binaries such as BL31 and SCP.
Second, new U-Boot enables support for System Control Processor (SCP)
firmware. SCP firmware is included by default into FIT image in the
combined u-boot-sunxi-with-spl.bin binary. When SCP is not available
or not needed, it should be explicitly disabled by pointing to an
empty file. Support for Allwinner SCP firmware is not yet available
neither in Buildroot nor in mainline kernel. So disable it for now
using custom U-Boot build options.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Switch to mainline TF-A that provides basic support for H5 and A64.
Note that Allwinner platform layer in TF-A does not provide support
for GCC stack protection, so make sure to disable this TF-A feature.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Buildroot sets appropriate ENABLE_STACK_PROTECTOR build flag value based
on the toolchain global BR2_SSP_* options, and all packages are built
with that setting.
However it might not be always convenient to automatically infer TF-A
stack protection from the toolchain features. For instance, secure
memory constraints may become an issue and all the extra TF-A features
need to be tuned or disabled in order to shrink TF-A firmware image.
Besides, for any value other than "none", TF-A platform specific hook
'plat_get_stack_protector_canary' must be implemented. However this hook
is not implemented by all the platforms supported by TF-A. For instance,
Allwinner currently does not provide such a hook.
Add an new option that a user can toggle to enable or disable SSP in
their ATF build. If enabled, the SSP level is automatically inherited
from the global setting.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[yann.morin.1998@free.fr: simplify logic with a single boolean]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As this version brings support for kernel up to 5.12, we update the
test cases to use the 5.12 kernel.
Signed-off-by: José Luis Salvador Rufo <salvador.joseluis@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Building with libgcrypt fails since the addition of the package in
commit fbff7d7289:
checking for sparc64-buildroot-linux-gnu-libgcrypt-config... no
checking for libgcrypt-config... no
checking for LIBGCRYPT - version >= 1.5.0... no
configure: error: The selected crypto backend library is not available.
Fix this build failure by helping usbguard to find libgcrypt-config
Fixes:
- http://autobuild.buildroot.org/results/4c19e50a2a5308cb31a62f1b4b538a30353022bb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Don't pass --disable-seccomp and --disable-systemd unconditionally
While at it, also add a space and a new line when needed, and split
the initial CONF_OPTS assignment to have one option per line.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The build of gesftserver in an environment without Python fails with:
checking for Python 2.4 or better... configure: error: cannot find Python 2.4 or better
However, it turns out that Python is only needed for tests, which we
don't run/use in Buildroot, so we can safely build gesftpserver
without Python.
Signed-off-by: Andreas Naumann <anaumann@ultratronik.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: check the two files are identical]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch implements a simple test in which a dummy file system image
is created, then `bmaptool create` and `bmaptool copy` are used to copy
it to another file.
Signed-off-by: Nicolas Carrier <nicolas.carrier@orolia.com>
[Thomas: several reworks, add myself to DEVELOPERS]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: check the two files are identical]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The pre-built vexpress kernel used by the testing infrastructure is a
4.0.0 kernel, which is getting old to be used with reasonably recent
toolchains.
This commit updates the pre-built kernels for both the versatile and
vexpress machines to 5.10.7 (they have already been put online).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
bmaptool allows to drastically reduce the amount of data to transfer
when writing to an SD card. Example with a 544 MiB sdcard.img:
$ bmaptool create sdcard.img > sdcard.bmap
$ gzip sdcard.img
$ bmaptool copy sdcard.img.gz /dev/sdc
bmaptool: info: discovered bmap file 'sdcard.bmap'
bmaptool: info: block map format version 2.0
bmaptool: info: 139265 blocks of size 4096 (544.0 MiB), mapped 23918 blocks (93.4 MiB or 17.2%)
bmaptool: info: copying image 'sdcard.img.gz' to block device '/dev/sdc' using bmap file 'sdcard.bmap'
bmaptool: info: 100% copied
bmaptool: info: synchronizing '/dev/sdc'
bmaptool: info: copying time: 7.7s, copying speed 12.1 MiB/sec
So it means that instead of writing 544 MiB, only 93.4 MiB had to be
written.
In terms of implementation details, compared to the target bmap-tools
package, there are fewer "selects" that are needed because:
- The dependency on setuptools is not needed, because the package
uses the setuptools SETUP_TYPE, so host-python-setuptools is
already a build dependency.
- host-python and host-python3 are always built with Expat XML
support.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The br-arm-internal-glibc.config is generally used as a configuration
to test the bleeding edge versions of components. However, it has been
lagging behind somewhat, so let's bring it up-to-date:
- Binutils 2.36.x
- GCC 11.x
Let the fun begin in the autobuilders!
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We backport an upstream patch that fixes the loading of the native
library by the FFI logic. Without this, "import augeas" doesn't work
as it goes into the ctypes.utils.find_library() logic that tries to
use a compiler on the target to find the augeas native library.
Based on initial work from Nicolas Carrier <nicolas.carrier@orolia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This is to make sure that host packages that depend on `host-gawk` and that use
`awk` end up using `gawk`, instead of the `awk` symlink installed on the host
system.
On recent Debian-based distributions, `awk` is still symlinked to `mawk` [1].
[1] https://bugs.launchpad.net/ubuntu/+source/mawk/+bug/1841654
Signed-off-by: Hubert Lacote <hubert.lacote@youview.com>
Co-authored-by: Hubert Lacote <hubert.lacote@youview.com>
Co-authored-by: Vicente Olivert Riera <vincent.olivert.riera@youview.com>
[yann.morin.1998@free.fr: move after the target symlink hook]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 04a0094f0e (configs/stm32f469_disco: fix kernel bootup) changed
the defconfig to build a vfat image, but forgot to add dosfstools/mtools
host utilities needed for this.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the release notes:
================================================================================
Redis 6.2.4 Released Tue July 1 12:00:00 IST 2021
================================================================================
Upgrade urgency: SECURITY, Contains fixes to security issues that affect
authenticated client connections. MODERATE otherwise.
Fix integer overflow in STRALGO LCS (CVE-2021-32625)
Read the whole release note on:
https://github.com/redis/redis/blob/6.2.4/00-RELEASENOTES
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libressl defaults to $prefix/etc/ssl for its "openssldir" setting, E.G.
the location where configuration files and certificates are searched:
openssl version -d
OPENSSLDIR: "/usr/etc/ssl"
Change it to /etc/ssl so it matches openssl and the expectations of packages
dealing with certificates (ca-certificates, libcurl, p11-kit)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also, since tinyproxy no longer uses a2x, remove its explicit disabling.
Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Even if gcc 9.x is still maintained for some time (gcc 9.5 will be the
last), switch to gcc 10.x since it has been released since 2020-05-07
and gcc 11.x is available since 2021-04-27.
We have been having toolchains in the autobuilders with gcc 10.x since
mid-January 2021, so the vast majority of the problems should have
already been solved.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch allows to use an external toolchain based on gcc 11.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
In order to add gcc 11 support for internal and external toolchain in
follow-up commits, introduce BR2_TOOLCHAIN_GCC_AT_LEAST_11 symbol.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
gcc-11 warns about what appears to be an out-of-range array access but
stop the build due to -Werror added to cflags:
arch/sparc/kernel/mdesc.c: In function 'mdesc_node_by_name':
arch/sparc/kernel/mdesc.c:647:22: error: 'strcmp' reading 1 or more bytes from a region of size 0 [-Werror=stringop-overread]
647 | if (!strcmp(names + ep[ret].name_offset, name))
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
arch/sparc/kernel/mdesc.c:77:33: note: at offset 16 into source object 'mdesc' of size 16
77 | struct mdesc_hdr mdesc;
| ^~~~~
arch/sparc/kernel/mdesc.c: In function 'mdesc_get_property':
arch/sparc/kernel/mdesc.c:692:22: error: 'strcmp' reading 1 or more bytes from a region of size 0 [-Werror=stringop-overread]
692 | if (!strcmp(names + ep->name_offset, name)) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
arch/sparc/kernel/mdesc.c:77:33: note: at offset 16 into source object 'mdesc' of size 16
77 | struct mdesc_hdr mdesc;
| ^~~~~
arch/sparc/kernel/mdesc.c: In function 'mdesc_next_arc':
arch/sparc/kernel/mdesc.c:719:21: error: 'strcmp' reading 1 or more bytes from a region of size 0 [-Werror=stringop-overread]
719 | if (strcmp(names + ep->name_offset, arc_type))
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
arch/sparc/kernel/mdesc.c:77:33: note: at offset 16 into source object 'mdesc' of size 16
77 | struct mdesc_hdr mdesc;
| ^~~~~
cc1: all warnings being treated as errors
The issue was initially reported to gcc [1] where it was analized.
As suggested, change the struct mdesc_elem * accesses from the end
of mdesc to those from the beginning of the data array.
Update the prototype of node_block(), name_block() and data_block()
since the code really seems to want to do is to compute the address
somewhere into the chunk pointed to by hp.
[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100262
Upstream status: Pending
https://www.spinics.net/lists/sparclinux/msg26385.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
From this version, tests can be disabled, so we pass
"tests=false" as a Meson option.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Disable -Werror to avoid the following build failure with -DNDEBUG
raised since commit 5a8c50fe05
/srv/storage/autobuild/run/instance-2/output-1/build/openswan-3.0.0/programs/rsasigkey/rsasigkey.c:524:6: error: variable 'success' set but not used [-Werror=unused-but-set-variable]
524 | int success;
| ^~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/327a0f2b8f0c51bcbb3edb1c3671870d593e93b9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
CMake options have been renamed: UHTTPD_ prefix was dropped,
BUILD_STATIC_LIBS renamed to BUILD_STATIC.
Also fix handling of BUILD_STATIC: it should only be given when building
static libs, otherwise no dynamic lib is built.
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Remove 0001-ws2811.c-fix-build-with-gcc-4.8.patch,
it has been merged upstream.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop upstreamed patch fix-port-forwarding-with-ipv6.
Upstream commit: d29a55c6c344a536089d6b1bcd92be9cdea20641
Signed-off-by: Christian Stewart <christian@paral.in>
Tested-by: Christian Stewart <christian@paral.in>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
usbguard is a software framework to implement USB
device blacklisting and whitelisting based on their
attributes.
More info. on: https://usbguard.github.io/
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
Tested-by: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout:
- correct indirect dependencies from protobuf instead of libglib2;
- say in Config.in help text that rules.conf has to be created]
libqb is a library providing features for client-server architecture,
such as logging, tracing, inter-process communication (IPC) and polling.
see: https://github.com/ClusterLabs/libqb
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
As described by [1], the kernel generated by the configuration for the
STM32f469 Discovery board is buggy. Using a newer kernel, as suggested
by [1], increases the dtb and Kernel image size. In particular, the
5.12 version of the kernel generates a dtb and a kernel image whose sum
exceeds the 2 MByte of the flash module.
So I decided to replace the afboot-stm32 bootloader in the flash with
U-boot to easily boot the system from sdcard without having to worry
about the size of dtb, kernel and rootfs generated by the configuration.
This solution allows you to fix the kernel boot issue and makes it
possible to use its future versions.
[1] http://buildroot-busybox.2317881.n4.nabble.com/Bug-11746-New-stm32f469-didn-t-work-correctly-td219644.html
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Acked-by: Christophe Priouzeau <christophe.priouzeau@foss.st.com>
Tested-by: Christophe Priouzeau <christophe.priouzeau@foss.st.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout:
- specify headers version explicitly, even though it's default;
- bump kernel to 5.12.11]
A (target [0]) package can independently declare installing in various
locations: target, staging, or images. The default is to only install
in target.
When a package opts out from installing to target, but does not opts
in to install in any other location, the package is not downloaded,
extracted, patched, configured, nor built at all. As a consequence, none
of the per-step instrumentation is executed, specifically the listing
of files before/after the package sequence.
Down the line, the package infra does not cope well with that situation,
because the gathering-install step, the one that synchronises all the
optional target, staging, or images install steps, still gets run.
And as #13836 shows, this does not go well:
/bin/sh: /home/tbuild/myboard/build/foo/.files-list.after: No such file or directory
make[1]: *** [/home/tbuild/myboard/build/foo/.stamp_installed] Error 1
make: *** [_all] Error 2
So, we should have ensured that the gathering-install step itself
depends on the build step, which would have solved the issue.
However, this bug really illustrates a more fundamental issue: does it
even make sense to have a package that installs nothing in any location?
Indeed, why even bother with that package to begin with if it will not
provide anything at all?
It turns out that yes, this makes sense. We have some packages, that
do not install anything at all, and do not even build anything; they are
there just to ensure that we can download something that will ultimately
be used by another package. This is the case for example for packages
that provide linux extensions, like aufs [1].
Additionally, some ugly out-of-tree packages could conceivably install
things during the build (or even configure!) steps. That's not unheard
of... [2]
So, the solution is to ensure that the gathering-install step does
depend on the build step, to trigger the proper dependency chain and
have the instrumentation hooks properly run even in that degenerate
case.
Fixes: #13836
[0] a host package can't opt out of installing anything.
[1] that one is actually missing AUFS_INSTALL_TARGET = NO, so this
hides the issue.
[2] even us are not 100% clean on that topic: gcc will install files in
staging and target as part of the same step (not the build, granted,
but still...)
Reported-by: "Weber, Matthew L Collins" <Matthew.Weber@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Matthew Weber <matthew.weber@collins.com
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Enable building Weston's libseat launcher, now that the seatd package
is available.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Enable selection of used weston shells. By default all available
shells are enabled to keep the old behavior. The new configuration
options enable the user to select them individually.
Signed-off-by: Martin Elshuber <martin.elshuber@theobroma-systems.com>
[yann.morin.1998@free.fr:
- ensure at least one shell is enabled; desktop arbitrarily chosen
- s/BR2_PACKAGE_WESTON_SHELL_SELECTED/BR2_PACKAGE_WESTON_HAS_SHELL/
- reword associated comment
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This module is only partially compatible with lzlib (which is no longer
maintained).
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[yann.morin.1998@free.fr: amend commit log about limited compatibility]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The descriptions in this package have grown pretty confusing over time.
Try to make this a bit more consistent and up-to-date.
* drop references to old kernel versions not supported by BR anymore
* Remove "Bluez 5.x" string from options
* consistently use the term "plugin" (plugins implement profiles)
* make mentioned profile appreviations upper-case
* make descriptions closer to the ones in BlueZ Readme [0]
* make clear that "tests" refers to the python test scripts
[0] https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/README?h=5.58
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout:
- remove more 5.x references;
- Use official spelling BlueZ in main help text]
1.5.0 uses Threads by default for cli tool and DSO,
should not be necessary to do anything special.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Commit d13b292cec introduced a patch for rpcbind but also changed the version number to a non-existing value.
Change rpcbind to last released version and adapt hash value.
Signed-off-by: Andreas Ziegler <br015@umbiko.net>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
[yann.morin.1998@free.fr: fix version in patch too, noticed by Baruch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
diff LICENSE:
- This software is copyright (c) 2014 by Graham Barr.
+ This software is copyright (c) 2021 by Graham Barr.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
ubihealthd is only being built, if mtd-utils are being built
--with-ubifs. Reflect that dependency within buildroot.
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
[yann.morin.1998@free.fr: fix check-package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit d72350e62a disabled boost::logs on
riscv32 due to the use of SYS_futex, which doesn't exist on riscv32.
Revert "package/boost: disable logs with riscv32" and add an upstream
patch that uses SYS_futex_time64 instead.
This reverts commit d72350e62a.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
perl-crypt-openssl-rsa inherits the dependency on openssl indirectly
from perl-crypt-openssl-random. Hwvere, perl-crypt-openssl-rsa needs
the openssl libraries for itself, so it must explicitly depend on it.
So far, this was totally unconsequential, but since commit a83d41867c
(package/libopenssl: add option to enable some features), features can
be configured out, of which RMD160 that perl-crypt-openssl-rsa needs.
If we were to add the select to that option (in a followup commit),
without a dependency to openssl, that would be very confusing in the
future.
So, add the explicit dependency now.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix tarball name for sha256 which is wrong since the addition of the
package in commit 71f7fc8a27
While at it, also update indentation to 2 spaces
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As suggested by Yann, let's avoid announcing the exact date of the
next course, as it gets outdated very often. Instead, use a more
generic wording and simply point to a Bootlin page that has all the
details.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly
validates certificate with host mismatch vulnerability. A remote,
unauthenticated attacker could exploit the flaw by performing a
man-in-the-middle attack using a valid certificate for another hostname
which could compromise confidentiality and integrity of data transmitted
using rsync-ssl. The highest threat from this vulnerability is to data
confidentiality and integrity. This flaw affects rsync versions before
3.2.4.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: add a comment explaining what patch fixes this CVE]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release. From the release notes:
Some backports of important fixes to the 1.25 series, for very conservative
people.
libmpg123: Backport bit reservoir CRC fix from 1.26
libmpg123: Backport part2_3_length regression fix (bug 312).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_PACKAGE_UDISKS_LVM2 was dropped in commit eb251b3008 (package/lvm2:
drop BR2_PACKAGE_LVM2_APP_LIBRARY), but missed when merging next. Drop it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a python3 host variant since another downstream OSS component
(OP-TEE) uses buildroot and it will depend on a python3 host variant
of python-cryptography.
Signed-off-by: Donald Chan <hoiho@lab126.com>
[yann.morin.1998@free.fr:
- drop target _DEPENDENCIES since this is a host-only package
- instead, add host-openssl to dependencies
- add CPE variables
- also add sync comment for python-pip
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add a python3 host variant since we are adding a python3 host variant of
python-cryptography and it is dependent on this.
Signed-off-by: Donald Chan <hoiho@lab126.com>
[yann.morin.1998@free.fr:
- drop target _DEPENDENCIES since this is a host-only package
- also add sync comment to python-cffi
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add a python3 host variant since we are adding a python3 host variant of
python-cryptography and it is dependent on this.
Signed-off-by: Donald Chan <hoiho@lab126.com>
[yann.morin.1998@free.fr: also add sync comment to python-pycparser]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add a python3 host variant since we are adding a python3 host variant of
python-cryptography and it is dependent on this.
Signed-off-by: Donald Chan <hoiho@lab126.com>
[yann.morin.1998@free.fr:
- add CPE variables
- also add sync comment for python-pip
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add a python3 host variant since we are adding a python3 host variant of
python-cryptography and it is dependent on this.
Signed-off-by: Donald Chan <hoiho@lab126.com>
[yann.morin.1998@free.fr: also add sync comment in python-six]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- CVE-2021-33195: The LookupCNAME, LookupSRV, LookupMX, LookupNS, and
LookupAddr functions in net, and their respective methods on the Resolver
type may return arbitrary values retrieved from DNS which do not follow
the established RFC 1035 rules for domain names. If these names are used
without further sanitization, for instance unsafely included in HTML, they
may allow for injection of unexpected content. Note that LookupTXT may
still return arbitrary values that could require sanitization before
further use
- CVE-2021-33196: The NewReader and OpenReader functions in archive/zip can
cause a panic or an unrecoverable fatal error when reading an archive that
claims to contain a large number of files, regardless of its actual size
- CVE-2021-33197: ReverseProxy in net/http/httputil could be made to forward
certain hop-by-hop headers, including Connection. In case the target of
the ReverseProxy was itself a reverse proxy, this would let an attacker
drop arbitrary headers, including those set by the ReverseProxy.Director
- CVE-2021-33198: The SetString and UnmarshalText methods of math/big.Rat
may cause a panic or an unrecoverable fatal error if passed inputs with
very large exponents
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libmpv-static and libmpv-shared are disabled by default resulting in the
following build failure when building with gl but without rpi, wayland
or x11:
Checking for OpenGL without platform-specific code (e.g. for libmpv) : libmpv-shared not found
Checking for OpenGL context support : gl-cocoa not found
You manually enabled the feature 'gl', but the autodetection check failed.
Here is an extract of wscript:
} , {
'name': '--plain-gl',
'desc': 'OpenGL without platform-specific code (e.g. for libmpv)',
'deps': 'libmpv-shared || libmpv-static',
'func': check_true,
}, {
'name': '--gl',
'desc': 'OpenGL context support',
'deps': 'gl-cocoa || gl-x11 || egl-x11 || egl-drm || '
+ 'gl-win32 || gl-wayland || rpi || '
+ 'plain-gl',
'func': check_true,
'req': True,
'fmsg': "No OpenGL video output found or enabled. " +
"Aborting. If you really mean to compile without OpenGL " +
"video outputs use --disable-gl.",
}, {
Enabling both the shared and static libraries is not allowed by mpv, so
we consider the BR2_STATIC_LIBS to be static, and otherwise (i.e.
BR2_SHARED_LIBS and BR2_SHARED_STATIC_LIBS) to be shared.
Fixes:
- http://autobuild.buildroot.org/results/590d2a8b6746ef071dfb439e42b636f81dbdc35d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- expand config log about shared/static icompatibility
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes https://gitlab.com/buildroot.org/buildroot/-/jobs/1297337965
Commit 15a2f9b819 (package/{mesa3d, mesa3d-headers}: bump
version to 21.0.2) marked BR2_PACKAGE_MESA3D_DRI_DRIVER_SWRAST as legacy,
but forgot to update the defconfig. The SW rasterizer isn't really needed
with the Intel GPU, so just drop it.
In addition, X11 now needs some help with loading the modules in the correct
order, similar to how it was done for the test in commit 4a3639bad0
(support/testing: test_glxinfo load X11 modules in the right order).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Update commit ID to include recent upstream fixes:
- Fix I and D cache synchronization issue (2e2f6faaf105)
- Add carriage return to correct menu formatting (2f6ea51dbb51)
- Add copyright info (7d3413d2ffd9)
- Expand the limit on the size of uboot when update it (623888127a0e)
Signed-off-by: Drew Fustini <drew@beagleboard.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Update the commit id to include upstream fixes:
- Fix print format in load_and_run_ddr(e976d186e69a)
- Update copyright info (f2b049b7fff2)
- Avoid chiplink address exception (86664be28e5d)
Signed-off-by: Drew Fustini <drew@beagleboard.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Disable dc3dd on riscv32 because of the size of time_t (riscv32 has
never had a 32-bit time, and has always been 64-bit from the onset):
In file included from getdate.y:40:
verify.h:132:30: error: negative width in bit-field 'verify_error_if_negative_size__'
132 | (struct { unsigned int verify_error_if_negative_size__: (R) ? 1 : -1; }))
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
verify.h:138:61: note: in expansion of macro 'verify_true'
138 | # define verify(R) extern int (* verify_function__ (void)) [verify_true (R)]
| ^~~~~~~~~~~
getdate.y:116:1: note: in expansion of macro 'verify'
116 | verify (LONG_MIN <= TYPE_MINIMUM (time_t) && TYPE_MAXIMUM (time_t) <= LONG_MAX);
| ^~~~~~
Fixes:
- http://autobuild.buildroot.org/results/267151dec9d2328a5f8c61ddf224219a4f617e5c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Parallel build is broken since bump to version 2.03.12 in commit
80997acd35. Commits 4526078d1b, 8a313b019c, and a7186cd1ea tried to fix
that by only installing systemd units when appropriate.
It turns out that there are more cases where parallel build still fails:
http://autobuild.buildroot.org/results/995/995f46ee0033e34261ba7b24b61c41e7a088602b/
>>> lvm2 2.03.12 Installing to staging directory
[...]
[INSTALL] ioctl/libdevmapper.so
[CC] dmsetup.c
/usr/bin/make -C lib install_device-mapper
[CC] dmsetup.c
[...]
[CC] dmsetup
[CC] dmsetup
/nvme/rc-buildroot-test/scripts/instance-0/output-1/host/lib/gcc/arm-buildroot-linux-gnueabihf/10.3.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /nvme/rc-buildroot-test/scripts/instance-0/output-1/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/Scrt1.o: in function `_start':
(.text+0x54): undefined reference to `main'
collect2: error: ld returned 1 exit status
Makefile:60: recipe for target 'dmsetup' failed
Or:
http://autobuild.buildroot.org/results/a4e/a4ea87da502272dc2e677123b6fbcb0c23106f0b/
>>> lvm2 2.03.12 Installing to staging directory
[...]
[CC] dmsetup
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/lib/gcc/arm-buildroot-linux-musleabihf/9.3.0/../../../../arm-buildroot-linux-musleabihf/bin/ld: /home/giuliobenetti/autobuild/run/instance-3/output-1/host/arm-buildroot-linux-musleabihf/sysroot/lib/Scrt1.o: in function `_start_c':
Scrt1.c:(.text._start_c+0x5c): undefined reference to `main'
collect2: error: ld returned 1 exit status
make[3]: *** [Makefile:61: dmsetup] Error 1
make[3]: Leaving directory '/home/giuliobenetti/autobuild/run/instance-3/output-1/build/lvm2-2.03.12/libdm/dm-tools'
make[2]: *** [../libdm/make.tmpl:315: dm-tools.device-mapper] Error 2
make[2]: *** Waiting for unfinished jobs....
[CC] dmsetup
[INSTALL] dmsetup
[...]
Similar traces in either case: it tries to build dmsetup twice, at
intall time instead of build time.
Fixes:
- http://autobuild.buildroot.org/results/995/995f46ee0033e34261ba7b24b61c41e7a088602b/
- http://autobuild.buildroot.org/results/a4e/a4ea87da502272dc2e677123b6fbcb0c23106f0b/
Note that this is just a workaround for a broken buildsystem anyway:
indeed, the build of dmsetup is done at install time, instead of build
time. More fixes should be worked on with upstream to properly fix the
issue...
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- update after the three partial fix-commits
- extend commit log accordingly
- add new upstream failures
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Import a small patch from the upstream Bugzilla which is needed to allow
building WPE WebKit against uClibc.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[yann.morin.1998@free.fr: add upstream commit refs in backported patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
WebKitGTK 2.32.1 includes fixes for building with the Musl libc, which
also makes it possible to use uClibc as well, therefore arrange
dependencies to allow selecting the package any of the C libraries is in
use. This is done by making the dependencies be more granular, basically
following what the wpewebkit package does.
In order to make make it build against uClibc a small patch that has
been submitted to the upstream's Bugzilla is needed.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[yann.morin.1998@free.fr: add upstream commit refs in backported patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit ff0f55e381 (lvm2: replace !BR2_PACKAGE_LVM2_DMSETUP_ONLY by
BR2_PACKAGE_LVM2_STANDARD_INSTALL) changed a negative-logic option to a
positive-logic option.
However, it kept the ordering of the conditional block, which became a
negatice-logic condition.
This is confusing; let's fix that.
Reported-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Bump version to 2.92 by:
- removing local patches that have been upstreamed
- adding BR2_TOOLCHAIN_HAS_SYNC_4 dependency
- adding libblockdev dependencies
- adding libmount(contained in util-linux package) dependency
- moving download site to github since it's the new upstream address
- disabling all useless udisks's build option to shrink its size and t
use it as a daemon
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add Libs.private to libraw.pc to fix the following static build failure
with imagemagick which is raised since commit
2f47cfade4:
/home/giuliobenetti/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/9.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: /home/giuliobenetti/autobuild/run/instance-1/output-1/host/bin/../arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libjasper.a(jpg_enc.c.o): in function `jpg_encode':
jpg_enc.c:(.text+0x1f4): undefined reference to `jpeg_stdio_dest'
Fixes:
- http://autobuild.buildroot.org/results/88e43a1ea2059a684e50b0f5f2af407e8c6df2e1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Disabling tests will fix the following build failures on riscv32:
select_poll_epoll.c:408:16: note: each undeclared identifier is reported only once for each function it appears in
select_poll_epoll.c: In function 'ppoll_fds_ulong_max':
select_poll_epoll.c:440:16: error: 'SYS_ppoll' undeclared (first use in this function); did you mean 'SYS_tkill'?
440 | ret = syscall(SYS_ppoll, ufds, ULONG_MAX, NULL, NULL);
| ^~~~~~~~~
| SYS_tkill
select_poll_epoll.c: In function 'pselect_invalid_fd':
select_poll_epoll.c:488:16: error: 'SYS_pselect6' undeclared (first use in this function); did you mean 'SYS_semctl'?
488 | ret = syscall(SYS_pselect6, fd + 1, &rfds, NULL, NULL, NULL, NULL);
| ^~~~~~~~~~~~
| SYS_semctl
Fixes:
- http://autobuild.buildroot.org/results/dd39188a7191efa512a51f18f4c34d9ee711a6a7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
BR2_ENABLE_DEBUG should just steer the availability of debug symbols and
should have no negative effect on performance.
Introduction of 'assert' statements, 'debug'-type builds with additional
logging, etc. should be steered by BR2_ENABLE_RUNTIME_DEBUG instead.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
BR2_ENABLE_DEBUG should just steer the availability of debug symbols and
should have no negative effect on performance.
Introduction of 'assert' statements, 'debug'-type builds with additional
logging, etc. should be steered by BR2_ENABLE_RUNTIME_DEBUG instead.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Below are the flags set by zmqpp depending on the specified CONFIG variable:
CONFIG_FLAGS =
ifeq ($(CONFIG),debug)
CONFIG_FLAGS = -g -fno-inline -ftemplate-depth-1000
endif
ifeq ($(CONFIG),valgrind)
CONFIG_FLAGS = -g -O1 -DNO_DEBUG_LOG -DNO_TRACE_LOG
endif
ifeq ($(CONFIG),max)
CONFIG_FLAGS = -O3 -funroll-loops -ffast-math -finline-functions \
-fomit-frame-pointer -DNDEBUG
endif
ifneq (,$(findstring $(CONFIG),release loadtest))
CONFIG_FLAGS = -O3 -funroll-loops -ffast-math -finline-functions \
-fomit-frame-pointer -DNO_DEBUG_LOG -DNO_TRACE_LOG -DNDEBUG
endif
For the flags added with CONFIG=debug, '-g' is to be steered by the core
infrastructure (could be '-g1', '-g2' etc.)
The flag '-ftemplate-depth' is only a protection against incorrect code and
not really needed in Buildroot context.
Finally, the flag '-fno-inline' may be useful when really stepping through
zmqpp code, but is a very specific use case.
With the above in mind, not passing CONFIG=debug may actually be better.
Use 'CONFIG=buildroot' instead.
Note that we don't pass an empty 'CONFIG' to avoid confusion, as this
variable is also passed through to the variable BUILD_ENV, even though it is
currently unused.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
BR2_ENABLE_DEBUG should just steer the availability of debug symbols and
should have no negative effect on performance.
Introduction of 'assert' statements, 'debug'-type builds with additional
logging, etc. should be steered by BR2_ENABLE_RUNTIME_DEBUG instead.
The sofia-sip package was setting '--enable-ndebug' conditionally based on
BR2_ENABLE_DEBUG, and this would have to be updated to be based on
BR2_ENABLE_RUNTIME_DEBUG.
However, the sofia-sip option '--enable-ndebug' only sets the 'NDEBUG'
preprocessor macro, and the core package infrastructure already sets this
macro correctly based on BR2_ENABLE_RUNTIME_DEBUG.
This means that the explicit '--enable-ndebug' flag can be removed.
Suggested-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The preprocessor option NDEBUG, triggered by the configure option
'--enable-ndebug', should be read as 'no-debug'. When NDEBUG is set, asserts
are _disabled_.
The sofia-sip package had inverted logic, and set '--enable-ndebug' when
BR2_ENABLE_DEBUG was enabled, while it should be the other way around.
Reported-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
BR2_ENABLE_DEBUG should just steer the availability of debug symbols and
should have no negative effect on performance.
Introduction of 'assert' statements, 'debug'-type builds with additional
logging, etc. should be steered by BR2_ENABLE_RUNTIME_DEBUG instead.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
BR2_ENABLE_DEBUG should just steer the availability of debug symbols and
should have no negative effect on performance.
Introduction of 'assert' statements, 'debug'-type builds with additional
logging, etc. should be steered by BR2_ENABLE_RUNTIME_DEBUG instead.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
BR2_ENABLE_DEBUG should just steer the availability of debug symbols and
should have no negative effect on performance.
Introduction of 'assert' statements, 'debug'-type builds with additional
logging, etc. should be steered by BR2_ENABLE_RUNTIME_DEBUG instead.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
BR2_ENABLE_DEBUG should just steer the availability of debug symbols and
should have no negative effect on performance.
Introduction of 'assert' statements, 'debug'-type builds with additional
logging, etc. should be steered by BR2_ENABLE_RUNTIME_DEBUG instead.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
sysrepo explicitly sets CMAKE_BUILD_TYPE=Release, ignoring any possible
value of BR2_ENABLE_DEBUG (previously) or BR2_ENABLE_RUNTIME_DEBUG (now).
With the introduction of BR2_ENABLE_RUNTIME_DEBUG, this change should no
longer be necessary. Users that do not wish to have additional runtime
debugging just keep BR2_ENABLE_RUNTIME_DEBUG disabled (default value).
As the 'Debug' build type enables tests, disable them explicitly.
As the 'Debug' build type uses a custom REPO_PATH which does not exist on
target, force /etc/sysrepo like in the 'Release' build type.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Acked-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Use the default build type for host-sysrepo.
In the current version of sysrepo, this happens to be 'Debug'.
As 'Debug' also enables tests, explicitly disable them.
Suggested-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Acked-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
flare-engine enables profiling when CMAKE_BUILD_TYPE is 'Debug'. The
Buildroot package explicitly avoided that by forcing CMAKE_BUILD_TYPE to
'RelWithDebInfo' when pkg-cmake.mk would normally set it to 'Debug'. Until
recently, this was the case when BR2_ENABLE_DEBUG was enabled.
A previous commit changed the condition under which CMAKE_BUILD_TYPE=Debug
was set, from BR2_ENABLE_DEBUG=y to BR2_ENABLE_RUNTIME_DEBUG=y, so logically
the flare-engine package would have to be updated accordingly.
However, apart from the profiling flag, the flare-engine package only uses
CMAKE_BUILD_TYPE to determine flags that Buildroot wants to control itself,
like optimization and debugging flags.
This means we can fake CMAKE_BUILD_TYPE to a value that has no meaning for
flare-engine itself, without needing to check BR2_ENABLE_DEBUG nor
BR2_ENABLE_RUNTIME_DEBUG.
Incidentally, this trick was already done in case
BR2_TOOLCHAIN_HAS_GCC_BUG_85180 was true, so move that line out of this
condition.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The CMAKE_BUILD_TYPE is currently set as 'Debug' in case BR2_ENABLE_DEBUG is
set, and as 'Release' in other cases. However, while the description of
BR2_ENABLE_DEBUG is to enable debug symbols (no runtime impact), the 'Debug'
build type in CMake can actually have runtime impact. For one, because it
does not set -DNDEBUG like is done for 'Release', but also because packages
may do custom things based on it.
The question of which CMAKE_BUILD_TYPE Buildroot should set, be it 'Debug',
'Release', 'RelWithDebInfo' or others, has come up several times in the
past. See some references below:
- July 2016: switch from Debug to RelWithDebInfo:
https://git.buildroot.org/buildroot/commit/?id=4b0120183404913f7f7788ef4f0f6b51498ef363
- October 2016: switch from RelWithDebInfo back to Debug:
https://git.buildroot.org/buildroot/commit/?id=104bb29e0490bfb487e2e665448dd3ca07fcc2b5
and changes to make sure Buildroot's flags are respected:
https://git.buildroot.org/buildroot/commit/?id=12494ef48f893684d0800e7f6fe39a2ceaed0451
- August 2017: bug #10246 - "BR2_ENABLE_DEBUG does not have the expected
effect for cmake packages"
https://bugs.busybox.net/show_bug.cgi?id=10246
- August 2017: mail thread following bug #10246:
http://lists.busybox.net/pipermail/buildroot/2017-August/200778.html
In the last mail thread, Samuel Martin confirmed that the 'Release' build
type could be used in all cases, because Buildroot is actually making sure
that the optimization flags are those determined by Buildroot, not the
defaults of cmake, thanks to commit 12494ef48f.
But Arnout Vandecappelle objected to using always 'Release', stating that
users may actually want the extra assertions.
With the introduction of BR2_ENABLE_RUNTIME_DEBUG, Buildroot can now cater
for all cases:
- use CMAKE_BUILD_TYPE=Release by default. This makes sure that there is no
unexpected performance degradation triggered by enabling BR2_ENABLE_DEBUG.
- users can optionally enable BR2_ENABLE_RUNTIME_DEBUG if they want runtime
debug info like assertions, at the risk of introducing performance
degradation. In this case, we switch to CMAKE_BUILD_TYPE=Debug.
- orthogonally to the above, BR2_ENABLE_DEBUG still determines passing the
'-g' flag to enable debug symbols, and BR2_OPTIMIZE_X still determines the
used optimization flags.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The 'assert' statement in glibc honors the 'NDEBUG' preprocessor macro: if
it is set, then the assert statement is compiled away.
Define this 'NDEBUG' macro when BR2_ENABLE_RUNTIME_DEBUG is disabled (the
default case).
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Some packages have optional runtime assertions, extra traces, or other
elements that can help in debugging problems. However, such runtime elements
can negatively influence performance.
In a test program performing 100K gRPC calls from a client to a local server
and receiving the returned response, we see following execution time:
- runtime debug enabled: 1065 seconds
- runtime debug disabled: 48 seconds
This is more than a factor 20 (!) difference. Analysis shows that the
problem mostly stems from libabseil-cpp (a dependency of gRPC) which enables
mutex deadlock analysis when the preprocessor flag 'NDEBUG' is not set,
which adds a 'backtrace()' call on every lock/unlock. Potentially worse,
when libunwind is enabled and linked with the test program, 'backtrace()' is
not provided by glibc but by libunwind itself.
For production systems, users expect good performance out-of-the-box. In the
example above, the difference is huge and unless explicitly tested and
analyzed, users may not realize that the performance could be much better.
Address this problem by introducing a new option BR2_ENABLE_RUNTIME_DEBUG,
which can be used by packages or package infrastructures to set the
necessary flags.
Note that BR2_ENABLE_RUNTIME_DEBUG is orthogonal to BR2_ENABLE_DEBUG: the
former changes runtime behavior, while the latter is only expected to add
debug symbols to the build. Today, the cmake build system does introduce a
runtime impact when BR2_ENABLE_DEBUG is set, but that will be rectified in a
subsequent commit.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
unscd unconditionally uses __NR_clock_gettime which will raise the
following build failure on riscv32:
nscd-0.54.c:339:14: error: '__NR_clock_gettime' undeclared (first use in this function); did you mean 'clock_gettime'?
339 | if (syscall(__NR_clock_gettime, CLOCK_MONOTONIC, &ts))
| ^~~~~~~~~~~~~~~~~~
| clock_gettime
Fixes:
- http://autobuild.buildroot.org/results/eb77b18f268d8e59c407f757662117a33d3f9ee3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add -std=c++11 to fix the following build failure with gcc 11:
In file included from shared-ptr/base.cxx:5:
../cutl/shared-ptr/base.hxx:34:41: error: ISO C++17 does not allow dynamic exception specifications
34 | operator new (std::size_t, cutl::share) throw (std::bad_alloc);
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/60a39d402a0d051c92aa11421b7a14f7729a0380
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Recently in Buildroot the option BR2_PIC_PIE has been enabled by default along
with other hardening features [1]. Since then the nios2 defconfig
qemu_nios2_10m50_defconfig is failing to boot due to a segfault in init program:
Run /init as init process
with arguments:
/init
with environment:
HOME=/
TERM=linux
Failed to execute /init (error -12)
See Buildroot build log and Qemu runtime test log in build artifacts [2].
Analyzing one of the binary with strace show that the problem occur
very early when starting the new process:
# strace ./busybox
execve("./busybox", ["./busybox"], 0x7f91ce90 /* 10 vars */) = -1 ENOMEM
(Cannot allocate memory)
+++ killed by SIGSEGV +++
Several binutils/glibc/gcc version has been tested without any success.
The issue has been reported to the glibc mailing list but it can be a linker
or kernel bug [3].
For the Buildroot 2021.05 release, disable BR2_PIC_PIE until the problem is
found and fixed.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1285145889
[1] https://git.buildroot.net/buildroot/commit/?id=810ba387bec3c5b6904e8893fb4cb6f9d3717466
[2] https://gitlab.com/buildroot.org/buildroot/-/jobs/1285145889
[3] https://sourceware.org/pipermail/libc-alpha/2021-May/126912.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following:
- CVE-2021-27803: A vulnerability was discovered in how p2p/p2p_pd.c in
wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision
discovery requests. It could result in denial of service or other impact
(potentially execution of arbitrary code), for an attacker within radio
range.
Signed-off-by: Sam Voss <sam.voss@collins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issue:
- CVE-2021-25217: A buffer overrun in lease file parsing code can be used to
exploit a common vulnerability shared by dhcpd and dhclient
For details, see the advisory:
https://kb.isc.org/docs/cve-2021-25217
Update the LICENSE hash for a change of copyright years.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Due to the recent events at Frenode [0], the channel has become a bit
unreliable (much spammed), and users have started to move away already,
as quite a few other projects have moved their IRC presence away from
Freenode.
There are a few alternatives. The first to spring to mind, is the new
Libera.Chat network [1], managed by the previous Freenode staff, so we
could expect quite a good experience there. However, it is a very young
network. The second well known alternative is the long-established OFTC,
which has been very reliable in its 20 years of existence.
So, let's move to OFTC, just because it has a track-record of robustness
(which Libera.Chat still has to build, for being young).
Note: there are a lot of other IRC networks, some very good too, but we
probably would be much off-topic on most of them.
[0] https://lwn.net/Articles/856543/
[1] https://libera.chat/
[2] https://www.oftc.net/
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Acked-by: Matthew Weber <matthew.weber@collins.com>
Acked-by: Heiko Thiery <heiko.thiery@gmail.com>
Acked-By: Vincent Fazio <vfazio@xes-inc.com>
Acked-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This reverts commit a8a147f604.
That commit incorrectly made use of BR2_TOOLCHAIN_SUPPORTS_PIE, when it
should have been using BR2_PIC_PIE.
Besides, another attempt is pending, that unconditionally disables it as
it will be set by the toolchain wrapper already.
For both reasons, revert rather than switch over to BR2_PIC_PIE.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the wlroots packaging by checking for the correct variable to
determine whether seatd is being built.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
boost logs can't be built with riscv32 because it unconditionally uses
__NR_futex:
libs/log/src/event.cpp: In member function 'void boost::log::v2_mt_posix::aux::futex_based_event::wait()':
libs/log/src/event.cpp:38:29: error: '__NR_futex' was not declared in this scope
38 | #define BOOST_LOG_SYS_FUTEX __NR_futex
| ^~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/8c8135fd7c0517c66c9b3975c494da6d7934cc1b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Hostapd/wpa_supplicant crypto backend assumes that openssl always
provides DES support. However DES support in openssl has become
optional since commit a83d41867c ("package/libopenssl: add
option to enable some features").
Select openssl DES support in hostapd Kconfig to avoid
build failures.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
MuPDF is a lightweight PDF, XPS, and E-book viewer.
Note: some packages, like PyMuPDF, depend on mupdf's libraries, hence
the patch.
Signed-off-by: Raphaël Mélotte <raphael.melotte@essensium.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout:
- propagate harfbuzz dependencies;
- correct version number in hash file;
- patch on post-patch hook instead of post-extract;
- nicer line splitting]
If BR2_ENABLE_DEBUG is not set, Buildroot did not pass any flag
to control debug level. This means that the build system of the package
itself would control it.
Instead, provide an explicit '-g0' (no debugging symbols) to get consistent
behavior across packages.
Suggested-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Pass -DENABLE_GAMEPAD=OFF to CMake in order to disable support for the
gamepad API, which requires libmanette, a library that is not yet
available in Buildroot.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
NTLM is an old authentication protocol depending on DES and MD4 and
its creator, Microsoft, discourage its use since 2010, because it is
weak and vulnerable to many attacks.
libgit2 has support for NTLM and it is enabled by default if openssl
is used, however, since commit a83d41867c ("package/libopenssl: add
option to enable some features"), support for DES and MD4 can be
disabled in openssl.
Since openssl is an optional dependency to libgit2 and getting rid of
NTLM is a goal in itself for many windows administrators, disable NTLM
by default.
Fixes: http://autobuild.buildroot.net/results/efb4ce2174cb6944558e895ce852182ba2738a70
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This update includes a build fix for the RaspberryPi 4 (from 1.5.7)
and a fix for the GL library loader when GLX is involved (from 1.5.6)
Release notes:
https://github.com/anholt/libepoxy/releases/tag/1.5.6https://github.com/anholt/libepoxy/releases/tag/1.5.7
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[francois.perrad@gadz.org: fix indent in hash file]
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[yann.morin.1998@free.fr: meld Adrian and François' patches together]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Among other fixes, switching to the current stable version plugs a few
memory leaks; solves many WebSocket bugs; makes NTLM authentication work;
allows building gobject-introspection data when cross-building (to be
enabled in a separate patch); fixes message cancellation; adds support
for HTTP 308 permanent redirects, same-site cookies, secure cookies,
HSTS, and Brotli compression.
This also removes the unneeded LIBSOUP_CONF_ENV which defined an
autoconf variable, and updates the Meson build configuration options
to follow the changes done by upstream.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[yann.morin.1998@free.fr:
- reorder options and move them one per line
- while at it, do the same for dependencies
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since 810ba387be, some form of these options are enable
by default. Specifically:
- Kept FORTIFY level 2 option as the default is now level 1.
- Removed all SSP options as the default now uses the best
option based on toolchain support.
- Similar to SSP, for RELRO, the default now uses the best
option based on toolchain support.
- Completely drop PIC PIE as it defaults =y
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Change libsoup to version 2.66.5, which introduces many fixes. This
needs adding the libpsl dependency, and switching over to Meson as the
autotools based build system is no more. The existing patch is not
needed anymore.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Package libpsl is a new non-optional dependency of future libsoup
versions.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[yann.morin.1998@free.fr: reorder some variables]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: dependencies fit on a single line]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Hostapd/wpa_supplicant crypto backend assumes that openssl always
provides MD4 support. However MD4 support in openssl has become
optional since commit a83d41867c ("package/libopenssl: add
option to enable some features").
Select openssl MD4 support in wpa_supplicant Kconfig to avoid
build failures.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure:
In file included from /data/buildroot-autobuilder/instance-0/output-1/build/host-llvm-9.0.1/utils/benchmark/src/benchmark_register.cc:15:
/data/buildroot-autobuilder/instance-0/output-1/build/host-llvm-9.0.1/utils/benchmark/src/benchmark_register.h: In function 'void AddRange(std::vector<T>*, T, T, int)':
/data/buildroot-autobuilder/instance-0/output-1/build/host-llvm-9.0.1/utils/benchmark/src/benchmark_register.h:17:30: error: 'numeric_limits' is not a member of 'std'
17 | static const T kmax = std::numeric_limits<T>::max();
| ^~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/68581aad7c622a1fc74bb5556799e3c681425b2a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes CVE-2021-30465: runc 1.0.0-rc94 and earlier are vulnerable to a symlink
exchange attack whereby an attacker can request a seemingly-innocuous container
configuration that actually results in the host filesystem being bind-mounted
into the container, allowing for a container escape.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2021-32055: Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt
2019-10-25 through 2021-05-04) has a $imap_qresync issue in which
imap/util.c has an out-of-bounds read in situations where an IMAP
sequence set ends with a comma. NOTE: the $imap_qresync setting for
QRESYNC is not enabled by default.
https://gitlab.com/muttmua/mutt/-/blob/mutt-2-0-7-rel/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes: CVE-2021-22207 Excessive memory consumption in MS-WSP dissector
in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service
via packet injection or crafted capture file
See also: https://www.wireshark.org/security/wnpa-sec-2021-04.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: add CVE reference]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Select a few missing multimedia related dependencies:
- BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_AUTODETECT is needed for
"autoaudiosink"; not having this element can cause a crash as
it is used unconditionally.
- BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_MATROSKA and
BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_VPX are needed for
WebM video playback.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The GStreamer-GL usage in WebKitGTK is usable as long as GStreamer
is configured with a valid platform API (GLX+OpenGL, EGL+OpenGL,
EGL+GLES, etc.), which is exactly what the symbol
BR2_PACKAGE_GST1_PLUGINS_BASE_LIB_OPENGL_HAS_PLATFORM represents.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The GStreamer-GL usage in WPE WebKit is usable as long as GStreamer
is configured with a valid platform API (GLX+OpenGL, EGL+OpenGL,
EGL+GLES, etc.), which is exactly what the symbol
BR2_PACKAGE_GST1_PLUGINS_BASE_LIB_OPENGL_HAS_PLATFORM represents.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Select a few missing multimedia related dependencies:
- BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_AUTODETECT is needed for
"autoaudiosink"; not having this element can cause a crash as
it is used unconditionally.
- BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_MATROSKA and
BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_VPX are needed for
WebM video playback.
Note that BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_VPX depends on THREADS
(because of libvpx), but webktigtk already depend on libgtk3, which
depends on THREADS. The probability that GTK3 drops the dependency on
THREADS is sufficiently close to zero that we need not account for that.
So we do not propagate the THREADS dependency for this option.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Synchronize the list of architectures that have LinuxThreads support
with the ones from uClibc-ng.
Signed-off-by: Mircea GLIGA <mgliga@bitdefender.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit f289b1b36f (legacy: drop options removed more than 5 years ago
now) forgot to remove a legacy default.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Remove upstream patch 0001-remove-werror-flag-from-setup.patch
- Refactor Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch to apply
to 4.4.0
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Tested-by: Matthew Weber <matthew.weber@collins.com>
Tested-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Release notes:
https://trustedfirmware-a.readthedocs.io/en/latest/change-log.html#version-2-5
The existing qemu_aarch64_sbsa_defconfig was using an unpinned version
of ATF, so to avoid any regression, it is pinned to the previous
version, 2.4.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
[yann.morin.1998@free.fr: pin ATF version in qemu_aarch64_sbsa_defconfig]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
[yann.morin.1998@free.fr: propagate the dependency to kodi]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
python-bluezero selects python-gobject but fails to include its arch and
toolchain dependencies. Add them now, as well as the corresponding
comment.
dbus-python also has some dependencies, but all of them are covered by
the python3 dependency, so don't bother with those.
Fixes: 8bdc5e7c4d
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
As of version 0.4.0 observer.py uses dbus-python (to comunicate with BlueZ)
instead of python-aioblescan. Thus, all modules now depend on dbus-python.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
ebtables 2.0.11 no longer works correctly when userland is 32-bit and the
kernel is 64-bit. This used to work correctly in version 2.0.10-4.
Problem is twofold:
- ebtables itself was broken and needs to be patched
- buildroot needs to pass the correct flag again to indicate when we are in
this situation
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
If libglib2 is not build before building the dbus plugin, mender fails to
compile with the following error:
Package 'gio-2.0', required by 'virtual:world', not found
- Add a check for libglib2 in addition to dbus when enabling the dbus plugin.
- Depend on libglib2 if both packages are selected.
Fixes:
http://autobuild.buildroot.org/results/1bc5893b88db08612059ad899c2bc3b2abb291fb
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Let's add upstream patches introducing -mcmodel=large or1k gcc option that
works in conjunction with previous binutils patch. That option fix binutils
bug 21464[1] allowing to build libgeos with no problem. This way we can
consider buildroot toolchain binutils bug 21464 free.
[1]: https://sourceware.org/bugzilla/show_bug.cgi?id=21464
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: remove the PATCH M/N parts - cfr. check-package]
Actual patches are stubs suggested but now they are available as upstream.
So let's substitute them since they make part of a or1k patchset and next
patch will add the others.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: remove the PATCH M/N parts - cfr. check-package]
DHCP package may silently fail to install binaries to the target image.
The problem occurs when buildroot output/host and build server provide
different flavors of awk. For instance, mawk on build server and gawk
in buildroot output/host. In this case isc-dhcp configure script detects
gawk in output/host and generates Makefiles specifying gawk without
absolute path. During Buildroot installation phase, those Makefiles
are used to install dhcp binaries. They attempt to use gawk without
absolute path. However build host does not have gawk.
To resolve the issue add host-gawk to dependencies and specify absolute
path to host-gawk in dhcp configure script using DHCP_CONF_ENV.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
A mirror of bpf-next linux tree bpf-next/tools/lib/bpf
directory plus its supporting header files. The version
of the package reflects the version of ABI.
Signed-off-by: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Qais Yousef <qais.yousef@arm.com>
Reviewed-by: Qais Yousef <qais.yousef@arm.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: add hash file]
Commit a8fbe67b9b ("package/wpa_supplicant: add upstream patch to fix
CVE-2021-30004") added security patch from hostapd upstream without
required ASN.1 helpers. Backport and adapt two commits from the
hostapd upstream to add missing headers and helpers.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
assimp doesn't build with zlib-ng because Z_EXPORT and z_crc_t are used
by the bundled unzip source code
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Static build of gnuplot with gd and libiconv is broken since bump to
version 2.3.1 in commit 970b2ca3cc:
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/powerpc-buildroot-linux-uclibc/9.3.0/../../../../powerpc-buildroot-linux-uclibc/bin/ld: /home/giuliobenetti/autobuild/run/instance-3/output-1/host/bin/../powerpc-buildroot-linux-uclibc/sysroot/usr/lib/libgd.a(gdkanji.o): in function `do_convert':
gdkanji.c:(.text+0x148): undefined reference to `libiconv_open'
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/powerpc-buildroot-linux-uclibc/9.3.0/../../../../powerpc-buildroot-linux-uclibc/bin/ld: gdkanji.c:(.text+0x1d0): undefined reference to `libiconv'
This build failure is raised because LIBS has been replaced by
LIBS_PRIVATES in gdlib.pc.in since
https://github.com/libgd/libgd/commit/28ecfe77c817aff8ce56422d3e4e8533a281bc76
Fixes:
- http://autobuild.buildroot.org/results/5ab5f4744adfd8d8be483204a9c7f59e34ce26c6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
On hosts where gawk is not available, it is not possible to build the
package with server option (BR2_PACKAGE_DHCP_SERVER).
The build goes through without errors but the binaries are not created
and installed. The reason is that autotools cannot find gawk.
Fixes: Bug 13781
Reported-by: Kay Jeschonneck <kay.jeschonneck@airbus.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Other changes:
- Change -Dgi_cross_use_host_gi=true to -Dgi_cross_use_prebuilt_gi=true as the
option has changed.
- Explicitly define python3 in both the host and target builds of
g-ir-tool-template.in
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[yann.morin.1998@free.fr:
- add hash for giscanner/scannerlexer.l used as license file
- two spaces in hash file
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Xattrs is required for SELinux. Explicitly enable the feature when the
libselinux package is selected.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Other changes:
- Drop 0002-allow-explicit-disabling-of-tests.patch as this patch has been
upstreamed and the option is now simply "tests."
- Add -Dglib_debug=disabled and -Dlibelf=disabled as defaults to both
HOST_LIBGLIB2_CONF_OPTS and LIBGLIB2_CONF_OPTS
- Refactor existing patches to apply to 2.68.1
Tested with test-pkg -p libglib2 -a.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The new branch "4.x" of at91bootstrap has dropped the contrib directory,
which holds the defconfigs used by the Acmesystems Acqua A5 boards. We
then cannot use the latest at91bootstrap anymore.
As commit e009816c67 introduced support
for at91bootstrap 4.x in the "next" branch, it had to work around this
by pinning these defconfigs to the "latest 3.x" version.
Avoid this and any future incompatibility problems by explicitly
requesting a tested version of at91bootstrap.
Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
[yann.morin.1998@free.fr: use a custom git, like other acme defconfigs]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit d65586f45a ("package/hostapd: add upstream patch to fix
CVE-2021-30004") added security patch from hostapd upstream without
required ASN.1 helpers. Backport and adapt two commits from the
hostapd upstream to add missing headers and helpers.
Fixes:
http://autobuild.buildroot.net/results/8f56cf556efbf447633ce873a21635f5adbc3cd2/
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[yann.morin.1998@free.fr: slightly reformat the patches]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The examples require libstdc++.so.6 so add the required dependency to
the Config.in.
./tiger: error while loading shared libraries: libstdc++.so.6: cannot open shared object file: No such file or directory
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Disable -Werror to fix the following build failure with gcc 11:
/data/buildroot-autobuilder/instance-0/output-1/build/host-flatcc-0.6.0/include/flatcc/reflection/flatbuffers_common_builder.h: In function 'flatbuffers_char_array_copy_from_pe':
/data/buildroot-autobuilder/instance-0/output-1/build/host-flatcc-0.6.0/include/flatcc/reflection/flatbuffers_common_builder.h:341:3: error: this 'for' clause does not guard... [-Werror=misleading-indentation]
341 | for (i = 0; i < n; ++i) N ## _copy_from_pe(&p[i], &p2[i]); return p; }\
| ^~~
An other option would have been to retrieve the following upstream
commit:
https://github.com/dvidelabs/flatcc/commit/f8c4140dd9dde61c86db751f6002def78754fced
but disabling -Werror is more future-proof
Fixes:
- http://autobuild.buildroot.org/results/4d5cdddbfeefdeb943234b76eb08b04376f3c36d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 8c3f281626 (configs/rpi: fix defconfigs after upstream rebased)
attempted to point the raspberrypi defconfigs to an existing commit in
the linux rpi repository.
However, in doing so, only a partial replacement was done: the version
string in the tarball filename was not replaced (missing 'g' to the sed
expression).
Fix that now.
Reported-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Select mandatory libopenssl features (which are selectable since
commit a83d41867c):
- BR2_PACKAGE_LIBOPENSSL_ENABLE_BLOWFISH
- BR2_PACKAGE_LIBOPENSSL_ENABLE_CAST
- BR2_PACKAGE_LIBOPENSSL_ENABLE_DES
Fixes:
- http://autobuild.buildroot.net/results/7fdcaa337a7369673ac4580ff7a2bbccc895dca2
openssl.c:449:35: warning: implicit declaration of function 'EVP_bf_ecb'; did you mean 'EVP_sm4_ecb'? [-Wimplicit-function-declaration]
449 | if (!EVP_EncryptInit_ex(evp_ctx, EVP_bf_ecb(), NULL, NULL, NULL))
| ^~~~~~~~~~
| EVP_sm4_ecb
openssl.c:449:35: warning: passing argument 2 of 'EVP_EncryptInit_ex' makes pointer from integer without a cast [-Wint-conversion]
449 | if (!EVP_EncryptInit_ex(evp_ctx, EVP_bf_ecb(), NULL, NULL, NULL))
| ^~~~~~~~~~~~
| |
| int
In file included from openssl.c:34:
.../host/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/openssl/evp.h:583:53: note: expected 'const EVP_CIPHER *' {aka 'const struct evp_cipher_st *'} but argument is of type 'int'
583 | const EVP_CIPHER *cipher, ENGINE *impl,
| ~~~~~~~~~~~~~~~~~~^~~~~~
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As spotted by Eugen, BR2_TARGET_AT91BOOTSTRAP3_NEEDS_PYTHON3 currently
is outside the at91bootstrap section, because it was inccorectly added
after the 'endif' statement rather than before, which makes the
menuconfig layout weird.
Move it around.
Reported-by: Eugen Hristev <eugen.hristev@microchip.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Some at91bootstrap3 configurations now use Python scripts on the host
for NAND/PMEC related utilities. In order to be able to use those
scripts, this commit adds a new
BR2_TARGET_AT91BOOTSTRAP3_NEEDS_PYTHON3 which allows to express the
need for host-python3 as a dependency to build at91bootstrap3.
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
[Thomas: this was extracted from a patch from Eugen adding
at91bootstrap 4.x support.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The project at https://github.com/linux4sam/at91bootstrap was until
now releasing 3.x versions, which were packaged using
boot/at91bootstrap3/ in Buildroot. Microchip has now started a new
branch of at91bootstrap, called 4.x, which will only support the
following devices: sam9x60, sama5d2, sama5d3, sama5d4, sama7g5. A
number of older devices from Microchip will only be supported by the
existing 3.x series.
Therefore, we cannot simply remove support for the 3.x series, and
allow using only the 4.x series.
So what this commit does is extend the boot/at91bootstrap3 package to
support building both 3.x and 4.x versions. In detail, this implies:
* Having the BR2_TARGET_AT91BOOTSTRAP3_LATEST_VERSION symbol point to
the latest 4.x version. Indeed, we want
BR2_TARGET_AT91BOOTSTRAP3_LATEST_VERSION to really point to the
latest upstream version, even if that means potential breakage for
users. Users who want to use a fixed version of at91bootstrap
should anyway not be using
BR2_TARGET_AT91BOOTSTRAP3_LATEST_VERSION.
* Introduce BR2_TARGET_AT91BOOTSTRAP3_LATEST_VERSION_3X for users who
would like to use the latest 3.x series.
* Adjust the installation logic, as images to install are now in
build/binaries/*.bin instead of binaries/*.bin. In order to not
have to differentiate 3.x and 4.x, we simply use $(wildcard ...) to
expand the list of files to install.
* To make it clear that boot/at91bootstrap3 supports both 3.x and
4.x, we also update the prompt of the package.
at911bootstrap does not carry a license file; so far we were using
main.c as the license file, as it carries the license blurb. Now that we
have a known alternate version, we would need a per-version hash for
that file. However, this is a bit too cumbersome to handle, so just drop
using main.c as the license file. When upstream introduces a proper
license file, we can revisit the situation.
Update the two defconfigs that were using the upstream 3.9.3 version;
all other defconfigs are using custom tarballs or custom git trees.
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
[Thomas: while this patch is based on previous work by Eugen, it was
reworked quite significantly.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr:
- drop main.c as license file, explain why
- update the two defconfigs
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- If a package doesn't have any versioning, ignore and state that
- If a package is virtual, CVE=ignore and CPE state virtual
- For any of these NA cases, don't provide search link and color box
green
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
has_valid_infra() is incorrectly named; it probably should be named
is_actual_package(), and has_valid_infra() would be changed to
actually represent having an actual infra.
This resolves packages reporting as having no valid package infra and
cleans up reporting cases of CPE and CVEs where there isn't a valid version
or package definition outside Buildroot
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Currently a verified CPE reports the following if versions are not found
cpe:2.3:a:qemu:qemu:5.2.0:*:*:*:*:*:*:*
CPE identifier unknown in CPE database (Search)
This patch clarifies the report to state the 'version' is unknown instead
of the 'identifier'.
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Currently, patches with renames are refused, as they reqire patch 2.7
or newer. So far, we did not require that version because it was too
recent to be widely available.
But patch 2.7 has been released in 2012, almost 9 years ago now; it is
old enough that we can start relying on it.
Add a check that patch is GNU patch 2.7 or newer, and so drop the common
check for patch, and drop the check about renames in apply-patches.sh.
Signed-off-by: Ryota Kinukawa <pojiro.jp@gmail.com>
[yann.morin.1998@free.fr:
- drop common check
- shorten variable names
- drop now-incorrect comment about busybox w/desktop
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit reworks how BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS is
defined to more clearly map with the list of platforms supported by
Rust as listed at
https://doc.rust-lang.org/nightly/rustc/platform-support.html. Indeed,
the situation is not as simple as a list of architectures, all
supported for both glibc and musl.
So instead, we take the approach of directly mapping with what's
described at
https://doc.rust-lang.org/nightly/rustc/platform-support.html, which
means:
* A list of Tier 1 platforms (in fact just 3 platforms)
* A list of Tier 2 platforms with host tools (i.e where rustc and
cargo themselves are available for the target, something that isn't
relevant for Buildroot)
* A list of Tier 2 platforms with no host tools support.
For each platform, we add as a comment its Rust tuple name, as listed
at https://doc.rust-lang.org/nightly/rustc/platform-support.html, and
then the corresponding Buildroot architecture/libc dependency.
This is obviously more verbose than it was, but it is also a lot
easier to maintain.
With this, a total of 16 new platforms are supported, 13 of which are
musl-based. The additional non-musl platforms are ARMv5TE, RISC-V
64-bit and Sparc64.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The current rustc package only supports configurations based on glibc
and hardcodes this requirement. This patch prepares the addition of
support for musl-based platforms by using $(LIBC) instead of
hardcoding "gnu" as the C library specifier when defining
RUSTC_TARGET_NAME.
Signed-off-by: Nathaniel Husted <nathaniel.husted@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of passing -latomic through LDFLAGS as done in commit
4ed540ddf5, properly check for it in
configure.ac and add it to numa.pc or numactl users won't be able to get
it
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Qemu 6.0.0 no longer segfaults when running qemu-riscv32. As such, it's now
possible to allow riscv32 to compile gobject-introspection.
This partially reverts commit c94a212390.
The symbol BR2_PACKAGE_GOBJECT_INTROSPECTION_ARCH_SUPPORTS is kept, even
though it is now equivalent to BR2_PACKAGE_HOST_QEMU_ARCH_SUPPORTS,
because it's likely that architecture dependencies will pop up again in
the future.
The configuration of a previously failing autobuilder [1] now passes.
[1] http://autobuild.buildroot.org/results/668397b1df42297505e6fc8353c4752290a5628d
Signed-off-by: Adam Duskett <aduskett@rivian.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Other changes:
- Drop patch 0003-hw-usb-host-libusb.c-fix-build-with-kernel-5.0.patch as it
is part of 6.0.0.
- Rename 0004-meson-add-tests-option.patch to
0003-meson-add-tests-option.patch and refresh it for 6.0.0
Signed-off-by: Adam Duskett <aduskett@rivian.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Order of the `sed` expressions is important; when this was commited
to master, the order of the expressions from the original patch [1] was
changed, rendering the second expression to noop.
This made all the environment variables from the script to contain
absolute paths: long absolute paths makes verbose builds difficult
to read/follow.
We can take advantage of the fact that the PATH is updated and we
don't have to use absolute paths.
Fixed by reordering the `sed` expresions:
* first update the path of the binaries: e.g. 's%$(HOST_DIR)/bin/%%g'
* only then update remaining paths: e.g. 's%$(HOST_DIR)%\$$SDK_PATH%g'
[1] https://patchwork.ozlabs.org/project/buildroot/patch/20201027140140.47982-1-matthew.weber@rockwellcollins.com/
Signed-off-by: Mircea GLIGA <mgliga@bitdefender.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
openblas has options 'NO_STATIC' and 'NO_SHARED' to steer the installation
of libopenblas.a and libopenblas.so. But this does not impact anything in
the build process, other than copying the respective file to the output
directory.
As openblas is very large (e.g. 3MB on ARM) but applications may only use a
small part of it, such applications may want to link statically with
openblas, even though the global BR2_STATIC_LIBS is not set and not desired.
One approach would have been to introduce options
BR2_PACKAGE_OPENBLAS_BUILD_SHARED_LIB and
BR2_PACKAGE_OPENBLAS_BUILD_STATIC_LIB which could be freely selected
regardless of BR2_STATIC_LIBS / BR2_SHARED_LIBS.
But since the installation of a static library does not have any negative
impact except for some disk space on the host system (.a files are removed
from the target in target-finalize anyway), change the installation rules to
install the static library unconditionally.
NO_SHARED is still passed for static-libs-only systems, because the
dynamic library would unnecessarily take up target disk space for such
systems.
Users that only need the static library would still need to remove the
shared library from a post-build script to actually save space.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The "fb" framebuffer driver needs GPM (mouse support) to compile,
but not DirectFB or Xorg.
The .mk file already has an optional dependency on GPM, so it doesn't
need to be added there.
Also added a Kconfig comment for easier discovery of the GPM
requirement.
Signed-off-by: Urja Rannikko <urjaman@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Update to version 0.1.3, which is a matenance release which does not
add any new features but can be built against wlroots 0.13.0. A new
build option to toggle man pages is set to always disabled.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Enable using libseat for seat management when possible.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add commands to the seatd package to install the systemd unit included
in the source tarball and a SysV init script, and ensure that the
"video" group gets created.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[yann.morin.1998@free.fr:
- model the init script after package/busybox/S01syslogd
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Introduce a seatd package, which can be used by wlroots 0.12.0 and
newer. The package includes both a library (always built) and an
optional seat management daemon.
The library can use systemd-logind, the seatd daemon, or a simple
builtin in-process mode. Build options are introduced for the daemon
and the built-in mode, as to allow selecting the built-in mode as
default when both the daemon and systemd-logind are not being built.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Update wlroots to version 0.13.0. This is a release which changes
API/ABI, applications which use wlroots need to be rebuilt. Currently in
Buildroot there is only cage, to be updated by a follow-up patch of the
series.
Additionally, remove usage of the xcb-icccm build option, which is no
longer available and update the dependencies needed by the X11 support.
Note that the dependencies neded by the X11 backend are a superset of
the ones needed for XWayland support, so we can make toggle both Meson
options at once.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
poke bundle gnulib that doesn't support the case where
host_os='linux-uclibc'. When cross-compiling, the guessed
answers are mostly wrong and gnulib will try to replace
snprintf with rpl_snprintf. This lead to "undefined reference
to `rpl_snprintf'" errors.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Branches in the Rappberry Pi linux repository are often rebased, which
means that commits that are not reachable from a reference (tag,branch)
will eventually get garbage-collected.
This is probably what hapenned with the commit we are curently
referencing in our defconfig files.
Swith to using the current HEAD of the rpi-5.10.y brnch, in lieue of the
previous one.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since the mesa3d bump to version 21.0.3 [1], the
BR2_PACKAGE_MESA3D_DRI_DRIVER_SWRAST option is not supported anymore
since the mesa DRI swrast driver has been removed upstream
So, switch to Gallium swrast.
[1]15a2f9b819806d38a7d8172a20f80130b1d60e63
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Bump kernel to version 5.10.30-ti-r3.
- Bump U-Boot to version 2021.04.
Add mdev to the beaglebone_defconfig. This gives us automatic USB support,
as the omap2plus kernel has most drivers as modules.
While at it, enable VFPv3 with 32 registers (instead of 16) and add a few
comments to the defconfig.
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Cc: Lothar Felten <lothar.felten@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
For an unknown reason, gerbera fails to build with -Os and gcc 9 or 10
since bump to version 1.8.0 in commit 8974596836:
[100%] Linking CXX executable gerbera
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-gnu/10.2.0/../../../../x86_64-buildroot-linux-gnu/bin/ld: liblibgerbera.a(content_manager.cc.o): in function `ContentManager::_rescanDirectory(std::shared_ptr<AutoscanDirectory>&, int, std::shared_ptr<GenericTask> const&)':
content_manager.cc:(.text+0xb53b): undefined reference to `std::__shared_ptr<std::filesystem::__cxx11::_Dir, (__gnu_cxx::_Lock_policy)2>::swap(std::__shared_ptr<std::filesystem::__cxx11::_Dir, (__gnu_cxx::_Lock_policy)2>&)'
collect2: error: ld returned 1 exit status
A similar build failure has been reported as gcc bug 91067:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91067
But this bug has been fixed since gcc 9.3 and 10.1 and build failures
are raised with gcc 10.2
To fix this build failure, set optimisation to -O2 if needed
Fixes:
- http://autobuild.buildroot.org/results/a4ee8ad7ff93939716673b611c7cc3f68dafa3d0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The getrandom() detection from meson.build failes with the following error
message:
.../host/x86_64-buildroot-linux-uclibc/sysroot/usr/include/sys/random.h:27:35: error: unknown type name 'size_t'
27 | extern int getrandom(void *__buf, size_t count, unsigned int flags)
| ^~~~~~
.../host/x86_64-buildroot-linux-uclibc/sysroot/usr/include/sys/random.h:8:1: note: 'size_t' is defined in header '<stddef.h>'; did you forget to '#include <stddef.h>'?
Fix it by adding stddef.h include to the meson getrandom() detection.
Fixes:
- http://autobuild.buildroot.net/results/7e131bec458bf5c263ee1858d38ed5dc3cf704a6
../src/pipewire/impl-core.c:54:9: error: conflicting types for ‘getrandom’
54 | ssize_t getrandom(void *buf, size_t buflen, unsigned int flags) {
| ^~~~~~~~~
In file included from ../src/pipewire/impl-core.c:34:
.../host/x86_64-buildroot-linux-uclibc/sysroot/usr/include/sys/random.h:27:12: note: previous declaration of ‘getrandom’ was here
27 | extern int getrandom(void *__buf, size_t count, unsigned int flags)
| ^~~~~~~~~
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch adds support for the Globalscale EspressoBin Ultra, which is
an evolution of the EspressoBin family. Same SoC and switchcore, more
Ethernet ports, including one PoE PD port.
Tested-by: Atallah Amine <amine_atallah@outlook.com>
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Backport from upstream mailing list patch from Heiko Thiery which fixes
missing {name_to,open_by}_handle_at() on uclibc-ng < 1.0.35.
Drop patch from v5.8.0.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Specify that iostat 'package' has been removed to be consistent with
other entries
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit fd7312940a (Makefile: add new missing-cpe target) added the
rule to generate a set of files to update the NVD.
For an in-tree build, 'make clean' remove the output directory, so
those files are removed. But for an out-of-tree build, the output
directory is not removed, so those files still linger around after a
clean.
Explicitly remove them on clean, to cater for both cases.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Reviewed-by: Matthew Weber <matthew.weber@collins.com>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- CVE-2020-8696: Description: Improper removal of sensitive information
before storage or transfer in some Intel(R) Processors may allow an
authenticated user to potentially enable information disclosure via local
access
- CVE-2020-8698: Description: Improper isolation of shared resources in some
Intel(R) Processors may allow an authenticated user to potentially enable
information disclosure via local access
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html
License file updated with the new year, so change hash accordingly.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: explain license hash change]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
From the release notes:
================================================================================
Redis 6.2.3 Released Mon May 3 19:00:00 IST 2021
================================================================================
Upgrade urgency: SECURITY, Contains fixes to security issues that affect
authenticated client connections. LOW otherwise.
Read more on https://github.com/redis/redis/blob/6.2.3/00-RELEASENOTES
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Dick Olsson <hi@senzilla.io>
[yann.morin.1998@free.fr: drop files from patches not applied]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Boot a QEMU sbsa-ref machine with ATF, EDK2, GRUB2 and a minimal
kernel. This is a simple but effective test of a compliant setup.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This introduces a configuration for the SBSA reference machine under
QEMU that is intended for developing and testing firmware. It consists
of ATF that load EDK2 as BL33 which in turn will load GRUB2.
Included with the board files is a minimal kernel configuration, almost
identical to that of board/qemu/aarch64-virt/linux.config. The main
difference is the addition of ACPI which is preferred over DTB for
booting an UEFI system.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
EDK2 is a modern, feature-rich, cross-platform firmware development
environment for the UEFI and PI specifications.
The initial version of this bootloader package makes it possible to
build firmware for the following seven configurations:
* QEMU x86-64 pc machine
* QEMU aarch64 virt machine, booting directly from flash
* QEMU aarch64 virt machine, booting via the kernel protocol
* QEMU aarch64 sbsa-ref machine
* ARM FVP vexpress machine
* Socionext SynQuacer Developerbox
* SolidRun MacchiatoBin
Support the use of EDK2 UEFI payloads as BL33 in ARM Trusted Firmware.
Signed-off-by: Dick Olsson <hi@senzilla.io>
[yann.morin.1998@free.fr:
- duplicate defaults in Config.in
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
EDK2 firmware is usually built from two sources; the core EDK2
environment, and additional platform description files maintained
separately. This package adds the latter set of description files to
staging so that the core EDK2 package can build with these for certain
platforms during the building process.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Openssl implements lot of algorithms that are not required in some
emdedded devices and cyphers known as weak. Secure embedded systems
shall disable unused algorithms (and weak algo) in order to be
certified.
This patch allows to select weak algorithms and mecanims to enable
such as md5.
To ensure backward compatibility, all items are selected by default.
Signed-off-by: Erwan GAUTRON <erwan.gautron@bertin.fr>
[yann.morin.1998@free.fr:
- drop help texts that just repeat the prompts
- fix check-package
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When doing analysis it is helpful to be able to view what CVE have
been patched / diagnosed to not apply to Buildroot. This exposes
that list to the reporting and prevents a step where you have to
dig into the .mk's of a pkg to check for sure what has been
ignored.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: only set background if there are ignored CVEs]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
For cases of a CPE having a unknown version or when there hasn't
been a CPE verified, proposed a search criteria to help the
user research an update.
(libcurl has NIST dict entries but not this version)
cpe:2.3:a:haxx:libcurl:7.76.1:*:*:*:*:*:*:*
CPE identifier unknown in CPE database (Search)
(jitterentropy-library package doesn't have any NIST dict entries)
no verified CPE identifier (Search)
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: fix flake8 issues]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Update wayland to version 1.19.0, which mostly includes bug fixes and is
the minimum version required by wlroots 0.13.0
Patch "0001-build-add-option-to-disable-tests.patch" is updated as an
actual backport from upstream. Since upstream has migrated to meson, and
we've already switched too, drop the autostuff hunks.
Patch "0002-meson-do-not-check-for-c.patch" is replaced by a newer one,
"0002-meson-only-require-cpp-for-tests.patch" which was accepted by
upstream as an improved version of it.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[yann.morin.1998@free.fr:
- do actual backports of upstream patches now they've been merged
- consequently, drop the legacy autostuff hunks from first patch
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This script queries the list of CPE IDs for the packages of the
current configuration (based on the "make show-info" output), and:
- for CPE IDs that do not have any matching entry in the CPE
database, it emits a warning
- for CPE IDs that do have a matching entry, but not with the same
version, it generates a snippet of XML that can be used to propose
an updated version to NIST.
Ref: NIST has a group email (cpe_dictionary@nist.gov) used to
recieve these version update and new entry xml files. They do
process the XML and provide feedback. In some cases they will
propose back something different where the vendor or version is
slightly different.
Limitations
- Currently any use of non-number version identifiers isn't
supported by NIST as they use ranges to determine impact
of a CVE
- Any Linux version from a non-upstream is also not supported
without manually adjusting the information as the custom
kernel will more then likely not match the upstream version
used in the dictionary
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr:
- codestyles as spotted by Arnout
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2021-21252: The jQuery Validation Plugin provides drop-in
validation for your existing forms. It is published as an npm package
"jquery-validation". jquery-validation before version 1.19.3 contains
one or more regular expressions that are vulnerable to ReDoS (Regular
Expression Denial of Service).
Update hash of README.md due to changes not related to license
https://github.com/jquery-validation/jquery-validation/releases/tag/1.19.3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This reverts commit 7aa9b9041d.
libbluray before 1.3.0 does not properly detect libudfread, because it
checks for the incorrect name (it asks pkg-config for udfread instead of
libudfread). So, even with the dependency, it would miss it.
Reported-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Security
========
* sshd(8): OpenSSH 8.5 introduced the LogVerbose keyword. When this
option was enabled with a set of patterns that activated logging
in code that runs in the low-privilege sandboxed sshd process, the
log messages were constructed in such a way that printf(3) format
strings could effectively be specified the low-privilege code.
An attacker who had sucessfully exploited the low-privilege
process could use this to escape OpenSSH's sandboxing and attack
the high-privilege process. Exploitation of this weakness is
highly unlikely in practice as the LogVerbose option is not
enabled by default and is typically only used for debugging. No
vulnerabilities in the low-privilege process are currently known
to exist.
https://www.openssh.com/txt/release-8.6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Currently, mender-grubenv unconditionally installs files from the
$(TARGET_DIR)/boot/EFI directory to the $(BINARIES_DIR)/efi-part.
This fails on systems that are not building grub against EFI.
Add a check in mender-grubenv.mk to ensure the files are copied to the correct
location if EFI is not selected.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add jh71xx-tools as a new host package, it includes a tool that allows
to recover the bootloader of JH71xx-based platforms, such as the
BeagleV.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[yann.morin.1998@free.fr:
- fix alphabetical order, spotted by Bin
- use LICENSE as license file, update license hash accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add two upstream patches fixing host gcc-11.x compile.
Fixes:
- https://bugs.busybox.net/show_bug.cgi?id=13806
In file included from ../include/pthread.h:1,
from ../sysdeps/nptl/thread_db.h:25,
from ../nptl/descr.h:32,
from ../sysdeps/x86_64/nptl/tls.h:130,
from ../sysdeps/generic/libc-tsd.h:44,
from ./localeinfo.h:224,
from programs/ld-ctype.c:37:
../sysdeps/nptl/pthread.h:734:47: error: argument 1 of type ‘struct __jmp_buf_tag *’ declared as a pointer [-Werror=array-parameter=]
734 | extern int __sigsetjmp (struct __jmp_buf_tag *__env, int __savemask) __THROWNL;
| ~~~~~~~~~~~~~~~~~~~~~~^~~~~
In file included from ../include/setjmp.h:2,
from ../nptl/descr.h:24,
from ../sysdeps/x86_64/nptl/tls.h:130,
from ../sysdeps/generic/libc-tsd.h:44,
from ./localeinfo.h:224,
from programs/ld-ctype.c:37:
../setjmp/setjmp.h:54:46: note: previously declared as an array ‘struct __jmp_buf_tag[1]’
54 | extern int __sigsetjmp (struct __jmp_buf_tag __env[1], int __savemask) __THROWNL;
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- CVE-2021-32918: DoS via insufficient memory consumption controls
It was discovered that default settings leave Prosody susceptible to
remote unauthenticated denial-of-service (DoS) attacks via memory
exhaustion when running under Lua 5.2 or Lua 5.3. Lua 5.2 is the default
and recommended Lua version for Prosody 0.11.x series.
- CVE-2021-32920: DoS via repeated TLS renegotiation causing excessive CPU
consumption
It was discovered that Prosody does not disable SSL/TLS renegotiation,
even though this is not used in XMPP. A malicious client may flood a
connection with renegotiation requests to consume excessive CPU resources
on the server.
- CVE-2021-32921: Use of timing-dependent string comparison with sensitive
values
It was discovered that Prosody does not use a constant-time algorithm for
comparing certain secret strings when running under Lua 5.2 or later.
This can potentially be used in a timing attack to reveal the contents of
secret strings to an attacker.
- CVE-2021-32917: Use of mod_proxy65 is unrestricted in default
configuration
mod_proxy65 is a file transfer proxy provided with Prosody to facilitate
the transfer of files and other data between XMPP clients.
It was discovered that the proxy65 component of Prosody allows open access
by default, even if neither of the users have an XMPP account on the local
server, allowing unrestricted use of the server’s bandwidth.
- CVE-2021-32919: Undocumented dialback-without-dialback option insecure
The undocumented option ‘dialback_without_dialback’ enabled an
experimental feature for server-to-server authentication. A flaw in this
feature meant it did not correctly authenticate remote servers, allowing a
remote server to impersonate another server when this option is enabled.
For more details, see the advisory:
https://prosody.im/security/advisory_20210512/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Extend docker_compose_test() to expose /bin on the host to the container
through a volume mount and verify that /bin/busybox can be downloaded and
contains the right data.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Extend docker_test() to expose a random (8888) port to verify that doesn't
fail, and extend the docker-compose test to run the busybox httpd in the
background, expose that as port 80 and verify that /etc/resolv.conf could be
fetched by wget.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
docker-engine 20.10.6 broke container port forwarding for hosts without IPv6
support:
docker: Error response from daemon: driver failed programming external
connectivity on endpoint naughty_moore
(038e9ed4b5ea77e1c52462d6d04ad001fbad9beb185a6511aadc217c8a271608): Error
starting userland proxy: listen tcp6 [::]:80: socket: address family not
supported by protocol.
Add a libnetwork patch from an upstream pull request to fix this, after
adjusting the patch to apply to docker-engine (which has libnetwork vendored
under vendor/github.com/docker/libnetwork):
- https://github.com/moby/libnetwork/pull/2635,
- https://github.com/moby/moby/pull/42322
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-28899: Vulnerability in the
AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession,
and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession
subclasses in Networks LIVE555 Streaming Media before 2021.3.16.
http://live555.com/liveMedia/public/changelog.txt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenTyrian was previously managed in a Mercurial repository hosted on
Bitbucket. Mid-2020, Bitbucket shut off all its Mercurial repositories:
https://bitbucket.org/blog/sunsetting-mercurial-support-in-bitbucket
Since then, OpenTyrian's source code is inacessible, but we have had no
build failure associated as there is an old archive hosted on s.b.o, so
that all builds fallback to downloading that:
http://sources.buildroot.net/opentyrian/opentyrian-9c9f0ec3532b.tar.gz
However, the project has been revived (kinda) on github:
https://github.com/opentyrian/opentyrian
Git commit cf5dbeb69eebd9ef9afc4473088d9469b79589eb has been found to
be the closest, both in content and date, to the Mercuail reference
9c9f0ec3532b we were using. The only deltas are in Mercurial-specific
files:
b/.hg_archival.txt | 5 0 5 0 -----
b/.hgtags | 2 1 1 0 +-
2 files changed, 1 insertion(+), 6 deletions(-)
While at it, add a hash file.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Julien Boibessot <julien.boibessot@armadeus.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The comment dependencies need to be the inverse of the package
dependencies (fixes comment shown in menuconfig even if the package
is available).
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The comment dependencies need to be the inverse of the package
dependencies (fixes comment shown in menuconfig even if the package
is available).
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The python2 support has been removed since the python-colorzero bump version to 2.0.
Remove the gpiozero test with python2
[1] 73bf3292e1
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With the addition of support for custom opensbi version in commit
5c7166d387 (boot/opensbi: add support for version configuration), we can no
longer be sure that the license file name / hash will be correct in all
cases, so only specify COPYING.BSD when _LATEST_VERSION is used, similar to
how we do it for the Linux kernel.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With the addition of support for custom opensbi version in commit
5c7166d387 (boot/opensbi: add support for version configuration), we can no
longer be sure that the Buildroot patches can be applied - So move them to a
0.9 subdir to ensure they are only applied when the _LATEST_VERSION is used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Telnet logging is an optional feature that's disabled by default.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ftp links do not seem to be accessible anymore. Replace them with http.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 3b551f68a5 (boot/beaglev-ddrlnit: rename to beaglev-ddrinit to
match renamed upstream repo) forgot to update the include in boot/Config.in,
breaking menuconfig.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Create a new user 'sudotest' to validate that sudo really works (i.e.
properly has setuid).
Creating the user and adding it to sudoers is done at runtime, otherwise
we'd need to add extra files to the config which complicates things a
little bit.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Bump kernel to version 5.12.2.
- Bump U-Boot to version 2021.04.
While at it, switch U-Boot to the Kconfig build system and add some more
comments to the defconfig.
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Bump kernel to version 5.12.2.
- Bump U-Boot to version 2021.04.
While at it, enable VFPv3 with 32 registers (instead of 16) and add a few
comments to the defconfig.
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When building host-cryptsetup, if tmpfiles.d support is enabled then the
install step tries to install /usr/lib/tmpfiles.d/cryptsetup.conf
globally on the host system.
Even if the tmpfiles.d config were installed correctly in the host
directory, nothing would ever run these rules, so disable this feature
via configure.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-31525: ReadRequest and ReadResponse in net/http can hit an
unrecoverable panic when reading a very large header (over 7MB on 64-bit
architectures, or over 4MB on 32-bit ones). Transport and Client are
vulnerable and the program can be made to crash by a malicious server.
Server is not vulnerable by default, but can be if the default max header
of 1MB is overridden by setting Server.MaxHeaderBytes to a higher value,
in which case the program can be made to crash by a malicious client.
https://github.com/golang/go/issues/45710
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- bpo-43434: Creating a sqlite3.Connection object now also produces a
sqlite3.connect auditing event. Previously this event was only produced
by sqlite3.connect() calls. Patch by Erlend E. Aasland.
- bpo-43882: The presence of newline or tab characters in parts of a URL
could allow some forms of attacks.
Following the controlling specification for URLs defined by WHATWG
urllib.parse() now removes ASCII newlines and tabs from URLs, preventing
such attacks.
- bpo-43472: Ensures interpreter-level audit hooks receive the
cpython.PyInterpreterState_New event when called through the
_xxsubinterpreters module.
- bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4
address strings. Leading zeros are ambiguous and interpreted as octal
notation by some libraries. For example the legacy function
socket.inet_aton() treats leading zeros as octal notatation. glibc
implementation of modern inet_pton() does not accept any leading zeros.
For a while the ipaddress module used to accept ambiguous leading zeros.
- bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability
in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex
has quadratic worst-case complexity and it allows cause a denial of
service when identifying crafted invalid RFCs. This ReDoS issue is on the
client side and needs remote attackers to control the HTTP server.
- bpo-42800: Audit hooks are now fired for frame.f_code, traceback.tb_frame,
and generator code/frame attribute access.
https://www.python.org/downloads/release/python-395/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit extends the beaglev_defconfig and its documentation to
build the low-level firmware, and to explain how to reflash it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[yann.morin.1998@free.fr: use typoed-name for beaglev-ddrlnit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This packages allows to build the first stage bootloader used on the
BeagleV, which is used even before the DDR initialization and
OpenSBI/U-Boot. Yes, "secondboot" is strange for what is the first
stage bootloader, but that's the upstream name.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[yann.morin.1998@free.fr:
- add hash file
- commit is HEAD only right now, so don't reference HEAD
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit adds a package for the DDR initialization code used on the
BeagleV platform.
The typo in the package name is upstream's typo, and we just keep it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[yann.morin.1998@free.fr:
- upstream name is beaglev_ddrlnit, not *init (keep their typo)
- rename package and variables accordingly
- the referenced commit is no longer the HEAD of said branch
- add a hash file
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit adds a new package for a prebuilt bare-metal toolchain for
RISC-V 64-bit. Indeed, some bootloader/firmware for the BeagleV (and
potentially later for other platforms?) do not build with a
Linux-capable toolchain.
This uses a pre-built toolchain from SiFive, precompiled for x86-64,
so all packages using this toolchain must have the appropriate
BR2_HOSTARCH dependency.
This package is modeled after package/arm-gnu-a-toolchain/, which
package a pre-built ARM32 bare-metal toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit introduces support for the RISC-V based BeagleV platform,
which uses a Starfive JH7100.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
[yann.morin.1998@free.fr: use: eval $(make printvars)]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Until now, whenever a BR2_TARGET_OPENSBI_PLAT value was specified,
opensbi.mk was assuming that both fw_jump and fw_dynamic would be
produced. However, this is not the case: the OpenSBI per-platform
config.mk can decide which image to build.
As an example, the config.mk for VIC7100-based BeagleV only enables
producing the fw_payload image.
This commit adds three options to enable the installation of images:
one for fw_jump, one for fw_dynamic, one for fw_payload.
The options for fw_jump and fw_dynamic are "default y" when
BR2_TARGET_OPENSBI_PLAT is not empty, to preserve existing behavior.
The option for fw_payload is forcefully selected when either Linux or
U-Boot are selected as payloads.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 057e27029c (package/openjdk{, -bin}: bump latest to version
16.0.1+9) partially switched over to using the Github repository (which
is the new official publication channel for OpenJDK).
However, only the JDK16 was switched, because of concerns about a change
in the hash of Github-generated archives for the JDK11, due to a missing
Hg-related file on Github.
But as Arnout put it:
There's a trivial workaround: drop OPENJDK_SOURCE = .... That way,
the tarball name becomes openjdk-... instead of jdk-... and it's a
different file.
There is indeed no good reason to force a non-default filename for the
archive, so we do drop it.
As a consequence, we can fully switch over to Github for openjdk, using
the new version scheme. Of course the hash changes, but it is a new
file, so that's OK.
The filename for the JDK16 changes, but the content does not change, so
the hash does not change.
For consistency, the version scheme is also applied to openjdk-bin. Even
though it was already using Github, using that new version scheme also
allows to commonalise the variables too. The archives are the exact
same: no change in filename or content, so no hash to fixup.
Reported-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
cc: Adam Duskett <aduskett@gmail.com>
Tested-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Django 3.0.x is EOL, so move to 3.2.x which is the new LTS release. For
details of the changes and update instructions, see the announcement:
https://www.djangoproject.com/weblog/2021/apr/06/django-32-released/
Fixes the following security issues:
- CVE-2021-30459 - SQL Injection via Select, Explain and Analyze forms of
the SQLPanel for Django Debug Toolbar >= 0.10.0
With Django Debug Toolbar 0.10.0 and above, attackers are able to execute
SQL by changing the raw_sql input of the SQL explain, analyze or select
forms and submitting the form. This is a high severity issue for anyone
using the toolbar in a production environment. Generally the Django Debug
Toolbar team only maintains the latest version of django-debug-toolbar,
but an exception was made because of the high severity of this issue.
The GitHub Security Advisory can be found here:
https://github.com/jazzband/django-debug-toolbar/security/advisories/GHSA-pghf-347x-c2gj
- CVE-2021-31542: Potential directory-traversal via uploaded files
MultiPartParser, UploadedFile, and FieldFile allowed directory-traversal
via uploaded files with suitably crafted file names.
In order to mitigate this risk, stricter basename and path sanitation is
now applied. Specifically, empty file names and paths with dot segments
will be rejected.
This issue has low severity, according to the Django security policy.
- CVE-2021-32052: Header injection possibility since URLValidator accepted
newlines in input on Python 3.9.5+
On Python 3.9.5+, URLValidator didn't prohibit newlines and tabs. If you
used values with newlines in HTTP response, you could suffer from header
injection attacks. Django itself wasn't vulnerable because HttpResponse
prohibits newlines in HTTP headers.
Moreover, the URLField form field which uses URLValidator silently removes
newlines and tabs on Python 3.9.5+, so the possibility of newlines
entering your data only existed if you are using this validator outside of
the form fields.
This issue was introduced by the bpo-43882 fix.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sometimes, post-build or post-image scripts need to reinvoke
Buildroot's make, for example to execute "make printvars".
However, so far post-build/image/fakeroot can't trivially run printvars
in a way that worked for both in-tree and out-of-tree builds. Indeed:
* "make printvars" would work for in-tree builds, but not out of tree
builds
* "make -C ${O} printvars" would work for out-of-tree builds, but not
in-tree builds
* "make -C ${BR2_CONFIG%/*} printvars" works in both cases, but it is
a bit cryptic, and two maintainers did not even immediately think of
it
In order to solve this, this commit exposes $(CONFIG_DIR) to
post-build/image/fakeroot scripts, through the EXTRA_ENV variable.
The documentation is updated accordingly.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr:
- reference BR2_CONFIG as an exemple
- slightly reword the commit log accordingly
- move the doc for CONFIG_DIR next to that of BR2_CONFIG
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Email addresses are all live and some of us will start contributing
with the new collins.com domain.
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When introducing OpenJDK to buildroot, the OpenJDK project did not put
releases on their GitHub page. Since then, the OpenJDK developers have
not only added OpenJDK releases to Github, they are starting to phase
out adding releases to their public-facing mercurial repository.
Compare the following URLs:
https://wiki.openjdk.java.net/display/JDKUpdates/JDK+14uhttps://wiki.openjdk.java.net/display/JDKUpdates/JDK+15uhttps://wiki.openjdk.java.net/display/JDKUpdates/JDK+16u
With JDK14, only the mercurial repository is listed. With OpenJDK15,
both the GitHub and mercurial repository are listed. Finally, with
OpenJDK16, only the GitHub repository is listed.
For consistency's sake, and for the version bump of JDK latest from 14
to 16 do the following:
- Change the repository for OpenJDK14 to point to the official GitHub
repository,
- In order to simplify and reuse the GitHub URL, modify the
OPENJDK_VERSION_MAJOR and OPENJDK_VERSION_MINOR definitions to only
include a single number for the MAJOR definition.
- Change openjdk-bin.mk to also use the same format as the openjdk.mk
file
Unfortunately, we can't yet do the switch for OpenJDK11: the Github
repository is missing a Mercurial-related file, so that the archive
for OpenJDK11 11.0.11+9 would change from the one we already have on
s.b.o and that people would alreay have locally, and we'd have a hash
mismatch, either on master, or on all pur previous relases. OpenJDK11
just got a new release mere hours ago (as of this writing), but it
hasn't yet trickled down to AdoptOpenJDK/openjdk11-binaries, so we
can't do the bump just yet...
Add a note to the OpenJDK11 case, to prepare the migration to Github
with the next version bump.
Finally, remove upstreamed patch 0001-fix-gcc-10-support.patch as it's
no longer needed.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[yann.morin.1998@free.fr:
- meld the github switch and 14->16 bump together
- drop the github switch for 11 9because hash mismatch)
- expand commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This will fix a build failure with gcc 10
- Update indentation in hash file (two spaces)
- Drop INSTALL_SYSCONFDIR, INSTALL_WEBROOTDIR and WITH_SYSTEM_MALLOC
(not available since
https://github.com/monkey/monkey/commit/df145932e33fca0d4a1dcd9d7675f996c8e6a73b)
- Set WITHOUT_HEADERS to ON because headers are not needed and to avoid
the following build failure:
CMake Error at include/cmake_install.cmake:46 (file):
file INSTALL cannot find
"/home/fabrice/buildroot/output/build/monkey-f54856ce250c4e25735434dc75717a4b7fbfc45b/include/mk_core.h":
No such file or directory.
Call Stack (most recent call first):
cmake_install.cmake:69 (include)
Upstream is aware than the lack of release is an issue but no comments
since 2018: https://github.com/monkey/monkey/issues/276
Fixes:
- http://autobuild.buildroot.org/results/0b723937ca048228082d040100f6e6324ac8300b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
spa (i.e. plugins which can be disabled but also tools which can't be
disabled) fails to build on gcc 4.8 since bump to version 0.3.26 in
commit a6d88d3ba5:
In file included from ../spa/include/spa/pod/builder.h:34:0,
from ../spa/include/spa/param/audio/format-utils.h:34,
from ../spa/plugins/audioconvert/test-audioadapter.c:36:
../spa/include/spa/utils/hook.h:57:50: error: initializer element is not constant
#define SPA_CALLBACKS_INIT(_funcs,_data) (struct spa_callbacks){ _funcs, _data, }
^
Fixes:
- http://autobuild.buildroot.org/results/e7a36ec7166a287667572e5140685e6371a9f107
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Kernel 4.16.7 is old enough to produce the "multiple definition of `yylloc'"
error which is fixed in newer versions.
Bump the test kernel version from 4.16.7 to 5.10.34 to prevent this error wwhen
building the test image.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
containerd is now an independent project from Docker.
This commit renames the Buildroot package from docker-containerd to containerd,
adding a entry in Config.in.legacy accordingly.
containerd is an industry-standard container runtime with an emphasis on
simplicity, robustness and portability. It is available as a daemon for Linux
and Windows, which can manage the complete container lifecycle of its host
system: image transfer and storage, container execution and supervision,
low-level storage and network attachments, etc.
https://containerd.io
Signed-off-by: Christian Stewart <christian@paral.in>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout:
- fix alphabetical ordering in package/Config.in
- also do rename in DEVELOPERS
- squash in second patch
]
Since bump to version 3.09 in commit
28b4947ed8, build fails on:
[100%] Linking CXX shared library libBulletRoboticsGUI.so
/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc64-buildroot-linux-gnu/9.3.0/../../../../sparc64-buildroot-linux-gnu/bin/ld: cannot find -lBulletExampleBrowserLib
Upstream is aware of this issue and recommends to avoid changing any
options: https://github.com/bulletphysics/bullet3/issues/3143
So don't disable bullet3 and demos apps ...
Fixes:
- http://autobuild.buildroot.org/results/1721df8b0859656f7420b0b166d1ca635e5ddc74
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: remove the options instead of setting to ON]
Fixes:
.../x86_64-buildroot-linux-gnu/bin/ld: .../host/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libtomcrypt.a(md5.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC
when building a shared library that links with libtomcrypt. Our only
internal user dropbear doesn't do this, so there are no autobuilder
failures.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- Bump kernel to version 5.11.16.
We remove the hardcoded ttyAMA0 and rely on the firmware to discover our
console. This enables serial console on systems, which do not have an Arm
pl011 UART.
We switch to GPT disklabel and discover our root filesystem using its
PARTLABEL. This enables booting from more media, such as HDD, SD card or
USB.
We update the readme, which hinted that ACPI was mandatory. This is not
strictly the case as we can also boot with a dtb and/or a U-Boot based
firmware, with no ACPI. While at it, mention EBBR, SystemReady and explain
how to build and use a U-Boot-based qemu firmware.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Erico Nunes <nunes.erico@gmail.com>
Reviewed-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Test that the TAICLOCK and TCP servers are working.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: indent config lines more]
Test that s6-rc service database compilation is working.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: indent config lines more]
Test that a few basis utilities are working.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: indent config lines more]
Test that directory scanning and supervision is working.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: properly indent, and use textwrap to dedent again.]
Test that the interpreter can run a basic command.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: indent config lines more]
The skaware packages are frequently used as the init system and service
management for machines. Therefore it is more logical to install these
packages to the root prefix.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Enhance security by enabling FORTIFY_SOURCE, PIC/PIE, RELRO and SSP by
default.
For SSP, SSP-all can have a significant impact on performance, so we do
not want to enable that unconditionally; instead we use SSP-strong if
available (since gcc-4.9), and resort to SSP-regular otherwise. People
who really, like really-really want to use SSP-all will still have to
enable it explicitly.
For FORTIFY, level 2 may change the behaviour of some glibc functions,
so may crash conforming programs, so may have adverse effects. As such,
we choose level 1 as the default, as it does not change the behaviour
of any function.
This could help making IoT more secure and fight against the assumption
that buildroot does not support binary hardening (see
https://cyber-itl.org/2019/08/26/iot-data-writeup.html)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- relax SSP to strong when available, regular otherwise
- extend commit log to explain why SSP-all is not used
- extend commit log to explain why FORTIFY level 2 is not used
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This package is not maintained anymore and even upstream site is dead.
As iostat can also be provided by sysstat, just drop the package.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes various networking issues:
- Fix a regression in docker 20.10, causing IPv6 addresses no longer to be
bound by default when mapping ports moby/moby#42205
- Fix implicit IPv6 port-mappings not included in API response. Before
docker 20.10, published ports were accessible through both IPv4 and IPv6
by default, but the API only included information about the IPv4 (0.0.0.0)
mapping moby/moby#42205
- Fix a regression in docker 20.10, causing the docker-proxy to not be
terminated in all cases moby/moby#42205
- Fix iptables forwarding rules not being cleaned up upon container removal
moby/moby#42205
For more details, see the release notes:
https://docs.docker.com/engine/release-notes/#20106
Signed-off-by: Mario Fink <knif.oiram@gmail.com>
Tested-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The imx-uuc package was only selectable on 32-bit arm targets; this
patch allows aarch64 targets such as i.MX8 to select the package
and use the ufb for fastboot support against the mfgtools "uuu".
Also bumping to latest upstream commit before uuc is removed from the
standard build, from
https://github.com/NXPmicro/imx-uuc
Tested on i.MX8QXP.
Signed-off-by: Charles Hardin <ckhardin@gmail.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop first patch and pass -fPIC to configure to fix the following build
failure on ARC:
ERROR: architecture for "/usr/lib/libdmalloc.so" is "ARCompact", should be "ARCv2"
ERROR: architecture for "/usr/lib/libdmallocth.so" is "ARCompact", should be "ARCv2"
ERROR: architecture for "/usr/lib/libdmallocthcxx.so" is "ARCompact", should be "ARCv2"
ERROR: architecture for "/usr/lib/libdmallocxx.so" is "ARCompact", should be "ARCv2"
This build failure is due to the following configure error:
checking shared library link args... ./configure: line 4467: 10229 Segmentation fault ( ${LD-ld} -shared --whole-archive -soname conftest.so -o conftest.so.t conftest.a ) 2>&5
/home/buildroot/autobuild/run/instance-0/output-1/host/bin/arc-buildroot-linux-gnu-ld -G -o $@.t
This configure error is due to missing -fPIC:
configure:4392: checking shared library link args
configure:4398: /home/buildroot/autobuild/run/instance-0/output-1/host/bin/arc-buildroot-linux-gnu-gcc -c -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g2 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 conftest.c >&5
configure:4404: $? = 0
configure:4408: test -z
|| test ! -s conftest.err
configure:4411: $? = 0
configure:4414: test -s conftest.o
configure:4417: $? = 0
/home/buildroot/autobuild/run/instance-0/output-1/host/bin/arc-buildroot-linux-gnu-ld: conftest.a(conftest.o): relocation R_ARC_32_ME against `__stack_chk_guard' can not be used when making a shared object; recompile with -fPIC
/home/buildroot/autobuild/run/instance-0/output-1/host/bin/arc-buildroot-linux-gnu-ld: BFD (GNU Binutils) 2.33.50.20191002 assertion fail elf32-arc.c:1805
/home/buildroot/autobuild/run/instance-0/output-1/host/bin/arc-buildroot-linux-gnu-ld: unrecognized option '-all'
/home/buildroot/autobuild/run/instance-0/output-1/host/bin/arc-buildroot-linux-gnu-ld: use the --help option for usage information
configure:4475: result: /home/buildroot/autobuild/run/instance-0/output-1/host/bin/arc-buildroot-linux-gnu-ld -G -o $@.t
Fixes:
- http://autobuild.buildroot.org/results/65677d889c27649e1f3ca1f3b6c70df7c89779f6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The poppler package failed to build for me with errors such as this one:
host/aarch64-buildroot-linux-gnu/include/c++/10.3.0/cstdlib:75:15: fatal error: stdlib.h: No such file or directory
75 | #include_next <stdlib.h>
| ^~~~~~~~~~
Changing the CMake option to a link-specific one fixes the issue.
Also change other packages with the same issue: cutelyst, gerbera,
kf5-modemmanager-qt, kodi and wampcc.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issues:
- A malformed incoming IXFR transfer could trigger an assertion failure in
named, causing it to quit abnormally. (CVE-2021-25214)
- named crashed when a DNAME record placed in the ANSWER section during
DNAME chasing turned out to be the final answer to a client query.
(CVE-2021-25215)
- When a server's configuration set the tkey-gssapi-keytab or
tkey-gssapi-credential option, a specially crafted GSS-TSIG query could
cause a buffer overflow in the ISC implementation of SPNEGO (a protocol
enabling negotiation of the security mechanism used for GSSAPI
authentication). This flaw could be exploited to crash named binaries
compiled for 64-bit platforms, and could enable remote code execution when
named was compiled for 32-bit platforms. (CVE-2021-25216)
For more details, see the release notes:
https://downloads.isc.org/isc/bind9/9.11.31/RELEASE-NOTES-bind-9.11.31.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Update the selection of the ahab container image to use based upon
a choice in the Config.in - there are multiple ASIC revisions that
use AHAB and the firmware images need to match. This extends the
support beyond a default image for just the imx8 amd imx8x based
upon the current contents of the imx-seco firmware extraction.
Files from 3.7.4:
mx8dxla0-ahab-container.img
mx8dxla1-ahab-container.img
mx8qmb0-ahab-container.img
mx8qxb0-ahab-container.img
mx8qxc0-ahab-container.img
The original defaults prior to this patch were mx8qmb0 for IMX8
and mx8qxb0 for the IMX8X selections. However, this patch will
change the default selection of the IMX8X from the B0 option to
C0 because the IMX8X C0 HW variant is widespread and the current
release of hardware silicon. Because there are still B0's in
circulation an option is being kept for that as well.
Signed-off-by: Charles Hardin <ckhardin@gmail.com>
[yann.morin.1998@free.fr: 1 minor code style]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Update patch added by commit 183d583fb5 to
use pkg-config instead of linking with zlib to fix the following static
build failure with a bzip2-enabled libmagic:
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arc-buildroot-linux-uclibc/9.3.1/../../../../arc-buildroot-linux-uclibc/bin/ld: /home/buildroot/autobuild/instance-1/output-1/host/arc-buildroot-linux-uclibc/sysroot/usr/lib/libmagic.a(compress.o): in function `uncompressbuf':
compress.c:(.text+0x422): undefined reference to `BZ2_bzDecompressInit'
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arc-buildroot-linux-uclibc/9.3.1/../../../../arc-buildroot-linux-uclibc/bin/ld: compress.c:(.text+0x422): undefined reference to `BZ2_bzDecompressInit'
Fixes:
- http://autobuild.buildroot.org/results/4c511c02e4c63b35ecf77a2658f88e8a0d9dbb4d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Commit 5871e278f8 (package/openjdk{, -bin}: security bump to version
11.0.11_9) forgot to account for the openjdk patch in the versioned
directory.
That patch was a collection of backports from upstream ,that are now all
present in 11.0.11+9, so drop that patch.
Fixes: 5871e278f8
Reported-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The e2scrib tool has various requirements:
- e2scrub and its associated helpers, are bash scripts
- e2scrub_all depends on coreutils' readlink; busybox readlink is
missing some options:
readlink: invalid option -- 'e'
- by design, e2scrub only works on an LVM volume
Add an option to enable e2scrub. This is probably seldom used, so it
does not warrant the usual dance about BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
and selecting the tools; we can just depend on the required tools.
Signed-off-by: Tian Yuanhao <tianyuanhao@aliyun.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr:
- add a kconfig option like for other tools
- move the conditions to that new option
- reword the commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The opensbi package already allows to use Linux as a payload for
OpenSBI, but in some cases, U-Boot as payload is useful. This commit
adds a BR2_TARGET_OPENSBI_UBOOT_PAYLOAD option, modeled after the
existing BR2_TARGET_OPENSBI_LINUX_PAYLOAD.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenSBI contains platform-specific code, so very much like Linux,
U-Boot or other bootloaders, using the upstream version of OpenSBI
will very often not be sufficient.
This commit therefore adds the possibility of specifying a custom
version of OpenSBI, either custom from upstream, custom tarball, or
custom from Git. Support for other version control systems has not
been implemented for now, but could be added later if needed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As recently discussed on the list:
http://lists.busybox.net/pipermail/buildroot/2021-April/308373.html
Packages like mkpimage where the source code is included in the Buildroot
tree, currently doesn't use an extract step (which also skips the patch
step), so they cannot be patched by a patch in BR2_GLOBAL_PATCH_DIR (or the
pkgdir), which is a bit confusing.
As a fix, add a simple extract step that copies the source file to the build
directory, so the patch step gets run as well.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As recently discussed on the list:
http://lists.busybox.net/pipermail/buildroot/2021-April/308373.html
Packages like mkpasswd where the source code is included in the Buildroot
tree, currently doesn't use an extract step (which also skips the patch
step), so they cannot be patched by a patch in BR2_GLOBAL_PATCH_DIR (or the
pkgdir), which is a bit confusing.
As a fix, add a simple extract step that copies the source files to the
build directory, so the patch step gets run as well.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As recently discussed on the list:
http://lists.busybox.net/pipermail/buildroot/2021-April/308373.html
Packages like makedevs where the source code is included in the Buildroot
tree, currently doesn't use an extract step (which also skips the patch
step), so they cannot be patched by a patch in BR2_GLOBAL_PATCH_DIR (or the
pkgdir), which is a bit confusing.
As a fix, add a simple extract step that copies the source file to the build
directory, so the patch step gets run as well.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 32c10f256b
introduced extra space so let's remove that in
order to be consistent with other variables.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add mention about nitrogen8mp_defconfig which is meant for our
Nitrogen8MPlus SOM device.
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 54d3d94b6e broke the 'hg' download
method, in a similar way as it broke the 'git' download method (later fixed
with commit b70ce56651), by introducing extra
output on stdout in a case where the output is redirected.
In the case of 'hg', the 'hg archive' step uses shell redirection rather
than directly letting hg write the output file, since commit
76b51f90c0.
As a result, the extra print added by the _hg function is prepended to the
actual archive, causing an invalid archive.
Fix by using the _plain_hg function instead. The disadvantage is that the
command for 'hg archive' is no longer printed.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issue for the internal TLS backend:
- CVE-2021-30004: In wpa_supplicant and hostapd 2.9, forging attacks may
occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c
and tls/x509v3.c.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue for the internal TLS backend:
- CVE-2021-30004: In wpa_supplicant and hostapd 2.9, forging attacks may
occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c
and tls/x509v3.c.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Let's use the _BUG_ form for disabling this package instead of BR2_nios2
architecture as we already use it for other packages.
Propagate this dependency to postgis. Also add the missing dependency on
bug 21464 to postgis.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout:
- put 27597 after 21464 instead of before it;
- propagate dependency to postgis;
- mention the bugs in the comments.
]
- Same version as NXP release 5.10.9-1.0.0
- No changelog provided by NXP
- Tested on Nitrogen8M device with Weston (DRM backend) as follows:
# cd /usr/share/examples/viv_samples/vdk/
# ./tutorial7
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- To latest v2020.10 rev (e05b6d68)
-> added 8MP A1 silicon support
-> fixed 8MP HAB support
-> added display support for all 8M platforms
- Bump ATF to boundary-imx_5.4.70_2.3.0
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Add support for 8M Plus CPU (A1 and A0 silicon)
- Simplify cpu type parsing
- Update to be closer to Yocto counterpart
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
resync the version with glibc package.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This is required when building weston against the latest pipewire
release.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
diff LICENSE:
-This software is copyright (c) 2018 by Ben van Staveren.
+This software is copyright (c) 2021 by Ben van Staveren.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since its introduction in commit
b05e74ff92 in 2013, numactl has had an
explicit list of architectures that it supports. Interestingly, this
list does not include ARM, and now that rt-tests unconditionally needs
numactl, it meant the rt-tests package was no longer available on ARM.
Further investigation revealed that there is nothing in recent
versions of numactl that appears to be architecture-specific. It does
build with all of Buildroot toolchains currently used in the
autobuilders.
The only necessary changes are:
* Exclude no-MMU architectures, as madvise() is used in the code
base, and this is not available on no-MMU architectures.
* Make sure to use -latomic when needed, as some atomic operations
are used.
* Backport a patch that fixes the .symver usage, which only affects
really old gcc versions: only the old ARM Sourcery toolchain was
affected by this. Newer gcc versions support the gcc "symver"
attribute, so that the code that directly emits the assembly
.symver directive is not invoked.
With these changes, numactl builds successfully on all our supported
toolchains.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit a646cd27b1 (package/freescale-imx/imx-vpu: bump version to
5.4.39.3) somehow messed up when updating the hashes of the licene
files:
>>> imx-vpu 5.4.39.3 Collecting legal info
ERROR: EULA has wrong sha256 hash:
ERROR: expected: a39da2e94bd8b99eaac4325633854620ea3a55145259c3a7748c610a80714cfc
ERROR: got : 7ffad92e72e5f6b23027e7cf93a770a4acef00a92dcf79f22701ed401c5478c0
ERROR: Incomplete download, or man-in-the-middle (MITM) attack
ERROR: COPYING has wrong sha256 hash:
ERROR: expected: 69cbb76b3f10ac5a8c36f34df7bbdf50825815560c00a946fff2922365ef01a2
ERROR: got : 2ceab29de5ea533b86f570bcc4e9ddbfb5fe85a1da4978a8613ff3fd9bed781d
ERROR: Incomplete download, or man-in-the-middle (MITM) attack
The most probable cause is some confusion with imx-vpu-hantro, as the
faulty hashes reported above are those found in imx-vpu-hantro.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[yann.morin.1998@free.fr: rewrite commit log with a probably reason]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
https://security-tracker.debian.org/tracker/CVE-2019-6293https://github.com/NixOS/nixpkgs/issues/55386#issuecomment-683792976
"But this bug does not cause stack overflows in the generated code.
The function and file referred to in the bug (mark_beginning_as_normal
in nfa.c) are part of the flex code generator, not part of the
generated code. If flex crashes before generating any code, that
can hardly be a vulnerability. If flex does not crash, the generated
code is fine (or perhaps subject to other unreported bugs, who knows,
but the NFA has been generated correctly)."
Upstream has chosen to not provide a fix
https://github.com/westes/flex/issues/414
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: use actual upstream URL]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
There had existed in one of the ISC BIND libraries a bug in a
function that was used by dhcpd when operating in DHCPv6 mode.
There was also a bug in dhcpd relating to the use of this function
per its documentation, but the bug in the library function
prevented this from causing any harm. All releases of dhcpd from
ISC contain copies of this, and other, BIND libraries in
combinations that have been tested prior to release and are known
to not present issues like this.
Affects: Builds of dhcpd versions prior to version 4.4.1 when
using BIND versions 9.11.2 or later.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6470
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
bash has a concept of "loadables", which are "plugins" that can be
loaded at runtime by bash to add new builtin. For example:
# type whoami
whoami is hashed (/usr/bin/whoami)
# whoami
root
# enable -f /usr/lib/bash/whoami whoami
# type whoami
whoami is a shell builtin
# whoami
root
# enable -d whoami
# type whoami
whoami is hashed (/usr/bin/whoami)
# whoami
root
bash comes with a set of example loadables, installed in
/usr/lib/bash/. They take 312 KB on ARM32, and are by default not
used, and provide builtins that are for the most part already
available as external commands in Busybox/coreutils:
Makefile.inc finfo mkfifo realpath sync
accept head mktemp rm tee
basename id mypid rmdir truefalse
csv ln pathchk seq tty
cut loadables.h print setpgid uname
dirname logname printenv sleep unlink
fdflags mkdir push strftime whoami
So instead of having them unconditionally installed, add an option to
enable/disable their installation (their build apparently cannot be
disabled via a configure option).
Normally, we try to keep backward compatibility by preserving the
existing behavior. In this case, this would have meant making this
option "default y". But this also breaks our principle of "being
minimal by default", and in this case, it feels preferable to be
"minimal by default" than preserving existing behavior.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We want bash to be installed as /bin/bash. For ages, Buildroot has
been doing this by overriding exec_prefix at install time. First of
all, it would be preferred to do this at configure time. But also,
overriding exec_prefix not only changes where "bash" goes, but also
where the pkgconfig file goes. Due to this, bash.pc goes into
/lib/pkgconfig/, and doesn't get removed by target-finalize.
Since all we want is to have 'bash' as /bin/bash, simply pass
--bindir=/bin at configure time. This allows to use the default target
installation logic for autotools-package. We keep a post-install
target hook to remove /bin/bashbug.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix vulnerability to DNS-rebind attacks.
This security fix addresses the same vulnerability isue which was reported
for libupnp (which libnpupnp is derived from) in CVE-2021-29462.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a patch to disable tests through the standard BUILD_TESTING variable
which is already passed by cmake-package.
While at it, drop protobuf dependency which is only needed for tests
This will fix a build failure on toolchains without wchar, toolchains
for sh4 (ICE) or toolchains where gcc is affected by bug 64735.
Upstream thinks that this is unecessary but no additional feedback was
received on how we should handle those build failures
Fixes:
- http://autobuild.buildroot.org/results/1cd24b757d87b963c70bc7ff927c6d983d0b142a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The uftrace tool is to trace and analyze execution of a program
written in C/C++.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The hash of the HTML license file has changed due to changes in the
HTML menu and other parts of the page that don't change the license
text itself.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
From the release notes:
================================================================================
Redis 6.2.2 Released Mon April 19 19:00:00 IST 2021
================================================================================
Upgrade urgency: HIGH, if you're using ACL and pub/sub, CONFIG REWRITE, or
suffering from performance regression.
See https://github.com/redis/redis/blob/6.2.2/00-RELEASENOTES
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
From the changelog:
* Enable SATA RX lane swap
* Add workaround for A-010554 (Improve SATA hard drive detection)
* Add workaround for A-009531 (Wrong IDO bit value for PCIe completion
packets)
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Upgrade to release 2021.4.4 with the following bug fixes:
- regex fails with a quantified backreference but succeeds with
repeated backref
- API is not a drop-in replacement for python's re when it comes
to typing
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- change to python3 only
- update license file hash:
@@ -1,4 +1,4 @@
-Copyright 2016-2018 Dave Jones <dave@waveform.org.uk>
+SPDX-License-Identifier: BSD-3-Clause
Changelog ([1]):
- Dropped Python 2.x support. Current Python support level is 3.5 and above.
- Added html and css format specifications to the :class:`Color` class'
string-formatting capabilities.
[1] https://github.com/waveform80/colorzero/blob/master/docs/changelog.rst
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
--without-x is not recognized since at least version 1.2.12:
configure: WARNING: unrecognized options: --disable-gtk-doc, --disable-gtk-doc-html, --disable-doc, --disable-docs, --disable-documentation, --with-xmlto, --with-fop, --enable-ipv6, --disable-nls, --without-x
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The old at91bootstrap version (1.x) uses a strange variant of the BSD
license, called "BSD Source Code Attribution" and referenced by SPDX
as BSD-Source-Code.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Depends on BR2_PACKAGE_PYTHON3
The hash of the license file has changed because a short license file
was replaced by the complete text of the Apache 2.0 license. The
license itself remains the same.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fix CVE-2021-27097: The boot loader in Das U-Boot before 2021.04-rc2
mishandles a modified FIT.
- Fix CVE-2021-27138: The boot loader in Das U-Boot before 2021.04-rc2
mishandles use of unit addresses in a FIT.
- Update second patch
- Drop fourth patch (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix CVE-2021-20305: A flaw was found in Nettle in versions before 3.7.2,
where several Nettle signature verification functions (GOST DSA, EDDSA &
ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply
function being called with out-of-range scalers, possibly resulting in
incorrect results. This flaw allows an attacker to force an invalid
signature, causing an assertion failure or possible validation. The
highest threat to this vulnerability is to confidentiality, integrity,
as well as system availability.
https://git.lysator.liu.se/nettle/nettle/-/blob/nettle_3.7.2_release_20210321/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Give this package some love and update to the newest version. There are
no released versions, though. Therefore, use the latest commit.
Notable changes:
- RS485 support fixes and features
- internal loopback support
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also recreate config.xml by building and running Gerbera using:
```
~/buildroot/output/target/usr/bin/gerbera --create-config > package/gerbera/config.xml
```
Note, that Gerbera sets the `<home>` parameter now to the runtime user's home by
default when generating the script. This is not appropriate when running Gerbera
on an embedded Linux system as we usually do not have multiple users or even
users at all. Therefore, we set the home directory to /var/lib/gerbera`.
As this directory is not created when installing Gerbera to the target,
it is created by the start script.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
ijson < 2.5 (as available in Debian 10) use the slow python backend by
default instead of the most efficient one available like modern ijson
versions, significantly slowing down cve checking. E.G.:
time ./support/scripts/pkg-stats --nvd-path ~/.nvd -p avahi --html foobar.html
Goes from
174,44s user 2,11s system 99% cpu 2:58,04 total
To
93,53s user 2,00s system 98% cpu 1:36,65 total
E.G. almost 2x as fast.
As a workaround, detect when the python backend is used and try to use a
more efficient one instead. Use the yajl2_cffi backend as recommended by
upstream, as it is most likely to work, and print a warning (and continue)
if we fail to load it.
The detection is slightly complicated by the fact that ijson.backends used
to be a reference to a backend module, but is nowadays a string (without the
ijson.backends prefix).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes:
showing "enable home daemon"
and "homed support needs a toolchain w/ threads, dynamic library, kernel headers >= 4.12"
when BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_12
introduced by fa62b5165c
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 841c695468 (libdrm: change to meson build system) converted the
autotools --disable-manpages to the neson -Dmanpages=false. However, the
actual option is 'man-pages':
WARNING: Unknown options: "manpages"
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: tweak commit log as per Peter's review]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Enable introspection when GObject Introspection is enabled.
Signed-off-by: Einar Jon Gunnarsson <tolvupostur@gmail.com>
Acked-by: Aleksander Morgado <aleksander@aleksander.es>
[yann.morin.1998@free.fr: drop config option, rely on GOI package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add hash file
Convert to meson build
Use https instead of http and git
Signed-off-by: Einar Jon Gunnarsson <tolvupostur@gmail.com>
[yann.morin.1998@free.fr: also switch repo to https]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The condition around postgis was added to make a sort of submenu of the
postgresql extensions under postgresql itself. However, such a condition
should be on BR2_PACKAGE_POSTGRESQL, not on its suboption
BR2_PACKAGE_POSTGRESQL_FULL.
Change the condition in package/Config.in to BR2_PACKAGE_POSTGRESQL, and
move the BR2_PACKAGE_POSTGRESQL_FULL condition to
package/postgis/Config.in.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Minimalistic protocol buffer decoder and encoder in C++.
Designed for high performance. Suitable for writing zero copy
parsers and encoders with minimal need for run-time allocation
of memory.
Low-level: this is designed to be a building block for writing
a very customized decoder for a stable protobuf schema. If your
protobuf schema is changing frequently or lazy decoding is not
critical for your application then this approach offers
no value: just use the C++ API that can be generated with
the Google Protobufs protoc program.
https://github.com/mapbox/protozero
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- needs protobuf-c (not protobuf)
- protobuf-c configure tests are not cross-compile capable, even with
ifeq ($(BR2_PACKAGE_PROTOBUF_C),y)
POSTGIS_DEPENDENCIES += protobuf-c
POSTGIS_CONF_OPTS += --with-protobuf
POSTGIS_CONF_ENV += \
ac_cv_lib_protobuf_c_protobuf_c_message_init=yes \
ac_cv_lib_protobuf_c_protobuf_c_version=yes
else
POSTGIS_CONF_OPTS += --without-protobuf
endif
configure aborts with:
checking for PROTOBUFC... yes
checking protobuf-c/protobuf-c.h usability... yes
checking protobuf-c/protobuf-c.h presence... yes
checking for protobuf-c/protobuf-c.h... yes
checking for protobuf_c_message_init in -lprotobuf-c... (cached) yes
checking for protobuf_c_version in -lprotobuf-c... (cached) yes
checking protobuf-c version... configure: error: in `.../build/postgis-3.1.1':
configure: error: cannot run test program while cross compiling
Fixes:
- http://autobuild.buildroot.net/results/8b95086b5e0876d0a4e41330446e767e4abd3729
checking for PROTOBUFC... no
libprotobuf-c not found in pkg-config
checking protobuf-c/protobuf-c.h usability... no
checking protobuf-c/protobuf-c.h presence... no
checking for protobuf-c/protobuf-c.h... no
configure: error: unable to find protobuf-c/protobuf-c.h using CPPFLAGS. You can disable MVT and Geobuf support using --without-protobuf
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
OpenZFS is an advanced file system and volume manager which was originally
developed for Solaris and is now maintained by the OpenZFS community. This
repository contains the code for running OpenZFS on Linux and FreeBSD.
http://zfsonlinux.org/
Signed-off-by: José Luis Salvador Rufo <salvador.joseluis@gmail.com>
[me:
- fix test case on how to use a pre-built toolchain
- reorder the test case config
- add test case with glibc
- drop superflous test timeout override
- only select libtirpc when C library lacks native RPC
- drop unused ZFS_MODULES variable
- drop ZFS_CPE_ID_PREFIX and ZFS_AUTORECONF_OPTS which are defaults
- drop NLS options, already set in a generic manner
- drop incomplete/improper sysvinit support
- some cosmetics
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
PostGIS is a spatial database extender for PostgreSQL object-relational
database. It adds support for geographic objects allowing location
queries to be run in SQL.
On microblazeel with the bootlin toolchain, the build fails with an ICE:
during RTL pass: reload
.../bootlin-microblazeel-uclibc/build/libgeos-3.9.0/src/geom/util/Densifier.cpp: In static member function ‘static std::unique_ptr<std::vector<geos::geom::Coordinate> > geos::geom::util::Densifier::densifyPoints(geos::geom::Coordinate::Vect, double, const geos::geom::PrecisionModel*)’:
.../bootlin-microblazeel-uclibc/build/libgeos-3.9.0/src/geom/util/Densifier.cpp:128:1: internal compiler error: in gen_reg_rtx, at emit-rtl.c:1155
128 | }
| ^
Since it's unlikely that postgis will ever be used on a microblaze,
simply disable it.
https://postgis.net/
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout:
- Move postgresql dependency to package/Config.in, to satisfy
alphabetical ordering in the menu while keeping it below postgresql.
- Add dependency on !microblaze.
- Add comment for dependencies.
- Add positive version of --with-raster and --with-protobuf to
_CONF_OPTS.
- Expand BSD to BSD-2-Clause.
]
Fixes the following security issues:
- CVE-2021-1386: Fix for UnRAR DLL load privilege escalation. Affects
0.103.1 and prior on Windows only.
- CVE-2021-1252: Fix for Excel XLM parser infinite loop. Affects 0.103.0
and 0.103.1 only.
- CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash.
Affects 0.103.0 and 0.103.1 only.
- CVE-2021-1405: Fix for mail parser NULL-dereference crash. Affects
0.103.1 and prior.
- CVE-2021-27506: The ClamAV Engine (Version 0.103.1 and below) embedded in
Storsmshield Network Security (1.0 to 4.1.5) is subject to DoS in case of
parsing of malformed png files.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-21240: httplib2 is a comprehensive HTTP client library
for Python. In httplib2 before version 0.19.0, a malicious server
which responds with long series of "\xa0" characters in the
"www-authenticate" header may cause Denial of Service (CPU burn while
parsing header) of the httplib2 client accessing said server. This is
fixed in version 0.19.0 which contains a new implementation of auth
headers parsing using the pyparsing library.
- Fix CVE-2020-11078: In httplib2 before version 0.18.0, an attacker
controlling unescaped part of uri for `httplib2.Http.request()` could
change request headers and body, send additional hidden requests to
same server. This vulnerability impacts software that uses httplib2
with uri constructed by string concatenation, as opposed to proper
urllib building with escaping. This has been fixed in 0.18.0.
- Use LICENSE file instead of PKG-INFO
- pyparsing is a runtime dependency since version 0.19.0 and
https://github.com/httplib2/httplib2/commit/bd9ee252c8f099608019709e22c0d705e98d26bchttps://github.com/httplib2/httplib2/blob/v0.19.1/CHANGELOG
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Notice: This fixes a security issue, but in code not used in Buildroot:
ifcfg-rh: handle "802-1x.{,phase2-}ca-path". Otherwise setting this
property silently fails and a profile might accidentally not perform
any authentication (CVE-2020-10754).
Update indentation in hash file (two spaces)
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/1.22.16/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: Clarify that security issue isn't applicable to Buildroot]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Updated license hash due to year change.
Commit bf66772c9b was accidentally based
on v1 of this patch.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Updated license hash due to year change.
Commit 4d5587cb56 was accidentally based
on v1 of this patch.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issues:
CVE-2020-7774: npm upgrade to 6.14.12 - Update y18n to fix
Prototype-Pollution (High)
This is a vulnerability in the y18n npm module which may be exploited by
prototype pollution.
https://github.com/advisories/GHSA-c4w7-xm78-47vh
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
CVE-2021-28658: Potential directory-traversal via uploaded files
MultiPartParser allowed directory-traversal via uploaded files with suitably crafted file names.
Built-in upload handlers were not affected by this vulnerability.
For more details, see the announcement:
https://www.djangoproject.com/weblog/2021/apr/06/security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2021-28831: decompress_gunzip.c in BusyBox through 1.32.1 mishandles
the error bit on the huft_build result pointer, with a resultant invalid
free or segmentation fault, via malformed gzip data.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When BR2_PACKAGE_WPA_SUPPLICANT_CTRL_IFACE is not set and
BR2_PACKAGE_WPA_SUPPLICANT_DBUS=y, CONFIG_CTRL_IFACE_DBUS_NEW will be
enabled by 's/^#\(CONFIG_CTRL_IFACE_DBUS_NEW\)/\1/' first, and then
disabled by 's/^\(CONFIG_CTRL_IFACE\)/#\1/'.
CONFIG_CTRL_IFACE_DBUS_NEW does not depend on CONFIG_CTRL_IFACE, except
for using it as a prefix. Fix this wrong behavior by adding '\>' after
CONFIG_CTRL_IFACE.
Signed-off-by: Tian Yuanhao <tianyuanhao@aliyun.com>
Tested-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Versions 2.0.10 of Mosquitto has been released. This is a security and bugfix release.
CVE-xxxx-xxxx: If an authenticated client connected with MQTT v5 sent a malformed
CONNACK message to the broker a NULL pointer dereference occurred, most likely
resulting in a segfault. This will be updated with the CVE number when it is assigned.
Affects versions 2.0.0 to 2.0.9 inclusive.
See the announcement: https://mosquitto.org/blog/2021/04/version-2-0-10-released/
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Use the tarball provided by upstream developers instead of the one
generated by Github. Indeed
https://github.com/rhboot/shim/releases/tag/15.4 indicates "As
usual, please use the shim-15.4.tar.bz2 tarball, rather than the
other two archives github automatically produces."
- The tarball now includes the gnu-efi code, so we no longer need to
select gnu-efi and have it as a build dependency. We continue to use
BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS as we still only build for those
architectures that have gnu-efi support. We also drop the
EFI_INCLUDE, EFI_PATH and LIBDIR variables, as gnu-efi no longer
needs to be searched in STAGING_DIR.
- Drop all four patches, which were backports from upstream.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Backport a set of upstream patches to fix:
MokManager.c: In function ‘write_back_mok_list’:
MokManager.c:1081:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
1081 | if (CompareGuid(&(list[i].Type), &X509_GUID) == 0)
| ^~~~~~~~~~~~~~~
MokManager.c:1103:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
1103 | if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) {
| ^~~~~~~~~~~~~~~
MokManager.c: In function ‘delete_cert’:
MokManager.c:1144:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
1144 | if (CompareGuid(&(mok[i].Type), &X509_GUID) != 0)
| ^~~~~~~~~~~~~~
MokManager.c: In function ‘delete_hash_in_list’:
MokManager.c:1195:20: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
1195 | if ((CompareGuid(&(mok[i].Type), &Type) != 0) ||
| ^~~~~~~~~~~~~~
MokManager.c: In function ‘delete_keys’:
MokManager.c:1359:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
1359 | if (CompareGuid(&(del_key[i].Type), &X509_GUID) == 0) {
| ^~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make[1]: *** [<builtin>: MokManager.o] Error 1
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
shim fails to build with:
console.c:448:5: error: ‘EFI_WARN_UNKOWN_GLYPH’ undeclared here (not in a function); did you mean ‘EFI_WARN_UNKNOWN_GLYPH’?
448 | { EFI_WARN_UNKOWN_GLYPH, L"Warning Unknown Glyph"},
| ^~~~~~~~~~~~~~~~~~~~~
| EFI_WARN_UNKNOWN_GLYPH
make[2]: *** [<builtin>: console.o] Error 1
make[2]: *** Waiting for unfinished jobs....
Backport upstream commit d230d02f990f02293736dca78b108f86c86d1bd0 to
resolve this issue.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
An analysis of the last 3 remaining CVEs that are reported to affect
the grub2 package has allowed to ensure that we can safely ignore
them:
* CVE-2020-14372 is already fixed by a patch we have in our patch
stack for grub2
* CVE-2019-14865 and CVE-2020-15705 are both distro-specific and do
not affect grub2 upstream, nor grub2 with the stack of patches we
have in Buildroot
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- bpo-42988: CVE-2021-3426: Remove the getfile feature of the pydoc module
which could be abused to read arbitrary files on the disk (directory
traversal vulnerability). Moreover, even source code of Python modules
can contain sensitive data like passwords. Vulnerability reported by
David Schwörer.
- bpo-43285: ftplib no longer trusts the IP address value returned from the
server in response to the PASV command by default. This prevents a
malicious FTP server from using the response to probe IPv4 address and
port combinations on the client network.
Code that requires the former vulnerable behavior may set a
trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to
True to re-enable it.
- bpo-43439: Add audit hooks for gc.get_objects(), gc.get_referrers() and
gc.get_referents(). Patch by Pablo Galindo.
Note: 3.9.3 was recalled due to introducing unintentional ABI
incompatibility, and fixes re-released as 3.9.4:
https://www.python.org/downloads/release/python-394/
Add host-autoreconf-archive, as it is needed for autoreconf since:
https://github.com/python/cpython/commit/064bc07f241dceec2fc577cbf5c31fa6d63fe320
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-20270: An infinite loop in SMLLexer in Pygments versions 1.5 to
2.7.3 may lead to denial of service when performing syntax highlighting of
a Standard ML (SML) source file, as demonstrated by input that only
contains the "exception" keyword
- CVE-2021-27291: In pygments 1.1+, fixed in 2.7.4, the lexers used to parse
programming languages rely heavily on regular expressions. Some of the
regular expressions have exponential or cubic worst-case complexity and
are vulnerable to ReDoS. By crafting malicious input, an attacker can
cause a denial of service
Python 2.x support was dropped in pygments 2.6, so adjust (reverse)
dependencies:
Version 2.6
-----------
(released March 8, 2020)
- Running Pygments on Python 2.x is no longer supported.
(The Python 2 lexer still exists.)
Adjust the license hash for a change of copyright years:
https://github.com/pygments/pygments/commit/a590ac5ea7c00a41e253834306bfa19e38349c0b
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some IPTV streams will need ffmpef, the command line tool), while some
won't, so we just suggest that to the user in the help text.
There were two alternatives, but neither were very convincing:
- always enforce that ffmpeg is enabled
- only enforce ffmpeg to be enabled when the package is already
enabled
In either case, that may cary the ffmpeg tool when it really is not
needed. So leave it to the user to decide whether they want it or not.
tvheadend now has a bunch of options, so make it a sub-menu.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr:
- do not forcibly enable ffmpeg-the-commandline-tool
- one option per-commit
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes:
- http://autobuild.buildroot.net/results/c9b0e41d66211bcab231b5db78c6eebe4b1d78ba
genesys/scanner_interface_usb.cpp: In member function ‘virtual void genesys::ScannerInterfaceUsb::sleep_us(unsigned int)’:
genesys/scanner_interface_usb.cpp:484:10: error: ‘std::this_thread’ has not been declared
484 | std::this_thread::sleep_for(std::chrono::microseconds{microseconds});
| ^~~~
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changes:
* Fix potential null pointer dereference in the JP2/JPC decoder. (#269)
* Fix ignoring of JAS_STREAM_FILEOBJ_NOCLOSE at stream close time. (#286)
* Fix integral type sizing problem in JP2 codec. (#284)
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw
allows attackers to cause a denial of service (SEGV or buffer overflow
and application crash) or possibly have unspecified other impacts via a
crafted ELF. The highest threat from this vulnerability is to system
availability.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Backport an upstream patch to add support for riscv32. Although this is
a new feature (new arch support), this is an upstream commit, so we can
expect it to be available in a future release.
Fixes:
- http://autobuild.buildroot.org/results/1c399312dbec5d7a28ec90d62fdd8f47fa14ff4b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- technically, this is not a bug fix, but new arch support
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The README.md file suggests passing "nodbus" as a tag if dbus is not selected.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
According to the README.md file, xz is optional.
- Remove the dependency on the xz package.
- If the xz package is not selected, add "nolzma" to MENDER_TAGS
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Fix arbitrary data copied from signature header past signature
checking (CVE-2021-3421)
- Fix signature check bypass with corrupted package (CVE-2021-20271)
- Fix missing bounds checks in headerImport() and headerCheck()
(CVE-2021-20266)
- Fix missing sanity checks on header entry count and region data
overlap
- Fix access past end of header if the last entry is string type
- Fix unsafe headerCopyLoad() still used in codebase
Drop all patches (already in version)
https://rpm.org/wiki/Releases/4.16.1.3.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Out-of-bound read access when parsing LLDP-MED civic address in
liblldpctl for malformed fields.
- Fix memory leak when receiving LLDPU with duplicate fields.
CVE-2020-27827.
- More memory leak fixes on duplicate TLVs in LLDP, CDP and EDP
(related to CVE-2020-27827).
https://github.com/lldpd/lldpd/blob/1.0.9/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
net-snmp-create-v3-user uses ps to check if snmpd is running. To know
how to invoke 'ps', the build system use 'which ps' and does other
checks for the output format of 'ps', therefore inspecting 'ps' on the
build machine instead of the target.
If the build machine runs a OS like Debian, that uses a merged-usr and a
PATH of '/usr/bin:/bin', then 'which ps' returns /usr/bin/ps, which will
not work on the target if it does not also use a merged-usr.
Hardcode 'ps' to be /bin/ps to fix this issue and to improve build
reproducibility.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
While not a requirement to run mender itself, the mender-connect package
requires this file to be installed to talk to mender.
Signed-off-by: Adam Duskett <Aduskett@rivian.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changelog ([1]):
v3.18 (2021-03-11)
==================
- xt_pknock: fix a build failure on ARM 32-bit
v3.17 (2021-02-28)
==================
- xt_pknock: cure a NULL deref
v3.16 (2021-02-24)
==================
- xt_pknock: build fix for ILP32 targets
v3.15 (2021-02-05)
==================
- xt_ECHO: support new function signature of security_skb_classify_flow
- xt_lscan: add --mirai option
- Support for Linux 5.11
v3.14 (2020-11-24)
==================
- DELUDE, ECHO, TARPIT: use actual tunnel socket (ip_route_me_harder).
- geoip: scripts for use with MaxMind DB have been brought back,
partly under new names.
- Gave xt_geoip_fetch a more fitting name, xt_geoip_query.
[1] https://fossies.org/linux/privat/xtables-addons-3.18.tar.xz/xtables-addons-3.18/doc/changelog.txt
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In a first draft of what ended up in commit 3efc5a250c
("package/siproxd: new package") libltdl was optionally built from an
internal copy of siproxd. Now external libltdl is selected
unconditionally, thus the license file of the internal copy of libtool
does not apply anymore.
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Other changes:
- Add host-pkgconf as a dependency. It's used to find OpenSSL.
- Set new license hashes.
Signed-off-by: Adam Duskett <Aduskett@rivian.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The current linker flag "-X main.Version=$(MENDER_VERSION)" no longer points
to the correct location, which results in "version: unknown" when runnning
"mender -version." Update the linker flag to point to the correct location.
Signed-off-by: Adam Duskett <Aduskett@rivian.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently there is a mix of calls to package/mender and $(MENDER_PKGDIR) in the
mender.mk file. Standardize the calls to only $(MENDER_PKGDIR).
Signed-off-by: Adam Duskett <Aduskett@rivian.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure with gcc 10:
/home/buildroot/autobuild/run/instance-1/output-1/host/bin/aarch64-none-linux-gnu-gcc -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -I/home/buildroot/autobuild/run/instance-1/output-1/build/efivar-37/src/include/ -specs=/home/buildroot/autobuild/run/instance-1/output-1/build/efivar-37/gcc.specs -L. -fPIC -Wl,-z,muldefs -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -o efivar efivar.c -lefivar -ldl
In file included from efivar.h:28,
from efivar.c:40:
In function 'text_to_guid',
inlined from 'parse_name.constprop' at efivar.c:157:8:
guid.h:106:2: error: 'strncpy' output may be truncated copying 8 bytes from a string of length 38 [-Werror=stringop-truncation]
106 | strncpy(eightbytes, text, 8);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Fixes:
- http://autobuild.buildroot.org/results/fcba72d359f4128515560e9105384cd4deff5043
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The Acqua A5 is a system on module based on the Microchip SAMA5D31 SoC:
https://www.acmesystems.it/acqua
It is available in both 256 MiB and 512 MiB versions, hence the two
defconfig files. These configs build microSD card images with:
- AT91Bootstrap 3
- Linux 5.4.107
- default buildroot packages (uClibc, Busybox)
The device tree blob comes from Acme Systems:
https://github.com/AcmeSystems/dts-archive
It is licensed under GPLv2 or later.
Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a WPA_SUPPLICANT_IGNORE_CVES entry for CVE-2021-27803 which was
fixed by commit 9ada4eb2f1, which we
have backported as
0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Current error string speaks only about "fragment" but here we also deal
with Kconfig files, so let's add "file or fragment" instead of "fragment".
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Parse-Yapp comes with a Makefile.PL,
so it is built with the perl core module ExtUtils-MakeMaker
regenerated with `utils/scancpan -force -host Parse-Yapp`
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The ARPHRD_RAWIP symbol is used in the rmnet backend in the link
management support now included in libqmi.
If libc doesn't provide this symbol yet, define it ourselves. The
symbol will only be used if rmnet is enabled in the kernel anyway.
This patch will be included in the next libqmi 1.28.4.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
[yann.morin.1998@free.fr:
- do an actual backport now it's been applied upstream
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
--enable-more-warnings has been dropped since version 1.26.0 and
https://github.com/freedesktop/libqmi/commit/9f31a45d5fc137431705d47b83669f35259932b4
Instead, a new --disable-Werror option has been added, through the use
of AX_COMPILER_FLAGS, so use that to explicitly request wrnings not be
treated as errors.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: use --disable-Werror instead of nothing]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2021-3119: Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer
dereferencing issue related to sqlcipher_export in crypto.c and
sqlite3StrICmp in sqlite3.c. This may allow an attacker to perform a
remote denial of service attack. For example, an SQL injection can be
used to execute the crafted SQL command sequence, which causes a
segmentation fault.
https://github.com/sqlcipher/sqlcipher/blob/v4.4.3/CHANGELOG.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-28363: The urllib3 library 1.26.x before 1.26.4 for Python
omits SSL certificate validation in some cases involving HTTPS to HTTPS
proxies. The initial connection to the HTTPS proxy (if an SSLContext
isn't given via proxy_config) doesn't verify the hostname of the
certificate. This means certificates for different servers that still
validate properly with the default urllib3 SSLContext will be silently
accepted.
https://github.com/urllib3/urllib3/blob/1.26.4/CHANGES.rst
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-27928: A remote code execution issue was discovered in
MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18,
and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep
patch through 2021-03-03 for MySQL. An untrusted search path leads to
eval injection, in which a database SUPER user can execute OS commands
after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not
affect an Oracle product.
https://mariadb.com/kb/en/mariadb-10328-release-notes/https://mariadb.com/kb/en/mariadb-10328-changelog/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-07 0.9.36
* Fix sf.net issue #5 - its possible to issue a PUT request
without a CONTENT-TYPE. Assume an octet-stream in that case.
* Change the Prefix for variables to be the REQUEST_METHOD
(PUT/DELETE/GET/POST)
**** THIS IS A BREAKING CHANGE vs 0.9.33 ****
* Mitigations vs running haserl to get access to files not
available to the user.
- Fix CVE-2021-29133: Lack of verification in haserl, a component of
Alpine Linux Configuration Framework, before 0.9.36 allows local users
to read the contents of any file on the filesystem.
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 5502a889dd
("configs/beaglebone_qt5: don't use custom post-image script") removed the use
of genimage_linux41.cfg but didn't remove the file.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Upstream has switched to requiring python3, so change the dependency to
always use host-python3.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This reverts commit 9783c04aaf.
This commit is actually a workaround to get Meson passing `-libstdc++`
to the C linker. The correct fix is to pass the host C++ compiler to
Meson instead of the host C compiler using the `CXX_FOR_BUILD` variable.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit f4a61d1ae2 introduced CC_FOR_BUILD and
CXX_FOR_BUILD to avoid detecting ccache.
Both values are set to `HOSTCC`. This causes issues where C++ files are
compiled with the C compiler without passing the `stdc++` flag to the
linker, too.
Therefore, switch to pass the C++ compiler to CXX_FOR_BUILD.
Correctly fixes:
http://autobuild.buildroot.org/results/871e1362c44e5b68a149e6a5dd3caf99ea0d904a
Commit 9783c04aaf proposed a fix which in
fact is a workaround to get Meson to pass the `stdc++` flag to the C
linker.
A fellow-up commit will revert this commit, as it is no longer
needed.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
From https://www.lesbonscomptes.com/upmpdcli/pages/releases.html:
2021-03-13 libnpupnp 4.1.1
* Fix HEAD requests. Samsung TVs now work with Gerbera + libnpupnp
2021-03-13 libnpupnp 4.1.0
* Send SERVER and USER-AGENT headers in misc places where mandated or useful.
* Add API for the client code to set the user-agent and server string values
* Fix building and running with --disable-ipv6
* Misc portability fixes.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Just like we have a "github" macro to calculate the URL of the tarball
to download source from Github, let's introduce a similar macro for
Gitlab.
This should be used to download the auto-generated tarballs from
Gitlab. If there is a specific release tarball uploaded by the
upstream developers, the <pkg>_SITE variable should not use this new
gitlab macro.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The Github macro example shows something that is now considered
incorrect: using v1.0 as the VERSION. This is not longer recommended
as it prevents from matching with release-monitoring.org details.
Let's update the example, and add a note to explain this in more
details.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When BR2_VERSION_FULL contains one or more '/', injection our version
in the perl patch-level fails:
/usr/bin/sed: -e expression #1, char 27: unknown option to `s'
When the build is done in a git tree, and HEAD is a tag, BR2_VERSION_FULL
will contain that tag name. Even if not widely common, it is not unusual
for a tag to contain a '/', and this is perfectly legit in git.
So, mangle BR2_VERSION_FULL to escape all '/' with a backslash '\', so
that the sed expression is correct, and so that we eventually have a
correct pathclevel string in perl's --version output.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch fixes the following compile failures:
In file included from platform/text/TextAllInOne.cpp:30:
platform/text/TextBreakIteratorICU.cpp: In function ‘bool
WebCore::textInChunkOrOutOfRange(UText*, int64_t, int64_t, UBool,
UBool&)’:
platform/text/TextBreakIteratorICU.cpp:217:28: error: ‘TRUE’ was not
declared in this scope
217 | isAccessible = TRUE;
| ^~~~
platform/text/TextBreakIteratorICU.cpp:222:28: error: ‘FALSE’ was not
declared in this scope
222 | isAccessible = FALSE;
| ^~~~~
platform/text/TextBreakIteratorICU.cpp:231:28: error: ‘TRUE’ was not
declared in this scope
231 | isAccessible = TRUE;
| ^~~~
platform/text/TextBreakIteratorICU.cpp:236:28: error: ‘FALSE’ was not
declared in this scope
236 | isAccessible = FALSE;
| ^~~~~
platform/text/TextBreakIteratorICU.cpp: In function ‘UBool
WebCore::textLatin1Access(UText*, int64_t, UBool)’:
platform/text/TextBreakIteratorICU.cpp:246:16: error: ‘FALSE’ was not
declared in this scope
246 | return FALSE;
| ^~~~~
platform/text/TextBreakIteratorICU.cpp:266:12: error: ‘TRUE’ was not
declared in this scope
266 | return TRUE;
| ^~~~
platform/text/TextBreakIteratorICU.cpp: In function ‘UBool
WebCore::textUTF16Access(UText*, int64_t, UBool)’:
platform/text/TextBreakIteratorICU.cpp:367:16: error: ‘FALSE’ was not
declared in this scope
367 | return FALSE;
| ^~~~~
platform/text/TextBreakIteratorICU.cpp:387:12: error: ‘TRUE’ was not
declared in this scope
387 | return TRUE;
| ^~~~
...
In file included from platform/text/TextAllInOne.cpp:32:
platform/text/TextCodecICU.cpp: In member function ‘void
WebCore::TextCodecICU::createICUConverter() const’:
platform/text/TextCodecICU.cpp:272:42: error: ‘TRUE’ was not declared in
this scope
272 | ucnv_setFallback(m_converterICU, TRUE);
| ^~~~
The compile failures are fixed by replacing the use of FALSE/TRUE with
false/true as suggested by [1] and/or [2].
A better description is directly from the patch/pull-request ([3]):
Traditionally, ICU4C has defined its own `FALSE`=0 / `TRUE`=1 macros for use with `UBool`.
Starting with ICU 68 (2020q4), we no longer define these in public header files
(unless `U_DEFINE_FALSE_AND_TRUE`=1),
in order to avoid name collisions with code outside ICU defining enum constants and similar
with these names.
and explains why it occurred just recently/since the icu bump to version
68-1 ([4])...
[1] https://unicode-org.atlassian.net/browse/ICU-21267
[2] https://unicode-org.atlassian.net/browse/ICU-21148
[3] https://github.com/unicode-org/icu/pull/1282/commits/5d77f7084dbfad50c7ccc17bccb85aa24bae8937
[4] https://git.buildroot.net/buildroot/commit/?id=88f2d1c4e52607d2c2a1fa8d934152c47167a168
Signed-off-by: Henri Roosen <henri.roosen@ginzinger.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* ssh-agent(1): fixed a double-free memory corruption that was
introduced in OpenSSH 8.2 . We treat all such memory faults as
potentially exploitable. This bug could be reached by an attacker
with access to the agent socket.
On modern operating systems where the OS can provide information
about the user identity connected to a socket, OpenSSH ssh-agent
and sshd limit agent socket access only to the originating user
and root. Additional mitigation may be afforded by the system's
malloc(3)/free(3) implementation, if it detects double-free
conditions.
The most likely scenario for exploitation is a user forwarding an
agent either to an account shared with a malicious user or to a
host with an attacker holding root access.
* Portable sshd(8): Prevent excessively long username going to PAM.
This is a mitigation for a buffer overflow in Solaris' PAM username
handling (CVE-2020-14871), and is only enabled for Sun-derived PAM
implementations. This is not a problem in sshd itself, it only
prevents sshd from being used as a vector to attack Solaris' PAM.
It does not prevent the bug in PAM from being exploited via some
other PAM application. GHPR#212
Also license has been updated to add some openbsd-compat licenses:
https://github.com/openssh/openssh-portable/commit/922cfac5ed5ead9f796f7d39f012dd653dc5c173https://www.openssh.com/txt/release-8.5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Make sure libusb support is properly disabled even if the libusb
package is enabled, and in case it gets built before Kodi.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The i.MX 8M Plus focuses on machine learning and vision and industrial
automation. It also provides advanced multimedia, including a VPU and
the GPU GC7000UL (3D) + GC520L (2D).
Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The latest officially released version of SDL_net is 1.2.8, released
in 2012. Since then, there have been several bugfixes.
SDL's canonical source is now on GitHub. This commit points to the
SDL-1.2 branch from 15 Mar 2021.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[yann.morin.1998@free.fr: use full-length commit hash]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The latest officially released version of SDL_image is 1.2.12, released
in 2012. Since then, there have been many bugfixes, including security
fixes.
SDL's canonical source is now on GitHub. This commit points to the
SDL-1.2 branch from 15 Mar 2021.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[yann.morin.1998@free.fr: use full-length commit hash]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The latest officially released version of SDL_mixer is 1.2.12, released
in 2012. Since then, there have been many bugfixes on master.
SDL's canonical source is now on GitHub. This commit points to the
SDL-1.2 branch from 15 Mar 2021.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[yann.morin.1998@free.fr:
- use full-length commit hash
- two spaces in hash file
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
SDL's canonical source is now on GitHub. The git commit that matches
the Hg commit we used so far is b13aa509166e, but we switch to the
HEAD of the SDL-1.2 branch, which just has two additional commits
touching the autotools files.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[yann.morin.1998@free.fr:
- explain why we don;t use the exactly-maching commit
- use full-length commit hash
- drop the comment: it did not point to the commit we used
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Bump TF-A to version 2.4.
- Bump u-boot to version 2021.01.
- Bump kernel to version 5.11.3.
We switch TF-A to a single FIP image. Thanks to this, TF-A does not need to
use semihosting to load the various BL* anymore (but U-Boot still does).
Update the readme.txt accordingly.
We switch to a u-boot image for the ramdisk. This removes the need to
update the fdt chosen node manually in the bootcmd.
While at it, we drop the generation of the kernel dtb, which we do not use.
In this config, we are indeed using the dtb generated on-the-fly by qemu
and amended by TF-A.
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Gerome Burlats <gerome.burlats@smile.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Tested-by: Romain Naour <romain.naour@gmail.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When enabling BR2_PACKAGE_LIBTOOL it depended on the build order if
squid used the external libltdl or built it from its internal copy. That
broke the build in fli4l where we have additional post build checks
analyzing runtime dependencies and a separate step for copying build
artefacts to target packages.
Depend on the external libltdl unconditionally like done with commit
3efc5a250c ("package/siproxd: new package") for package siproxd
recently as well. For reproducibility, size, and security.
Link: https://web.nettworks.org/ci/job/fli4l/job/buildroot/job/4.0/job/trunk-sunxi/672/
Suggested-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changes:
* Check for an image containing no samples in the PGX
decoder. (#271, #272, #273, #274, #275, #276, #281)
* Check for dimensions of zero in the JPC and JPEG decoders.
* Fix an arguably incorrect type for an integer literal
in the PGX decoder. (#270)
* Check for an invalid component reference in the
JP2 decoder. (#269)
* Check on integer size in JP2 decoder. (#278)
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
kismets fails to build statically with libwebsockets since commit
14522a8f9d because libwebsockets does not
specify any Libs.Private field in its pkg-config file resulting in the
following failure:
configure:10659: checking for lws_client_connect_via_info in -lwebsockets
configure:10684: /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output-1/host/bin/arm-linux-g++ -std=gnu++17 -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -static -static -O3 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 conftest.cpp -lwebsockets -latomic -lz >&5
/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/9.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libwebsockets.a(tls.c.o): in function `alpn_cb':
tls.c:(.text+0x24): undefined reference to `SSL_select_next_proto'
As it is not trivial to specify Libs.Private with cmake buildsystem
(i.e. LIB_LIST contains the list of libraries but in the "cmake format"
with full paths and ';'), just disable static build with libwebsockets.
Fixes:
- http://autobuild.buildroot.org/results/9fc7891b61b1c487b95f07c59b802dd98ef71e3a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
commit 8efc5dce98 added an overlay but
forgot to add it to the related defconfig.
Fixes: missing overlay data in image
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When a --transform expression is provided, it is by default also applied
to the target of a symlink.
When we create tarballs (from git or svn checkouts), we use a --transform
expression to replace the leading ./ with the package name and version.
This causes issues when a package contains symlinks that points to
./something, as the leading './' is also replaced.
Fix that by using the 'S' transformation scope flag, as described in the
tar manual:
https://www.gnu.org/software/tar/manual/html_node/transform.html#transform
In addition, several transformation scope flags are supported, that
control to what files transformations apply. These are:
‘r’ Apply transformation to regular archive members.
‘R’ Do not apply transformation to regular archive members.
‘s’ Apply transformation to symbolic link targets.
‘S’ Do not apply transformation to symbolic link targets.
‘h’ Apply transformation to hard link targets.
‘H’ Do not apply transformation to hard link targets.
Default is ‘rsh’ [...].
Fixes: #13616
This has been checked to not change any of the existing hash for any of
our git-downloaded package (some are host-only, hence the few fixups):
---8<---
$ m="$( git grep -l -E -- -br[[:digit:]]+.tar.gz boot package/ \
|awk -F/ '{print $(NF-1)}' \
|sed -r -e 's/(imx-mkimage|netsurf-buildsystem|prelink-cross|qoriq-rcw|vboot-utils)/host-\1/g' \
-e 's/$/-source/'
)"
$ make defconfig; make clean; BR2_DL_DIR=$(pwd)/trash-me make ${m}
---8<---
Note: it is unclear what the 'H' flag does nor how it works, because the
concept of "target of a hardlink" is not obvious; probably it has to do
with how tar internally detects and stores hardlinks. Since we do not
yet have any issue with hardlinks, just ignore the problem for now, and
postpone until we have an actual issue with a real test-case.
Signed-off-by: Jean-pierre Cartal <jpcartal@free.fr>
Cc: Vincent Fazio <vfazio@xes-inc.com>
[yann.morin.1998@free.fr:
- re-indent commit log
- add scriptlet to test existing hashes
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2021-24032: Beginning in v1.4.1 and prior to v1.4.9, due to an
incomplete fix for CVE-2021-24031, the Zstandard command-line utility
created output files with default permissions and restricted those
permissions immediately afterwards. Output files could therefore
momentarily be readable or writable to unintended parties.
https://github.com/facebook/zstd/releases/tag/v1.4.9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 54d3d94b6e ("support/download: print
command used for download") broke the git and svn download helpers, because
these helpers have invocations of the _git/_svn commands where the exact
output matters.
For example for git, this would result in:
date: invalid date ‘GIT_DIR=.../dl/libyuv/git/.git git log -1 --pretty=format:%ci \n2019-04-12 17:48:45 +0000’
Detected a corrupted git cache.
Removing it and starting afresh.
Fix by splitting the _git function in two: _git and _plain_git.
The former echoes the command, and then calls the latter.
Most invocations use _git as before, but those cases where the output should
not be disturbed, directly call _plain_git.
For symmetry, all download helpers are aligned, even though only the git and
svn helpers were broken.
Fixes: #13631
Fixes:
http://autobuild.buildroot.org/results/c2f/c2fcd4aa6660e3c2f9c6f85646ca7dfe0db56040/
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[yann.morin.1998@free.fr: add bug report and autobuild failure]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add firmware files for Realtek 87XX and 88XX Bluetooth chipsets. Those
are supported by the upstream Realtek Bluetooth driver CONFIG_BT_RTL.
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Even though that most download commands actually print some output, like
progress indication or other messages, the actual command used is not. This
makes it hard to analyze a build log when you are not fully familiar with
the typical output of said log.
Update the download helpers to do just that, respecting any quiet/verbose
flag so that a silent make (make -s) does not get more verbose.
Note: getting rid of the duplication of the command in the script is not
straightforward without breaking support for arguments with spaces.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[yann.morin.1998@free.fr: use printf, not echo]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Most 'verbose' variable inside the download helpers actually mean 'quiet'.
I.e. they are assigned in case quiet operation is requested, and empty in
case of non-quiet operation. Using the name 'verbose' for such a variable is
confusing, especially when you want to test the variable on emptiness or
non-emptiness (in a subsequent commit).
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
SELinux support for the kexec-lite tool (which produces a kexec binary)
is added by the admin/kdump refpolicy module.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Dmidecode provides 4 tools, for which support for SELinux is provided by
the admin/dmidecode refpolicy module.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The alsa-utils package adds some tools that needs the proper module in
the SELinux refpolicy to work properly when SELinux is enabled on the
system.
Add support for the alsactl tool, through the use of the admin/alsa
module.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Log4Qt is a C++ port of the Apache Software Foundation
Log4j package using the Qt Framework.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add patch to use legacy initializer variant to fix gcc-4.8 compile.
Fixes:
- http://autobuild.buildroot.net/results/9d1cd0d0aa8c929c4b1b23b04075c331c1be80e0
genesys/utilities.h:229:23: error: invalid initialization of non-const reference of type 'std::basic_ios<char>&' from an rvalue of type '<brace-enclosed initializer list>'
stream_{stream}
^
genesys/image_pipeline.cpp:715:19: error: invalid initialization of non-const reference of type 'genesys::ImagePipelineNode&' from an rvalue of type '<brace-enclosed initializer list>'
source_{source}
^
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
json-for-modern-cpp provides an option to enable multiple headers support.
Currently this option is disabled and the package creates just a
single header: "nlohmann/json.hpp", which contains everything. Enabling
this option, splits this single header into multiple ones. First of all
this provides an additional header: "nlohmann/json_fwd.hpp", which contains
only forwarding declarations of types provided by this library. This
gives you a more finer control over include dependencies and can speed up
build times significantly. The top level header: "nlohmann/json.hpp" is
still there and therefore code which used it before, would stay compatible.
Signed-off-by: Dimitrij Kotrev <dimitrij.kotrev@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Because uboot requires a set of unique patches for each board, the
upstream package developers are phasing out supporting uboot wherever
possible. Instead, they recommend using Grub2 as a secondary
bootloader and using the mender-grubenv package.
Because the mender-grubenv file provides it's own fw_printenv script,
it is not possible to know if U-Boot's fw_printenv or mender-grubenv's
fw_printenv should be used.
As such, remove selecting uboot tools when uboot is selected, and
instead add a more comprehensive note in the help section about what
Mender requires for uboot and grub2-based systems, with a link to the
meta-mender github project for the base uboot patches, and a link to
the official documentation on manual uboot integration.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit e8b1eeb2f3 (package/batman-adv: fix compile with
BR2_PACKAGE_BATMAN_ADV_BATMAN_V disabled) was tested against an RPi4
linux kernel already enabling the build-in batman-adv module inlcusive
batman-v, hence it missed the case where the in-tree module is not
enabled.
Taking a deeper look at the configure script gen-compat-autoconf.sh
reveals that the batman feature options must be explicitly set to 'y' or
'n' to work as expected.
Fixes:
ERROR: modpost: "batadv_v_mesh_free" [.../build/batman-adv-2021.0/net/batman-adv/batman-adv.ko] undefined!
ERROR: modpost: "batadv_v_mesh_init" [.../build/batman-adv-2021.0/net/batman-adv/batman-adv.ko] undefined!
ERROR: modpost: "batadv_v_hardif_init" [.../build/batman-adv-2021.0/net/batman-adv/batman-adv.ko] undefined!
ERROR: modpost: "batadv_v_init" [.../build/batman-adv-2021.0/net/batman-adv/batman-adv.ko] undefined!
Reported-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: add blurb about tests on previous commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The BR2_TOOLCHAIN_HAS_BINUTILS_BUG_19615 and
BR2_TOOLCHAIN_HAS_BINUTILS_BUG_20006 options were last selected by the
BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_AMD64 toolchain, but this
toolchain has been removed as part of commit
d87e114a8f in August 2020.
It's time to get rid of those two options that are never enabled.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
From the release notes:
Introduction to the Redis 6.2 release
=====================================
This release is the first significant Redis release managed by the core team
under the new project governance model.
Redis 6.2 includes many new commands and improvements, but no big features. It
mainly makes Redis more complete and addresses issues that have been requested
by many users frequently or for a long time.
=====================================
See https://github.com/redis/redis/blob/6.2/00-RELEASENOTES
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In Makefiles, variables are split, filtered, and otherwise mangled on
a space as a separator. In a shell, they will also be split on TABs.
We split and filter and iterate on variables in a lot of places, and
most importantly, spaces in PATH is very seldom tested, if at all, so
a lot of packages will not be working properly in such a situation.
For example, the config.guess contains constructs that are not resilient
to a space in PATH:
PATH=$PATH:/.attbin ; export PATH
Also, our fakedate will iterate over PATH:
for P in `echo $PATH | tr ':' ' '`; do
Those are only two cases, but the first means basically all
autotools-based packages are susceptible to subtle breakage.
Furthermore, Buildroot itself does not support that the top-level or
output directories are in a path with spaces anyway.
So, instead of chasing all cases that might be potentially broken,
let's just detect the case and bail out, like we already do when PATH
contains a \n, or when it contains the current working directory.
Reported-by: Dan Raymond <draymond@foxvalley.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
According to the developers, mender-grubenv is no longer tagging releases for
the mender-grubenv project. However, they asked me if I could submit a patch
upstream to update the package to the latest commit, including quality of life
improvements since the last official 1.3.0 release.
Notable improvements are:
- Support for separate A/B kernel partitions.
- Use regexp to dynamically set mender_grub_storage_device
- Add "rootwait" as a default rootfs argument
Other changes:
- Update license hashes due to a copyright year bump.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Other changes:
- Openssl is now a dependency.
- Set new license hashes due to new dependencies.
- Set new license file hash due to a year change.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In addition to the version bump, the hash of LICENSE is adjusted due
to copyright year change, and a new license file is added for a new
dependency.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The OpenRISC binutils is affected by a linker bug (binutils bug 21464)
for which no workaround exists. This causes build breakage in a number
of packages, so this commit introduces a
BR2_TOOLCHAIN_HAS_BINUTILS_BUG_21464 option to identify this bug. As
all binutils versions are affected, this option is true whenever the
configuration targets OpenRISC.
The bug was already reported and it's been recently updated:
https://sourceware.org/bugzilla/show_bug.cgi?id=21464
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Supports a use case of building container rootfs images where a matching
target version of the tools is required for repackaging of a installer
archive.
binutils binaries are needed for 'ar'; binutils does not work on nios2,
but busybox does, and so we can have 'ar' on nios2 with busybox.
A few other compressors can be used besides gzip, but the default in the
scripts is gzip, so we only ensure this one is enabled. Users who want
other compressors will have to enable them in their configurations.
Note: the order of 'select' is not strictly alphabetical: all packages
provided by busybox applets have been grouped together at the top, with
packages never provided by busybox applets together at the end.
Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
[yann.morin.1998@free.fr:
- only select full-blown packages if busybox is not enabled
- select BR2_PACKAGE_BUSYBOX_SHOW_OTHERS, instead of 'depends on'
- allow on nios2 when busybox is enabled
- add binutils binaries on target (for 'ar')
- drop _DEPENDENCIES: they all are only runtime-dpeendencies
- add comment when python(2) is enabled
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Siproxd is a masquerading SIP Proxy Server. We had a buildroot package
for that in the fli4l Linux router distribution for years with different
authors contributing.
Co-authored-by: Christoph Schulz <fli4l@kristov.de>
Co-authored-by: Claas Hilbrecht <babel@fli4l.de>
Signed-off-by: Alexander Dahl <post@lespocky.de>
[yann.morin.1998@free.fr: unconditionally use an external libtool]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Fix CVE-2021-26530: The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0
(compiled with OpenSSL support) is vulnerable to remote OOB write attack via
connection request after exhausting memory pool.
- Fix CVE-2021-26529: The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0
and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write
attack via connection request after exhausting memory pool.
- Fix CVE-2021-26528: The mg_http_serve_file function in Cesanta Mongoose HTTP server
7.0 is vulnerable to remote OOB write attack via connection request after exhausting
memory pool.
See https://github.com/cesanta/mongoose/releases/tag/7.2
Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Security fix for CVE-2021-21334:
https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4
Other changes:
- Fix container create in CRI to prevent possible environment variable leak between containers
- Update shim server to return grpc NotFound error
- Add bounds on max oom_score_adj value for shim's AdjustOOMScore
- Update task manager to use fresh context when calling shim shutdown
- Update Docker resolver to avoid possible concurrent map access panic
- Update shim's log file open flags to avoid containerd hang on syscall open
- Fix incorrect usage calculation
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- disable simd, openssl, xxhash, zstd, lz4, asm options
- update COPYING hash (add openssl and xxhash license
enhancement):
In addition, as a special exception, the copyright holders give
permission to dynamically link rsync with the OpenSSL and xxhash
libraries when those libraries are being distributed in compliance
with their license terms, and to distribute a dynamically linked
combination of rsync and these libraries. This is also considered
to be covered under the GPL's System Libraries exception.
For details see [1].
[1] https://download.samba.org/pub/rsync/NEWS#3.2.3
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Cc: Baruch Siach <baruch@tkos.co.il>
[yann.morin.1998@free.fr: add 'with exception' to _LICENSE (Baruch)]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- update patch 0001-Prefer-ext-static-libs-when-default-library-static.patch
(use get_option(OptionKey()) instead of get_builtin_option())
- rebase patch 0002-mesonbuild-dependencies-base.py-add-pkg_config_stati.patch
For details see [1].
[1] https://mesonbuild.com/Release-notes-for-0-57-0.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This reverts commit b5e8f1c147. Indeed,
this commit does not fix the build failure as c_std=c99 is already set
in default_options in meson.build.
The issue is that this parameter is not used for native executables
since meson 0.51.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
[yann.morin.1998@free.fr: move license fix to its own commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The license is BSD-2-Clause, not MIT.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
[yann.morin.1998@free.fr: split off into its own commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Switch to meson-package as configure is not shipped in the official
tarball anymore
- Drop host-m4 dependency (only needed in maintainer mode)
- Disable examples and XML validation (enabled by default)
- Drop LIBSIGC_INSTALL_TARGET_FIXUP as documentation is disabled by
default
- Update web page in Config.in
- Update indentation in hash file (two spaces)
https://github.com/libsigcplusplus/libsigcplusplus/blob/2.10.6/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Changelog ([1]):
Changes in 23.4
===============
* killall: Dynamically link to selinux and use security attributes
* pstree: Do not crash on missing processes !21
* pstree: fix layout when using -C !24
* pstree: add time namespace !25
* pstree: Dynamically link to selinux and use attr
* fuser: Get less confused about duplicate dev_id !10
* fuser: Only check pathname on non-block devices !31
Changes in 23.3
===============
* killall: check also truncated 16 char comm names Debian #912748
* fuser: Return early if have nulls !18
* peekfd: Add support for ARM64 !19
* pstree: Add color by age #21
* fuser: Use larger inode sizes #16
[1] https://gitlab.com/psmisc/psmisc/-/blob/master/ChangeLog
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 03fa36df7e (package/avrdude: Switch to upstream)
unconditionally enabled linuxspi on the assumption that it is available
since linux-2.6.22.
However, avrdude unconditionally uses GPIO and includes linux/gpio.h,
which is only available since kernel 4.6 and:
https://github.com/torvalds/linux/commit/3c702e9987e261042a07e43460a8148be254412e
Add a Kconfig option, enabled by default for backward compatibility, to
drive whether to enable or disable SPI support.
Fixes:
- http://autobuild.buildroot.org/results/962a7fcff1e54a0550eafa0cbca780ba8bc8409e
Note: weirdly enough, GPIO support does not use linux/gpio.h; rather it
uses sysfs.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: add a Kconfig option]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Details: https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
As detailed in commit 7e64a050fb, it is
difficult to utilize the upstream patches directly, so a number of
patches include changes to generated files so that we don't need invoke
the gentpl.py script.
In addition to the security fixes, these required patches has been
backported:
f76a27996 efi: Make shim_lock GUID and protocol type public
04ae030d0 efi: Return grub_efi_status_t from grub_efi_get_variable()
ac5c93675 efi: Add a function to read EFI variables with attributes
d7e54b2e5 efi: Add secure boot detection
The following security issues are fixed:
CVE-2020-14372 grub2: The acpi command allows privileged user to load crafted
ACPI tables when Secure Boot is enabled
CWE-184
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
GRUB2 enables the use of the command acpi even when Secure Boot is signaled by
the firmware. An attacker with local root privileges to can drop a small SSDT
in /boot/efi and modify grub.cfg to instruct grub to load said SSDT. The SSDT
then gets run by the kernel and it overwrites the kernel lock down configuration
enabling the attacker to load unsigned kernel modules and kexec unsigned code.
Reported-by: Máté Kukri
*******************************************************************************
CVE-2020-25632 grub2: Use-after-free in rmmod command
CWE-416
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
The rmmod implementation for GRUB2 is flawed, allowing an attacker to unload
a module used as dependency without checking if any other dependent module is
still loaded. This leads to an use-after-free scenario possibly allowing an
attacker to execute arbitrary code and by-pass Secure Boot protections.
Reported-by: Chris Coulson (Canonical)
*******************************************************************************
CVE-2020-25647 grub2: Out-of-bound write in grub_usb_device_initialize()
CWE-787
6.9/CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
grub_usb_device_initialize() is called to handle USB device initialization. It
reads out the descriptors it needs from the USB device and uses that data to
fill in some USB data structures. grub_usb_device_initialize() performs very
little bounds checking and simply assumes the USB device provides sane values.
This behavior can trigger memory corruption. If properly exploited, this would
lead to arbitrary code execution allowing the attacker to by-pass Secure Boot
mechanism.
Reported-by: Joseph Tartaro (IOActive) and Ilja van Sprundel (IOActive)
*******************************************************************************
CVE-2020-27749 grub2: Stack buffer overflow in grub_parser_split_cmdline
CWE-121
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
grub_parser_split_cmdline() expands variable names present in the supplied
command line in to their corresponding variable contents and uses a 1kB stack
buffer for temporary storage without sufficient bounds checking. If the
function is called with a command line that references a variable with a
sufficiently large payload, it is possible to overflow the stack buffer,
corrupt the stack frame and control execution. An attacker may use this to
circumvent Secure Boot protections.
Reported-by: Chris Coulson (Canonical)
*******************************************************************************
CVE-2020-27779 grub2: The cutmem command allows privileged user to remove
memory regions when Secure Boot is enabled
CWE-285
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
The GRUB2's cutmem command does not honor Secure Boot locking. This allows an
privileged attacker to remove address ranges from memory creating an
opportunity to circumvent Secure Boot protections after proper triage about
grub's memory layout.
Reported-by: Teddy Reed
*******************************************************************************
CVE-2021-3418 - grub2: GRUB 2.05 reintroduced CVE-2020-15705
CWE-281
6.4/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
The GRUB2 upstream reintroduced the CVE-2020-15705. This refers to a distro
specific flaw which made upstream in the mentioned version.
If certificates that signed GRUB2 are installed into db, GRUB2 can be booted
directly. It will then boot any kernel without signature validation. The booted
kernel will think it was booted in Secure Boot mode and will implement lock
down, yet it could have been tampered.
This flaw only affects upstream and distributions using the shim_lock verifier.
Reported-by: Dimitri John Ledkov (Canonical)
*******************************************************************************
CVE-2021-20225 grub2: Heap out-of-bounds write in short form option parser
CWE-787
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
The option parser in GRUB2 allows an attacker to write past the end of
a heap-allocated buffer by calling certain commands with a large number
of specific short forms of options.
Reported-by: Daniel Axtens (IBM)
*******************************************************************************
CVE-2021-20233 grub2: Heap out-of-bound write due to mis-calculation of
space required for quoting
CWE-787
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
There's a flaw on GRUB2 menu rendering code setparam_prefix() in the menu
rendering code performs a length calculation on the assumption that expressing
a quoted single quote will require 3 characters, while it actually requires
4 characters. This allow an attacker to corrupt memory by one byte for each
quote in the input.
Reported-by: Daniel Axtens (IBM)
*******************************************************************************
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
If PER_PACKAGE_DIRECTORIES=Y and using host-make package (because
BR2_FORCE_HOST_BUILD=Y or local make is too old) .stamp_dotconfig
target needs per-package/uboot/host/bin/host-make that doesn't
exist yet.
Add host-make into UBOOT_KCONFIG_DEPENDENCIES.
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
opkg-utils is a collection of bash and python scripts which require
additional commands/tools be available for the bash scripts. The full
list of dependencies that the opkg-util scripts require is:
bash
binutils
bzip2
coreutils
diffutils
findutils
grep
gzip
lz4
python3
sed
tar
xz
The Buildroot manual requires a few packages (bash, binutils, bzip2,
gzip, sed and tar) to be installed on the host system, so we need not
add those. Additionally, and even though they are not in that list,
that grep and find are also required (we already make extensive use of
both everywhere, so it is as good as them being in the list).
We have a host variant for coreutils, but only for systems that do not
already have a recent-enough one, i.e. that provides 'realpath' and
'ln --relative'. opkg-utils uses neither, so can rely on the ones on the
system.
Only add dependencies on the remaining host tools: diffutils, lz4, and
xz.
Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
[yann.morin.1998@free.fr:
- drop excessive dependencies,
- reword the commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
opkg-utils is a package that only provides bash and python scripts.
Upon further inspection of the Makefile for the package, invoking
`make` only ever builds the manpage. The previous commit dropped the
installation of the manpage. This makes the build step unnecessary so
remove it.
Add a comment to explain the situation
Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
[yann.morin.1998@free.fr: reword commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When `make install` is run to install the opkg-utils scripts, it also
invokes building of the man page for opkg-build. The generation of the
man page requires `pod2man` executable which is a part of perl.
Since buildroot does not support man pages in the host directory,
patch the opkg-utils Makefile to separate the installation of man
pages and utility scripts.
With the options to install man pages and utils separately, only
install the opkg-utils scripts.
Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Aufs has been deprecated for the purposes of Docker/containers since overlay2
became the mainline kernel module of choice.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
go1.16.1 (released 2021/03/10) includes security fixes to the archive/zip and
encoding/xml packages.
go1.16.2 (released 2021/03/11) includes fixes to cgo, the compiler, linker, the
go command, and the syscall and time packages.
https://golang.org/doc/devel/release.html#go1.16
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
|A| - |B| where |B| is larger than |A| and has more limbs (so the
function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Only
applications calling mbedtls_mpi_sub_abs() directly are affected:
all calls inside the library were safe since this function is
only called with |A| >= |B|.
- Fix an errorneous estimation for an internal buffer in
mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd
value the function might fail to write a private RSA keys of the
largest supported size.
- Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout() when given a file descriptor that is
beyond FD_SETSIZE.
- Guard against strong local side channel attack against base64 tables
by making access aceess to them use constant flow code.
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: fix the hash after upstream mess-up]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In Buildroot, the SSP flags are passed via the wrapper, and only flags
supported by the toolchain will be used.
Add patch to remove '-fstack-protector-strong' compile flag.
Fixes:
.../aarch64-buildroot-linux-uclibc/bin/ld: runlevel.o: in function `main':
runlevel.c:(.text.startup+0x4): undefined reference to `__stack_chk_guard'
.../aarch64-buildroot-linux-uclibc/bin/ld: cannot find -lssp_nonshared
.../aarch64-buildroot-linux-uclibc/bin/ld: cannot find -lssp
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Starting with this Wine version many things changed.
zlib, ncurses and GLU are no longer used.
I also explicitly disabled mingw, as otherwise my host mingw-w64 was picked up.
The build system was refactored, so now we have to build the host tools in their
directories instead of asking for them to be built.
Signed-off-by: André Hentschel <nerv@dawncrow.de>
[yann.morin.1998@free.fr: slightly rework the build of the host tools]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since c043ecb20c (support/download: change format of archives
generated from svn), the svn backend uses the generic helper to
create reproducible archives.
That helper really does its job as expected, but the svn backend
is flawed in two ways:
- the first, most obvious breakage happens with versions older
than 1.9, as they do not support the '--show-item' option
for the 'info' action;
- the second is more involved, in that svn will by default
expand the old, legacy, deprecated, cumbersome CVS-style
keywords, in the form of revision marks like '$Date$' in a
C-style comment in a source file. These replacements are
done on checkout as well as on export, and they use local
settings, like the local locale and timezone.
This means that two people with different settings, will get
different sources when the svn-checkout or svn-export the same
revision from the same tree...
Needless to say that this is not very reproducible...
While the first is easily solved, the second is more involved.
We need to ensure that what source is used initially to compute
the hash, will also be the source that are used to check the hash.
There are basically two solutions:
1. we ensure the same environment, by forcing the timezone and
the locale to arbitrary values
2. we disable keyword expansion
For the first solution, this still leaves the possibility that we
miss some environment settings that have an impact on the keyword
expansion. It would mean that Yann's settings be used, as he did
introduce the hash for the only svn-downloaded package we have,
avrdude, settings which are:
TZ=Europe/Paris
LC_TIME="en_US.UTF-8"
LC_COLLATE="en_GB.UTF-8"
LC_MONETARY="fr_FR.utf8"
LC_NUMERIC="fr_FR.utf8"
The second option means that the generated archives change. That
means we'd have to bump the archive version for svn downloads, and
that we update the hashes for all the svn-downloaded packages.
We chose to go with the second option, because this is what really
makes more sense, rather than hard-coding arbitrary values in the
environment. And we also have only one svn-downloaded package,
avrdude.
And thus, we're reaching the trigger for this change: avrdude is
impacted by the CVS-keyword expansion issue:
https://svn.savannah.gnu.org/viewvc/avrdude/trunk/avrdude/atmel-docs/EDBG/common/jquery/layout/jquery.layout.js?revision=1396&view=markup
which would give two different files when checked out on different
machines:
diff -durN foo/avrdude-r1450/avrdude/atmel-docs/EDBG/common/jquery/layout/jquery.layout.js bar/avrdude-r1450/avrdude/atmel-docs/EDBG/common/jquery/layout/jquery.layout.js
--- foo/avrdude-r1450/avrdude/atmel-docs/EDBG/common/jquery/layout/jquery.layout.js 2020-09-22 09:36:45.000000000 +0200
+++ bar/avrdude-r1450/avrdude/atmel-docs/EDBG/common/jquery/layout/jquery.layout.js 2020-09-22 09:36:45.000000000 +0200
@@ -1,6 +1,6 @@
/**
* @preserve jquery.layout 1.3.0 - Release Candidate 30.51
- * $Date: 2015-11-02 22:13:28 +0100 (Mon, 02 Nov 2015) $
+ * $Date: 2015-11-02 21:13:28 +0000 (Mon, 02 Nov 2015) $
* $Rev: 303005 $
*
* Copyright (c) 2012
@@ -4718,7 +4718,7 @@
/**
* jquery.layout.state 1.0
- * $Date: 2015-11-02 22:13:28 +0100 (Mon, 02 Nov 2015) $
+ * $Date: 2015-11-02 21:13:28 +0000 (Mon, 02 Nov 2015) $
*
* Copyright (c) 2010
* Kevin Dalman (http://allpro.net)
@@ -5074,7 +5074,7 @@
/**
* jquery.layout.buttons 1.0
- * $Date: 2015-11-02 22:13:28 +0100 (Mon, 02 Nov 2015) $
+ * $Date: 2015-11-02 21:13:28 +0000 (Mon, 02 Nov 2015) $
*
* Copyright (c) 2010
* Kevin Dalman (http://allpro.net)
@@ -5356,7 +5356,7 @@
/**
* jquery.layout.browserZoom 1.0
- * $Date: 2015-11-02 22:13:28 +0100 (Mon, 02 Nov 2015) $
+ * $Date: 2015-11-02 21:13:28 +0000 (Mon, 02 Nov 2015) $
*
* Copyright (c) 2012
* Kevin Dalman (http://allpro.net)
So we also update the hash for avrdude.
Fixes:
http://autobuild.buildroot.org/results/e3b/e3b0508047f32008ebfa83c5255ec5994b6af120/ (time issue)
http://autobuild.buildroot.org/results/48e/48e78e84b425e79cdb98c16ab40247a0fa7e9676/ (keyword expansion issue)
Reported-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Cc: Alexander Sverdlin <alexander.sverdlin@gmail.com>
Reviewed-by: Alexander Sverdlin <alexander.sverdlin@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The latest change in Linux firmware handling breaks the build if no
specific firmware item is selected below BR2_PACKAGE_LINUX_FIRMWARE.
The firmware archive is only created if at least one firmware
sub-category is selected; the installation step wants to unpack the
archive unconditionally.
Use the same condition to control install command definition as in the
build step.
Signed-off-by: Andreas Ziegler <br015@umbiko.net>
[yann.morin.1998@free.fr: use a single conditional block]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In the meanwhile "linuxspi" programmer was merged upstream, therefore
it's possible to switch to latest upstream tree instead of the old fork
without losing any functionality.
The fork we were using did auto-detection of kernel headers to detect
whether spidev.h was present or not, and thus whether to enable or
disable its linuxspi 'driver'. As spidev.h has been present since
linux-2.6.22, we can quite easily conclude that spidev support was
always enabled in the fork.
But upstream went a slightly different route, and added a configure
option (and they do no validity check).
So, to keep backward behaviour, we unconditionally enable it now that
we switched back to use upstream.
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@gmail.com>
[yann.morin.1998@free.fr:
- clarify why we forcibly use --enable-linuxspi
- fix the hash to adapt to the new svn tarball format (c043ecb20c)
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Version bump required due to python setup.py missing from v2.0.0 python bindings
Signed-off-by: Jack Cripps <jack.cripps@disguise.one>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since I'm the upstream maintainer and we use it for $DAYJOB, I'll adopt.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This version should now also compile fine on systems without pthreads,
so we can remove the dependency on BR2_TOOLCHAIN_HAS_THREADS again.
While we're at it, also fix a typo in the description (replace "can not"
with "cannot").
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit ca1604388a updated the checksum of
the tarball, but failed to update the one of main.c, which serves as a
license file.
Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add a dependency on openssl upon BR2_PACKAGE_LIBOPENSSL=y to
enable some for OP-TEE embedded tests.
Building with libressl makes the optee-test test tool fail on a
certificate test; so we explicitly depend on libopenssl.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[yann.morin.1998@free.fr:
- match the depenency to libopenssl, since that's is what is used in
the condition (BR2_PACKAGE_LIBOPENSSL)
- add a blurb to explain why libopenssl is used, not the virutal
openssl
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Remove local patch file since issue addressed in OP-TEE mainline
since 3.12.0 and bump OP-TEE Client package version to OP-TEE
release 3.12.0.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove main-fix-typo patch since merged in OP-TEE OS 3.12.0 and
bump OP-TEE Benchmark package version to OP-TEE release 3.12.0.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Buildroot ensures that all init-systems have a /run directory,
this should be the preferred location.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Buildroot ensures that all init-systems have a /run directory,
this should be the preferred location.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update COPYING: copyright year update, and added note about the bundled
Linux UAPI headers. Upstream commit 5bd8364f4202d ("Introduce bundled
directory") says:
According to analysis made by Kent Gibson at [1], we are allowed to
re-distribute unmodified Linux kernel UAPI headers under the same
terms as they are provided by the Linux kernel, and such
re-distribution does not affect the license of strace itself.
[1] https://lore.kernel.org/linux-gpio/20210128032641.GA11655@sol/
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package is not used by kodi addons anymore.
No legacy handling needed because this package was never selectable.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Switched opengl dependency to render system used by Kodi.
Switch license file to LICENSE.md.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Added patch series from upstream PR 127 to remove the dependency to
kodi-platform, switch dependency to kodi.
Added missing dependency to tinyxml.
Switch license file to LICENSE.md.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Rebased patch 0001.
Removed patch 0002, not needed anymore due to use of system ffmpeg
package.
Added patch 0002 to fix build with gcc-4.9, gcc-4.8 stays broken.
Switch from python2 to python3, reworked dependencies.
Rework platform handling following upstream changes, only the choice
of a render system (OpenGL vs. OpenGLES) is needed now, for details
see upstream PR 18534. Add configure options to force detection of the
host version of wayland-scanner.
Use system ffmpeg instead of internal build.
Added dependency to spdlog, for reference see upstream PR 17498.
cpluff was removed upstream.
Add configure option to use host version of flatc.
Add configure option to disable tests, for reference see upstream PR
17489.
Added optional dependency to libudfread, for reference see upstream PR
17612.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add -std=c++11 to CXXFLAGS to fix build with gcc < 5.x:
buildroot/output/build/libplatform-a7cd0d5780ed80a4e70480d1650749f29e8a1fb2/src/util/StringUtils.cpp:
In static member function 'static std::string& StringUtils::TrimLeft(std::string&)':
buildroot/output/build/libplatform-a7cd0d5780ed80a4e70480d1650749f29e8a1fb2/src/util/StringUtils.cpp:456:99:
warning: lambda expressions only available with -std=c++11 or -std=gnu++11 [enabled by default]
str.erase(str.begin(), ::find_if(str.begin(), str.end(), [](char s) { return isspace_c(s) == 0; }));
^
buildroot/output/build/libplatform-a7cd0d5780ed80a4e70480d1650749f29e8a1fb2/src/util/StringUtils.cpp:456:100:
error: no matching function for call to 'find_if(std::basic_string<char>::iterator, std::basic_string<char>::iterator,
StringUtils::TrimLeft(std::string&)::__lambda0)'
str.erase(str.begin(), ::find_if(str.begin(), str.end(), [](char s) { return isspace_c(s) == 0; }));
^
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The package received its last updates in 2017, is not part of the
official Kodi github repo and its build is broken with Kodi 19.x.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Include the following changes:
e663439 Always fsync file writes
80b7f31 Treat '=' as an illegal character in variable names
950f541 libuboot_env: fix calculation of usable envsize
fb88032 Correct initialisations in libuboot_configure
20d1ec7 Force writing of environment if default is used
5ca11bd libuboot_env: correct length to usable env size length
cd4a8f1 libuboot_env_store: fix env double-null termination
9510164 uboot_env: fix infinite loop on short read (EOF)
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix CVE-2021-3336: DoTls13CertificateVerify in tls13.c in wolfSSL before
4.7.0 does not cease processing for certain anomalous peer behavior
(sending an ED22519, ED448, ECC, or RSA signature without the
corresponding certificate). The client side is affected because
man-in-the-middle attackers can impersonate TLS 1.3 servers.
https://github.com/wolfSSL/wolfssl/releases/tag/v4.7.0-stable
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit b83184de67 (package/libjpeg: switch to s.b.o. as source site)
improperly added a trailing slash '/' at the end of LIBJPEG_SITE,
causing builds to fail:
package/libjpeg/libjpeg.mk:35: *** LIBJPEG_SITE (http://sources.buildroot.org/libjpeg/) cannot have a trailing slash. Stop.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
FOO_CPE_ID_VALID really ought to be an internal implementaion detail.
Packages that really want to trigger their CPE defintitions really
should set one of the actual variables to a meaningful value.
There are two CPE-related variables that we could chose to set to
replace FOO_CPE_ID_VALID: FOO_CPE_ID_VENDOR and FOO_CPE_ID_PRODUCT.
Between those two, _VENDOR more often diverges from the default than
_PRODUCT does, so that's what we use.
---8<------8<------8<------8<------8<---
#!/bin/bash
# Replace FOO_CPE_ID_VALID = YES with FOO_CPE_ID_VENDOR = foo_project
for i in $(git grep -l -E '[^)]_CPE_ID_VALID = YES' package support); do
pkg="$(basename "${i%/*}")"
sed -r -i -e "s/_CPE_ID_VALID = YES/_CPE_ID_VENDOR = ${pkg}_project/" "${i}"
done
---8<------8<------8<------8<------8<---
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: update cpe-test comment to reflect pkg3 change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The CPE variables are derived from the package upstream values, so they
must be set from the package values, not the other way around.
Also drop CPE_ID_VALID as it is implied as soon as at least one CPE
variable is set.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Actually asterisk package gets built with -O3 cflag since it's defaulted
into its sources, but it's not what we want, so let's empty its OPTIMIZE
Makefile variable letting Buildroot CFLAGS to take place instead.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
openblas internally sets -O2, after the flags being passed by Buildroot
(e.g. -Os).
Patch openblas to let the Buildroot-specified flag survive.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
openblas strips off -O1-O3 for certain source files, but forgets to handle
-Os, -Og and -O. This means that the intended effect of 'no optimization' is
not always reached.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Buildroot specifies a value for FFLAGS on the make command-line.
While the openblas makefiles allowed this principle for the most part by
using 'override FFLAGS += ....', the make.inc file generated for the shipped
'lapack' sources just used a 'FFLAGS = ...' statement, whose value is then
eclipsed by the command-line FFLAGS.
This meant that -fPIC may be passed to the link step but not to all relevant
source files, causing relocation failures.
Fixes: http://autobuild.buildroot.net/results/d530db0f37e1e0462e3af1e1787e15f94ff21884/
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes#13581
The tarball for version 9d, released 2020-01-12, has been silently
replaced upstream (a unicode BOM was removed from a few files),
causing hash mismatch.
This means that all our versions since 2020.02 will fail the hash
check, and fallback to using s.b.o. so we can't update the copy we
have on s.b.o.
As a consequence, we can't update the hash in master (soon 2021.02)
otherwise it would not match what we have on s.b.o.
This means that users will see hash mismatch by default, which is not
very nice. Although we can't do anything for all previous releases,
we can still try to paper over the problem for the future ones, like
2021.02, by switching the upstream to be s.b.o.
Sigh... :-(
Reported-by: Nick Shaforostov <mshaforostov@airmusictech.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changes:
* Fix JP2 decoder bug that can cause a null pointer dereference for
some invalid CDEF boxes. (#268)
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cpe:2.3:a:libsdl:sdl_image is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibsdl%3Asdl2_image
Indeed, cpe:2.3:a:libsdl:sdl2_image contains a single CPE entry for
version 2.0.4, all the other entries have been deprecated in favor of
cpe:2.3:a:libsdl:sdl_image:
<cpe-item name="cpe:/a:libsdl:sdl2_image:2.0.3" deprecated="true" deprecation_date="2020-07-28T15:42:37.767Z">
<reference href="https://www.libsdl.org/projects/SDL_image/">Product</reference>
<cpe-23:cpe23-item name="cpe:2.3:a:libsdl:sdl2_image:2.0.3:*:*:*:*:*:*:*">
<cpe-23:deprecated-by name="cpe:2.3:a:libsdl:sdl_image:2.0.3:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>
<cpe-item name="cpe:/a:libsdl:sdl2_image:2.0.4">
<reference href="http://hg.libsdl.org/SDL_image/">Version</reference>
<cpe-23:cpe23-item name="cpe:2.3:a:libsdl:sdl2_image:2.0.4:*:*:*:*:*:*:*"/>
<cpe-item name="cpe:/a:libsdl:sdl2_image:2.0.5" deprecated="true" deprecation_date="2020-07-28T15:42:40.500Z">
<reference href="http://hg.libsdl.org/SDL_image/">Version</reference>
<cpe-23:cpe23-item name="cpe:2.3:a:libsdl:sdl2_image:2.0.5:*:*:*:*:*:*:*">
<cpe-23:deprecated-by name="cpe:2.3:a:libsdl:sdl_image:2.0.5:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>:
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit e5594f7239 fixed privsep for sh,
or1k, microblaze, xtensa, arc, nds32 and nios2, but failed to take into
account that the audit functionality is only available in recent kernels
on those architectures.
Pass the --disable-privsep configure option if the kernel is too old in
those architectures.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
riscv32 is (surprise!) a 32-bit architecture. But it has been Y2038-safe
from its inception. As such, there are no legacy binaries that may use
the 32-bit time syscalls, and thus they are not available on riscv32.
Code that directly calls to the syscalls without using the C libraries
wrappers thus need to handle this case by themselves. That's what
upstream tried to do with:
https://github.com/openssl/openssl/commit/5b5e2985f355c8e99c196d9ce5d02c15bebadfbc
We initially carried that patch with 2bb26c1a1d (package/libopenssl:
fix build on riscv32).
However, as Arnd Bergmann puts it [0]:
The patch looks wrong to me: __NR_io_pgetevents_time64 must be used
whenever time_t is 64-bit wide on a 32-bit architecture, while
__NR_io_getevents/__NR_io_pgetevents must be used when time_t is the
same width as 'long'.
Checking whether __NR_io_getevents is defined is wrong for all
architectures other than riscv
And Arnd agrees that patch should be reverted [1] [2] (there are further
comments in that stream, that are worth reading).
As such, we've reverted 2bb26c1a1d with 6cfb4ad7f7.
This means we have no working solution to enable openssl on riscv32 for
now. So, rather than fail the build, or backport a dysfunctional patch,
let's just forbid openssl on riscv32.
Drop the default from the choice selection; it was anyway superfluous:
the default of a choice, if left unspecified, is the first entry of the
choice. Also, having a default means we'd have to also propagate the
dependencies of the defaulted-to symbol, which is yet a little bit more
maintenance. Since the chances we get a third implementation of openssl
are pretty slim (very, very slim), reasoning about what is the default
is still very easy.
When propagating dependencies to tpm2-tss' users, we've tried to keep
the architecture dependency toward the top when possible, and otherwise
we've added it together with existing arch dependencies (MMU).
While at it, drop a useless redundant comment in ibm-sw-tpm2: if we
select FORCE_LIBOPENSSL, it is obvious that's because libressl is not
supported... Besides none of the other users of FORCE_LIBOPENSSL have
such a comment.
Fixes:
http://autobuild.buildroot.org/results/eb9/eb9a64d4ffae8569b5225083f282cf87ffa7c681/
...
http://autobuild.buildroot.org/results/07e/07e413b24ba8adc9558c80267ce16dda339bf032/
[0] https://github.com/openssl/openssl/commit/5b5e2985f355c8e99c196d9ce5d02c15bebadfbc#commitcomment-44782859
[1] https://github.com/openssl/openssl/commit/5b5e2985f355c8e99c196d9ce5d02c15bebadfbc#commitcomment-47826509
[2] https://github.com/openssl/openssl/commit/5b5e2985f355c8e99c196d9ce5d02c15bebadfbc#commitcomment-47830530
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Mark Corbin <mark@dibsco.co.uk>
cpe:2.3:a:miniupnp_project:miniupnpc is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aminiupnp_project%3Aminiupnpc
Split the _VERSION into the traditional major/minor separation, even
though it is not strictly speaking major/minor. This allows re-using for
the CPE versioning.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- inverse the split: rather than defining _VERSION based on the CPE
values, split the _VERSION and use that to define the CPE variables
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix hash added by commit 28c7ff0bdb:
https://patchwork.ozlabs.org/project/buildroot/patch/20210104101054.5392-1-jubalh@iodoru.org
Says Michael:
> ERROR: libstrophe-0.10.1.tar.gz has wrong sha256 hash:
> ERROR: expected: 4918c47029ecdea2deab4b0f9336ca4a8bb12c28b72b2cec397d98664b94c771
> ERROR: got : 5bf0bbc555cb6059008f1b748370d4d2ee1e1fabd3eeab68475263556405ba39
> ERROR: Incomplete download, or man-in-the-middle (MITM) attack
I'm sorry about that. We had some disagreement at JasPer and we removed
an existing tag and created the same tag on a different commit. Thus
generating a different tarball under the same tag..
I thought I only did the buildroot update after this, but maybe I
remember wrong.
While at it, also update indentation in hash file (two spaces)
Fixes:
- http://autobuild.buildroot.org/results/2f13af96eee20176ccb37ad32ec1472b4c9d6208
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: quote Michael's explanations]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Changes:
* Fixed compilation error when LibreSSL is used
* Fixed crash when NULL is provided as password
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit 2bb26c1a1d.
There was some negative feedback from Arnd Bergmann on that patch:
https://github.com/openssl/openssl/commit/5b5e2985f355c8e99c196d9ce5d02c15bebadfbc#commitcomment-44782859
The patch looks wrong to me: __NR_io_pgetevents_time64 must be used
whenever time_t is 64-bit wide on a 32-bit architecture, while
__NR_io_getevents/__NR_io_pgetevents must be used when time_t is the
same width as 'long'.
Checking whether __NR_io_getevents is defined is wrong for all
architectures other than riscv
And in light of the above, indeed the patch does not look so correct
after all.
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issue:
- wpa_supplicant P2P provision discovery processing vulnerability (no CVE
yet)
A vulnerability was discovered in how wpa_supplicant processes P2P
(Wi-Fi Direct) provision discovery requests. Under a corner case
condition, an invalid Provision Discovery Request frame could end up
reaching a state where the oldest peer entry needs to be removed. With
a suitably constructed invalid frame, this could result in use
(read+write) of freed memory. This can result in an attacker within
radio range of the device running P2P discovery being able to cause
unexpected behavior, including termination of the wpa_supplicant process
and potentially code execution.
For more details, see the advisory:
https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: actually add the patch URL to the patch list]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
kismet embeds its own copy of fmt since version 2019-04-R1 so add a
dependency on wchar to avoid the following build failure when building
the server:
./fmt/core.h:1245:1:
std::wstring vformat(wstring_view format_str, wformat_args args);
^~~
./fmt/core.h:1266:13: error: 'wstring' in namespace 'std' does not name a type
inline std::wstring format(wstring_view format_str, const Args & ... args) {
^~~~~~~
./fmt/core.h:1266:8: note: 'std::wstring' is defined in header '<string>'; did you forget to '#include <string>'?
Fixes:
- http://autobuild.buildroot.org/results/f19b3d080514a799a1c75b38ff5f7ae4e8d2628d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Link with TARGET_NLS_LIBS if needed to avoid the following build failure
with perl in version 5.32:
/home/buildroot/autobuild/instance-3/output-1/host/bin/arm-linux-gcc -lm -Wl,-E -o perl perlmain.o libperl.a -lm -lcrypt -lpthread -ldl
/home/buildroot/autobuild/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/9.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: libperl.a(locale.o): in function `S_emulate_setlocale':
/home/buildroot/autobuild/instance-3/output-1/build/perl-5.32.1/locale.c:1182: undefined reference to `libintl_textdomain'
An upstream issue has been opened in:
https://github.com/Perl/perl5/issues/18467
Fixes:
- http://autobuild.buildroot.org/results/9df8d8d28006845b4f927548f8856dfa8f79802b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2020-14343: A vulnerability was discovered in the PyYAML library
in versions before 5.4, where it is susceptible to arbitrary code
execution when it processes untrusted YAML files through the full_load
method or with the FullLoader loader. Applications that use the library
to process untrusted input may be vulnerable to this flaw. This flaw
allows an attacker to execute arbitrary code on the system by abusing
the python/object/new constructor. This flaw is due to an incomplete fix
for CVE-2020-1747.
Update hash of LICENSE file (update in year:
https://github.com/yaml/pyyaml/commit/58d0cb7ee09954c67fabfbd714c5673b03e7a9e1)
https://github.com/yaml/pyyaml/blob/5.4.1/CHANGES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
gr-qtgui examples needs to have gr-analog enabled, without this dependency
compile crash with:
In file included from
/x/output/build/gnuradio-3.8.1.0/gr-qtgui/examples/c++/display_qt.cc:22:
/x/output/build/gnuradio-3.8.1.0/gr-qtgui/examples/c++/display_qt.h:24:10:
fatal error: gnuradio/analog/noise_source.h: No such file or directory
24 | #include <gnuradio/analog/noise_source.h>
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
make[3]: *** [gr-qtgui/examples/c++/CMakeFiles/display_qt.dir/build.make:67:
gr-qtgui/examples/c++/CMakeFiles/display_qt.dir/display_qt.cc.o] Error 1
make[3]: *** Waiting for unfinished jobs....
In file included from
/somewhere/gnuradio/build/gr-qtgui/examples/c++/moc_display_qt.cpp:10:
/somewhere/gnuradio/build/gr-qtgui/examples/c++/../../../../gr-qtgui/examples/c++/display_qt.h:24:10:
fatal error: gnuradio/analog/noise_source.h: No such file or directory
24 | #include <gnuradio/analog/noise_source.h>
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
GR_ANALOG is not an explicit dependency of GR_QTGUI, so disable c++ examples if
user has not selected this option.
[backported from 7470a7a3771dd90defb826b464dfe62977cb1eb6]
Fixes:
- http://autobuild.buildroot.net/results/fde670499289f3d7d47379eebccf6e0f92c6d200/
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
From the release notes:
(https://github.com/redis/redis/blob/6.0.12/00-RELEASENOTES)
================================================================================
Redis 6.0.11 Released Mon Feb 22 16:13:23 IST 2021
================================================================================
Upgrade urgency: SECURITY if you use 32bit build of redis (see bellow), LOW
otherwise.
Integer overflow on 32-bit systems (CVE-2021-21309):
Redis 4.0 or newer uses a configurable limit for the maximum supported bulk
input size. By default, it is 512MB which is a safe value for all platforms.
If the limit is significantly increased, receiving a large request from a client
may trigger several integer overflow scenarios, which would result with buffer
overflow and heap corruption.
================================================================================
Redis 6.0.12 Released Mon Mar 1 17:29:52 IST 2021
================================================================================
Upgrade urgency: LOW, fixes a compilation issue.
Bug fixes:
* Fix compilation error on non-glibc systems if jemalloc is not used (#8533)
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the release notes:
https://blog.prosody.im/prosody-0.11.8-released/
This release also fixes a security issue, where channel binding, which
connects the authentication layer (i.e. SASL) with the security layer (i.e.
TLS) to detect man-in-the-middle attacks, could be used on connections
encrypted with TLS 1.3, despite the holy texts declaring this undefined.
https://issues.prosody.im/1542
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Peter: mark as security bump, expand commit text]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We have defconfigs for quite a few friendlyarm boards, but the
naming for the defconfigs for those boards is inconsistent: some
start with 'friendlyarm_' while others don't.
Although the number of boards starting with 'friendlyarm_' is
less than those which do not, we still choose to rename the
boards so all have the 'friendlyarm_' prefix.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Chakra Divi <chakra@openedev.com>
Cc: Davide Viti <zinosat@gmail.com>
Cc: Marek Belisko <marek.belisko@open-nandra.com>
Cc: Suniel Mahesh <sunil@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
runuser allows running commands as another user, but needs to run as
root to be able to setuid(). But Buildroot does not require running as
root, and so runuser can't be used.
Incientally, that fixes host build in case unsuitable libs are found on
the system:
http://lists.busybox.net/pipermail/buildroot/2021-February/304261.html
Reported-by: GA K <guyarkam@gmail.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
- expand the commit log with a more fundamental explanation that
runuser can't be used anyway
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Remove patch 0001-zkey-ekmfweb-fix-linking-of-libekmfweb.patch which has
been merged.
- Also update the GitHub URL because the project has been renamed.
Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
[Peter: also update Config.in URL]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Privoxy 3.0.32 fixes a number of security issues:
- Security/Reliability:
- ssplit(): Remove an assertion that could be triggered with a
crafted CGI request.
Commit 2256d7b4d67. OVE-20210203-0001.
Reported by: Joshua Rogers (Opera)
- cgi_send_banner(): Overrule invalid image types. Prevents a
crash with a crafted CGI request if Privoxy is toggled off.
Commit e711c505c48. OVE-20210206-0001.
Reported by: Joshua Rogers (Opera)
- socks5_connect(): Don't try to send credentials when none are
configured. Fixes a crash due to a NULL-pointer dereference
when the socks server misbehaves.
Commit 85817cc55b9. OVE-20210207-0001.
Reported by: Joshua Rogers (Opera)
- chunked_body_is_complete(): Prevent an invalid read of size two.
Commit a912ba7bc9c. OVE-20210205-0001.
Reported by: Joshua Rogers (Opera)
- Obsolete pcre: Prevent invalid memory accesses with an invalid
pattern passed to pcre_compile(). Note that the obsolete pcre code
is scheduled to be removed before the 3.0.33 release. There has been
a warning since 2008 already.
Commit 28512e5b624. OVE-20210222-0001.
Reported by: Joshua Rogers (Opera)
for more details, see the announcement:
https://www.openwall.com/lists/oss-security/2021/02/28/1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix SOAP action responses which are broken since the switch to latest
version of libupnp (1.14.x) in version 2.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2020-15778: scp in OpenSSH through 8.3p1 allows command injection in
the scp.c toremote function, as demonstrated by backtick characters in the
destination argument. NOTE: the vendor reportedly has stated that they
intentionally omit validation of "anomalous argument transfers" because that
could "stand a great chance of breaking existing workflows."
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15778
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
CVE-2021-21330: Open redirect vulnerability in aiohttp
(normalize_path_middleware middleware)
Beast Glatisant and Jelmer Vernooij reported that python-aiohttp, a async
HTTP client/server framework, is prone to an open redirect vulnerability. A
maliciously crafted link to an aiohttp-based web-server could redirect the
browser to a different website.
For more details, see the advisory:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Fix CVE-2021-27218: An issue was discovered in GNOME GLib before
2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called
with a buffer of 4GB or more on a 64-bit platform, the length would be
truncated modulo 2**32, causing unintended length truncation.
- Fix CVE-2021-27219: An issue was discovered in GNOME GLib before
2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an
integer overflow on 64-bit platforms due to an implicit cast from 64
bits to 32 bits. The overflow could potentially lead to memory
corruption.
https://gitlab.gnome.org/GNOME/glib/-/blob/2.66.7/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion
failure in slapd can occur in the issuerAndThisUpdateCheck function via a
crafted packet, resulting in a denial of service (daemon exit) via a short
timestamp. This is related to schema_init.c and checkTime.
For more details, see the bugtracker:
https://bugs.openldap.org/show_bug.cgi?id=9454
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a
denial of service (invalid write access and application crash) or possibly
have unspecified other impact via a crafted UTF-8 character sequence.
For more details, see the oss-security discussion:
https://www.openwall.com/lists/oss-security/2021/02/09/3
So far no fix has been added to upstream git, and a number of early proposed
fixes caused regressions, so pull the security fix from the screen 4.8.0-5
Debian package.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issue:
CVE-2021-20176: A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and
7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file
that is processed by ImageMagick to trigger undefined behavior through a
division by zero. The highest threat from this vulnerability is to system
availability.
For more details, see the bugtracker:
https://github.com/ImageMagick/ImageMagick/issues/3077
- bump version to 7.0.10-62
- update license file hash (copyright year update)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Peter: mention security fix]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop patch which has been merged into mainline.
LICENSING file identifies individual files in the tree, and some have
moved between 4.4.17 and 4.4.18 (upstream commit 3436c6a94b8d).
Fix two -spaces in hash file as well.
Signed-off-by: Guillaume W. Bres <guillaume.bressaix@gmail.com>
[yann.morin.1998@free.fr:
- explain license hash change
- two-spaces in hash file
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As of readline 8.1, "bracketed paste" is enabled by default. However,
the feature causes control characters to appear in captured (telnet)
session output. This can throw off pattern matching if the output is to
be processed by scripts.
Let's keep the previous default of leaving this feature disabled and
provide a configuration option for users to enable it.
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
[yann.morin.1998@free.fr:
- explicit enable/disable
- no indentation in conditional block
- rewrap help text
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
Affected Node.js versions are vulnerable to denial of service attacks when
too many connection attempts with an 'unknownProtocol' are established.
This leads to a leak of file descriptors. If a file descriptor limit is
configured on the system, then the server is unable to accept new
connections and prevent the process also from opening, e.g. a file. If no
file descriptor limit is configured, then this lead to an excessive memory
usage and cause the system to run out of memory.
CVE-2021-22884: DNS rebinding in --inspect
Affected Node.js versions are vulnerable to denial of service attacks when
the whitelist includes “localhost6”. When “localhost6” is not present in
/etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e.,
over network. If the attacker controls the victim's DNS server or can spoof
its responses, the DNS rebinding protection can be bypassed by using the
“localhost6” domain. As long as the attacker uses the “localhost6” domain,
they can still apply the attack described in CVE-2018-7160.
For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update COPYING hash; copyright year update:
-_Copyright (C) 1998-2020 Michal Trojnara_
+_Copyright (C) 1998-2021 Michal Trojnara_
See full changelog https://www.stunnel.org/NEWS.html
Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2021-23336: urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a
query args separator
https://bugs.python.org/issue42967
And fixes a number of issues. For details, see the changelog:
https://docs.python.org/release/3.9.2/whatsnew/changelog.html
Drop the now upstreamed security patch and update the license hash for a
change of copyright year:
-2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Python Software Foundation;
+2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Python Software Foundation;
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Along with the version bump the following changes were
needed to get the package built:
- since 1.1.1 PyUSB supports only Python3
- change download file name to lowercase
- the package now requires setuptools and setuptools_scm
- change LICENSE checksum as the copyright year changed to 2021
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
To support building in (a subset of) the linux-firmware files into the
kernel using the CONFIG_EXTRA_FIRMWARE option, we need to ensure that the
firmware files are installed before the Linux kernel is built, similar to
how it is done for intel-microcode.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some drivers request their firmware very early when built into the kernel,
even before the initramfs is mounted - So the only way to provide firmware
for those drivers is to include them directly in the kernel with the
CONFIG_EXTRA_FIRMWARE option.
An example of this is the uC firmware for modern Intel GPUs.
Conceptually you can point CONFIG_EXTRA_FIRMWARE to
${TARGET_DIR}/lib/firmware, but then you cannot remove the firmware from the
initramfs and pay the size cost twice (inside the kernel + in initramfs), so
instead also install linux-firmware to the images dir, similar to how we do
it for intel-microcode.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The logic we have for the installation of the firmware files is, to say
the least, non conventional. It is split in two parts:
- one that copies files via an intermediate tarball: the tarball
creation is used to detect if firmware files are missing (i.e. on
a version bump) and fail the build if so, while the tarball
extraction is the actual firmware installation;
- one that copies directories one by one in a loop, removing the
destination before the copy, to maintain a proper layout.
Needless to say, this is not very clean. First, there is no reason why
the directories can not be copied with the same mechanism as the files
themselves; not sure what I had in mind with b55bd5a9e25e...
Second, we're soon going to need the same installation step to copy the
firmware files in the images/ directory, to ease embedding in the kernel
image.
Rationalise this installation procedure.
Cherry-picking files and directories with cp, while still maintaining
the directory layout, is not trivial; rsync is not one of our
pre-requisites. So we're left with tar, which makes it easy. So we keep
using an intermediate tarball, but we use it for both files and
directories, and we generate it at build time, not install time.
That archive is then extracted during the installation.
Now the installation complexity is mostly located in the creation of the
symlinks, so we merge all of that directly into the _INSTALL_TARGET_CMDS
and drop the intermediate macros that have no longer any reason to exist.
This will also make it pretty simple to later install in the images/
directory.
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes: https://golang.org/doc/go1.16
The latest Go release, version 1.16, arrives six months after Go 1.15. Most of
its changes are in the implementation of the toolchain, runtime, and libraries.
The linker changes in 1.16 extend the 1.15 improvements to all supported
architecture/OS combinations (the 1.15 performance improvements were primarily
focused on ELF-based OSes and amd64 architectures). For a representative set of
large Go programs, linking is 20-25% faster than 1.15 and requires 5-15% less
memory on average for linux/amd64, with larger improvements for other
architectures and OSes. Most binaries are also smaller as a result of more
aggressive symbol pruning.
According to the release notes, Go 1.16 drops support for x87 mode
compilation (GO386=387). Support for non-SSE2 processors is now available
using soft float mode. Buildroot will automatically set GO386=softfloat on
non-SSE2 processors.
Signed-off-by: Christian Stewart <christian@paral.in>
v1 -> v2:
- added 386=softfloat handling re: Peter's review
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Micropython 1.4 brings many changes, see the release notes:
https://github.com/micropython/micropython/releases/tag/v1.14
Amongst these changes, Micropython can now produce reproducible
builds, using the standard SOURCE_DATE_EPOCH.
The LICENSE hash changed because the copyright year range was extended
to 2021.
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some download backends, like svn, will provide timestamps with a
sub-second precision, e.g.
$ svn info --show-item last-changed-date [...]
2021-02-19T20:22:34.889717Z
However, the PAX headers do not accept sub-second precision, leading to
failure to download from subversion:
tar: Time stamp is out of allowed range
tar: Exiting with failure status due to previous errors
make[1]: *** [package/pkg-generic.mk:148: [...]/build/subversion-1886712/.stamp_downloaded] Error 1
Fix that by massaging the timestamp to drop the sub-second part. We
do that in the generic helper, rather than the svn backend, so that
all callers to the generic helper benefit from this, as this is more
an internal details of the tarball limitations, than of the backends
themselves.
Reported-by: Roosen Henri <Henri.Roosen@ginzinger.com>
Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
[yann.morin.1998@free.fr:
- add Henri as reporter
- move it out of the svn backend, and to the generic helper
- reword the commit log accordingly
- use an explicit time format rather than -Iseconds
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issue:
- CVE-2020-8625: When tkey-gssapi-keytab or tkey-gssapi-credential was
configured, a specially crafted GSS-TSIG query could cause a buffer
overflow in the ISC implementation of SPNEGO (a protocol enabling
negotiation of the security mechanism to use for GSSAPI authentication).
This flaw could be exploited to crash named. Theoretically, it also
enabled remote code execution, but achieving the latter is very difficult
in real-world conditions
For details, see the advisory:
https://kb.isc.org/docs/cve-2020-8625
In addition, 9.11.26-27 fixed a number of issues, see the release notes for
details:
https://downloads.isc.org/isc/bind9/9.11.28/RELEASE-NOTES-bind-9.11.28.html
Drop now upstreamed patches, update the GPG key for the 2021-2022 variant
and update the COPYRIGHT hash for a change of year:
-Copyright (C) 1996-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 1996-2021 Internet Systems Consortium, Inc. ("ISC")
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This release contains a number of bug fixes. There is added support
for the EDNS Padding option (RFC7830 and RFC8467), and the EDNS NSID
option (RFC 5001). Unbound control has added commands to enable and
disable rpz processing. Reply callbacks have a start time passed to
them that can be used to calculate time, these are callbacks for
response processing. With the option serve-original-ttl the TTL served
in responses is the original, not counted down, value, for when in
front of authority service.
https://github.com/NLnetLabs/unbound/releases/tag/release-1.13.1
Signed-off-by: Stefan Ott <stefan@ott.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add patch to fix irqbalance/irqbalance-ui socket communication by
fixing uint64_t printf format usage.
Fixes:
$ irqbalance-ui
Invalid data sent. Unexpected token: (null)TYPE
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
- do an actual backport as upstream applied the patch
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Manually specified version must start with letter 'v',
otherwise, the generated version macro will be zero
in the <build_dir>/src_generated/open62541/config.h file:
#define UA_OPEN62541_VER_MAJOR 0
#define UA_OPEN62541_VER_MINOR 0
#define UA_OPEN62541_VER_PATCH 0
Reference from the following link:
https://open62541.org/doc/current/building.html
Signed-off-by: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As reported on IRC by sephthir, the gitlab test of the defconfig
qemu_sparc_ss10_defconfig doesn't error out while the system
is not working properly.
This is because we explicitly wait for the timeout as an expected
condition, but do not check for it. Indeed, pexpect.expect() returns
the index of the matching condition in the list of expected conditions,
but we just ignore the return code, so we are not able to differentiate
between a successful login (or prompt) from a timeout.
By default, pexepect.expect() raises the pexpect.TIMEOUT exception on a
timeout, and we are already prepared to catch and handle that exception.
But because pexpect.TIMEOUT is passed as an expected condition, the
exception is not raised.
Remove pexpect.TIMEOUT from the list of expected conditions, so that the
exception is properly raised again, and so that we can catch it.
The qemu_sparc_ss10_defconfig is already fixed by
4d16e6f532.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
[yann.morin.1998@free.fr: reword commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
scanpypi is python3 compatible. In addition, it executes the setup.py
of Python modules to extract the relevant information. Since these are
more and more commonly using python3 constructs, using "python" to run
scanpypi causes problems on systems that have python2 installed as
python, when trying to parse setup.py scripts with python3 constructs.
Fixes part of #13516.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Both options where removed in git commit dd846904cbc1ef3ee628d77f0c9df88ef8967816
back in year 2011.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
[yann.morin.1998@free.fr: drop the legacy handling]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 689b9c1a7c (package/cegui: disable xerces support) added
an unconditional assignment to _CONF_OPTS before all the conditional
ones, but used the append-assignment instead of the traditional plain
assignment.
Fix that by removing the append-assignment.
Use that opportunity to also move the first item of this multi-line
assignment, to its own line.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr:
- reference the exact commit that introduce the issue
- also move the first item to its own line
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issue:
- CVE-2021-23336: Web cache poisoning via django.utils.http.limited_parse_qsl()
Django contains a copy of urllib.parse.parse_qsl() which was added to
backport some security fixes. A further security fix has been issued
recently such that parse_qsl() no longer allows using ; as a query
parameter separator by default. Django now includes this fix. See
bpo-42967 for further details.
For more details, see the advisory:
https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
v1.0.24 of libusb has a bug in the Linux backend where it fails to
enumerate any device with more than one configuration. Backport the
upstream patch which fixes this as otherwise libusb based applications
are unable to communicate with any devices advertising more than one
configuration.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- CVE-2021-23841: Null pointer deref in X509_issuer_and_serial_hash()
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to
create a unique hash value based on the issuer and serial number data
contained within an X509 certificate. However it fails to correctly
handle any errors that may occur while parsing the issuer field (which
might occur if the issuer field is maliciously constructed). This may
subsequently result in a NULL pointer deref and a crash leading to a
potential denial of service attack.
The function X509_issuer_and_serial_hash() is never directly called by
OpenSSL itself so applications are only vulnerable if they use this
function directly and they use it on certificates that may have been
obtained from untrusted sources.
- CVE-2021-23839: Incorrect SSLv2 rollback protection
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2
with a server that is configured to support both SSLv2 and more recent SSL
and TLS versions then a check is made for a version rollback attack when
unpadding an RSA signature. Clients that support SSL or TLS versions
greater than SSLv2 are supposed to use a special form of padding. A
server that supports greater than SSLv2 is supposed to reject connection
attempts from a client where this special form of padding is present,
because this indicates that a version rollback has occurred (i.e. both
client and server support greater than SSLv2, and yet this is the version
that is being requested).
The implementation of this padding check inverted the logic so that the
connection attempt is accepted if the padding is present, and rejected if
it is absent. This means that such as server will accept a connection if
a version rollback attack has occurred. Further the server will
erroneously reject a connection if a normal SSLv2 connection attempt is
made.
OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable
to this issue. The underlying error is in the implementation of the
RSA_padding_check_SSLv23() function. This also affects the
RSA_SSLV23_PADDING padding mode used by various other functions. Although
1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still
exists, as does the RSA_SSLV23_PADDING padding mode. Applications that
directly call that function or use that padding mode will encounter this
issue. However since there is no support for the SSLv2 protocol in 1.1.1
this is considered a bug and not a security issue in that version.
- CVE-2021-23840: Integer overflow in CipherUpdate
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may
overflow the output length argument in some cases where the input length
is close to the maximum permissable length for an integer on the platform.
In such cases the return value from the function call will be 1
(indicating success), but the output length value will be negative. This
could cause applications to behave incorrectly or crash.
For more details, see the advisory:
https://www.openssl.org/news/secadv/20210216.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add the list of <pkg>_IGNORE_CVES to the json output to show that we have a
known cause (available patch or the CVE is not valid for our package
configuration) that a affected CVE is not reported.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The compiler detection since openblas 0.3.8 added support for gcc 10, but
this broke detection of compilers created with crosstool-ng, or other
toolchains that have a package version containing a version like x.y.z where
at least one of x, y or z have more than one digit, for example
"Crosstool-NG 1.24.0".
See the reported issue for more details [1].
Backport the upstream patch that fixes it.
[1] https://github.com/xianyi/OpenBLAS/issues/3099
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Buildroot would automatically enable multithreading in OpenBLAS if the
architecture supports it. However, one may want to avoid OpenBLAS creating
threads itself and configure single-threaded operation. To accommodate this
use case, add a config option for multithreading.
When multithreading is disabled but OpenBLAS functions are called in the
same application by multiple threads, then locking is mandatory. The
USE_LOCKING flag was added in version 0.3.7 with following release note:
a new option USE_LOCKING was added to ensure thread safety when OpenBLAS
itself is built without multithreading but will be called from multiple
threads.
However, if one knows that OpenBLAS will only be called from single-threaded
applications, then passing USE_LOCKING is not necessary, so make it a config
option too.
When multithreading is enabled, locking is implicitly enabled inside
openblas, so only provide the locking option when multithreading is
disabled.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libxcrypt is a modern library for one-way hashing of passwords. It
supports a wide variety of both modern and historical hashing methods:
yescrypt, gost-yescrypt, scrypt, bcrypt, sha512crypt, sha256crypt,
md5crypt, SunMD5, sha1crypt, NT.
Signed-off-by: Guillaume W. Bres <guillaume.bressaix@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Make WPA_SUPPLICANT_HOTSPOT depend on WPA_SUPPLICANT_EAP, Otherwise,
compilation fails with errors like:
interworking.c:1439:15: error: ‘struct wpa_ssid’ has no member named ‘eap’
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Bugfix release, fixing a number of issues:
- Fix RunLoop objects leaked in worker threads.
- Fix JavaScriptCore AArch64 LLInt build with JIT disabled.
- Use Internet Explorer quirk for Google Docs.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2020-13558: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: A use after free issue in the
AudioSourceProviderGStreamer class was addressed with improved memory
management
For more details, see the advisory:
https://webkitgtk.org/security/WSA-2021-0001.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that gdlib-config is gone, provide the GD options otherwise perl-gd
will assume that everything is available:
$features = 'GD_GIF GD_GIFANIM GD_OPENPOLYGON GD_ZLIB GD_PNG GD_FREETYPE GD_FONTCONFIG GD_JPEG GD_XPM GD_TIFF GD_WEBP';
Also, while at it, also make some of the dependencies as optional as
suggested by François Perrad
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Francois Perrad <francois.perrad@gadz.org> (with
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1019385940
FAIL: test_run (tests.core.test_timezone.TestGlibcNonDefaultLimitedTimezone)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/builds/buildroot.org/buildroot/support/testing/tests/core/test_timezone.py", line 66, in test_run
self.assertEqual(tz[0].strip(), "EST")
AssertionError: '' != 'EST'
Commit 7868289fd5 (package/zic: bump version to 2020f) bumped the zic
version to 2020f, which changed the default output format from the classic
"fat" format to the new "slim" format:
https://github.com/eggert/tz/commit/6ba6f2117b95eab345a7ed9159cef939e30c4cd3
The slim format is unfortunately not supported by glibc < 2.28 or uClibc, so
explicitly request the classic "fat" format.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Currently, the envimage creation logic only depends on u-boot when the
user does not specify a custom envimage source via
BR2_PACKAGE_HOST_UBOOT_TOOLS_ENVIMAGE_SOURCE. This assumes that the
user-provided envimage source is not coming from the u-boot source
tree.
But especially given the fact that the envimage creation logic used to
be part of the u-boot package, this is a realistic scenario: users may
have provided a value of BR2_PACKAGE_HOST_UBOOT_TOOLS_ENVIMAGE_SOURCE
based on $(UBOOT_DIR), e.g.:
$(UBOOT_DIR)/board/foo-vendor/bar-board/env.txt
Therefore, always add the u-boot dependency if u-boot is selected, for
either case of custom or default envimage source.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[Thomas: re-organize code a bit.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
pickle is no longer used since 09a71e6a75
Fixes:
support/scripts/cpedb.py:7:1: F401 'pickle' imported but unused
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
pickle is no longer used since 09a71e6a75
Fixes:
support/scripts/cpedb.py:7:1: F401 'pickle' imported but unused
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 74cfd3aeb7350a7be39f2d43b35273beba57f9c7)
The synproxy plugin exists since 5.8.0 and is enabled by default in
collectd.
Add an option in Buildroot, disabled by default.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The logparser plugin is new since 5.11.0 and enabled by default in
collectd.
Add an option in Buildroot, disabled by default.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The mdevents plugin is new since 5.12.0 and enabled by default in
collectd.
Add an option in Buildroot, disabled by default.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The infiniband plugin is new since 5.12.0 and enabled by default in
collectd.
Add an option in Buildroot, disabled by default.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The synproxy plugin exists since 5.8.0 and is enabled by default in
collectd.
Add an option in Buildroot, disabled by default.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The logparser plugin is new since 5.11.0 and enabled by default in
collectd.
Add an option in Buildroot, disabled by default.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The mdevents plugin is new since 5.12.0 and enabled by default in
collectd.
Add an option in Buildroot, disabled by default.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The infiniband plugin is new since 5.12.0 and enabled by default in
collectd.
Add an option in Buildroot, disabled by default.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since the upgrade of ebtables from 2.0.10-4 to 2.0.11, there no longer is an
'ebtables' binary. It has been renamed to 'ebtables-legacy' and moved from
'/sbin' to '/usr/sbin'. This change is part of the upstream change to
integrate the functionality of ebtables (and arptables) in the iptables
package, using the nf_tables kernel backend [1].
Unfortunately, the renaming (and move) of the original 'ebtables' binary
breaks existing scripts that are calling 'ebtables' or '/sbin/ebtables'.
Therefore, add a symlink from the original path to 'ebtables-legacy'.
However, do not provide this symlink if BR2_PACKAGE_IPTABLES_NFTABLES is
enabled. In this case, the iptables package will build the new equivalent
of ebtables -- a symlink to ebtables-legacy would cause conflicts.
[1] https://wiki.nftables.org/wiki-nftables/index.php/Legacy_xtables_tools
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Acked-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since tcpdump 4.99.0, the 'tcpdump' binary is no longer installed in
/usr/sbin but in /usr/bin. This change invalidates the Buildroot hook
'TCPDUMP_REMOVE_DUPLICATED_BINARY', causing a fairly large rootfs size
increase as a result.
Update the path inside this hook.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2021-26528: The mg_http_serve_file function in Cesanta
Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via
connection request after exhausting memory pool.
- Fix CVE-2021-26529: The mg_tls_init function in Cesanta Mongoose HTTPS
server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable
to remote OOB write attack via connection request after exhausting
memory pool.
- Fix CVE-2021-26530: The mg_tls_init function in Cesanta Mongoose HTTPS
server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB
write attack via connection request after exhausting memory pool.
https://github.com/cesanta/mongoose/releases/tag/7.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
<rahul.jain@imgtec.com>: host mxa-00376f01.gslb.pphosted.com[185.132.180.163]
said: 550 5.1.1 User Unknown (in reply to RCPT TO command)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
<rahul.jain@imgtec.com>: host mxa-00376f01.gslb.pphosted.com[185.132.180.163]
said: 550 5.1.1 User Unknown (in reply to RCPT TO command)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Glibc 2.33 removed `_STAT_VER`. On host machines, which updated to glibc
2.33, building host-fakeroot breaks:
```
In file included from communicate.h:20,
from libfakeroot.c:60:
libfakeroot.c: In function ‘chown’:
libfakeroot.c:99:40: error: ‘_STAT_VER’ undeclared (first use in this function)
99 | #define INT_NEXT_STAT(a,b) NEXT_STAT64(_STAT_VER,a,b)
```
The issue has been discussed on some package maintainer threads, e.g.:
https://bugs.archlinux.org/task/69572https://bugzilla.redhat.com/show_bug.cgi?id=1889862#c13
A patch series was prepared by Ilya Lipnitskiy which included two other
patches not related to the glibc 2.33 compatibility issue and submitted as
merge request for upstream:
https://www.mail-archive.com/openwrt-devel@lists.openwrt.org/msg57280.html
Upstream accepted the merge request:
https://salsa.debian.org/clint/fakeroot/-/merge_requests/10
Note, that this patch series only contains the necessay patches for glibc
2.33 compatibility.
Tested on my Arch Linux machine, building a UBIFS/OverlayFS-based root
filesystem for an i.MX6ULL target board.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Tested-by: Bartosz Bilas <b.bilas@grinn-global.com>
[Peter: drop patch numbering (PATCH x/y) as pointed out by check-package]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Unit tests fail to build with gcc 10 on:
[100%] Linking C executable NE10_dsp_unit_test_smoke
/home/buildroot/autobuild/instance-2/output-1/host/opt/ext-toolchain/bin/../lib/gcc/aarch64-none-linux-gnu/10.2.1/../../../../aarch64-none-linux-gnu/bin/ld: CMakeFiles/NE10_dsp_unit_test_static.dir/__/modules/dsp/test/test_suite_fft_float32.c.o:(.bss+0x0): multiple definition of `seatest_simple_test_result'; CMakeFiles/NE10_dsp_unit_test_static.dir/__/modules/dsp/test/test_main.c.o:(.bss+0x0): first defined here
So just disable them and, while at it, also disable examples which are
also enabled by default
Fixes:
- http://autobuild.buildroot.org/results/c658d52668825c26a15d6ac3ca538472cad5cd78
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changes:
* Fix memory-related bugs in the JPEG-2000 codec resulting from
attempting to decode invalid code streams. (#264, #265)
This fix is associated with CVE-2021-26926 and CVE-2021-26927.
* Fix wrong return value under some compilers (#260)
* Fix CVE-2021-3272 heap buffer overflow in jp2_decode (#259)
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, the CPE XML database is parsed into a Python dict, which is
then pickled into a local file, to speed up the processing of further
invocations.
However, it turns out that since the initial implementation, we have
switched the XML parsing from the out of tree xmltodict module to the
standard ElementTree one, which has made the parsing much faster. The
pickle caching only saves 6 seconds, on something that takes more than
13 minutes total.
In addition, this pickle caching consumes a significant amount of RAM,
causing the Python process to be OOM-killed on a server with 4 GB of
RAM.
So let's just drop this caching entirely.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Currently, the CPE XML database is parsed into a Python dict, which is
then pickled into a local file, to speed up the processing of further
invocations.
However, it turns out that since the initial implementation, we have
switched the XML parsing from the out of tree xmltodict module to the
standard ElementTree one, which has made the parsing much faster. The
pickle caching only saves 6 seconds, on something that takes more than
13 minutes total.
In addition, this pickle caching consumes a significant amount of RAM,
causing the Python process to be OOM-killed on a server with 4 GB of
RAM.
So let's just drop this caching entirely.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commits ca1afcb217 (package/ply: needs headers >= 4.14) and
debe9eb13e (package/ply: needs dynamic library) added restrictions
on the availability of ply. The first forgot to add a comment, and
the second mis-handled the dependency on the headers version.
Indeed, we want the comment to show the requirement on the headers
version (since that is not a hardware dependency).
Fix this comment to include the headers version, and fix the condition
accordingly.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Andreas Klinger <ak@it-klinger.de>
- change download url to https
- change hash of ustream-ssl.h, which is used as license file. There
are no changes to the license text, only changes in the code.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- change download url to https
- update homepage url (the old one redirects to legacy read only
OpenWrt wiki system)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- change download url to https
- update homepage url (the old one redirects to legacy read only
OpenWrt wiki system)
- update license file hash (ubusd_acl.h - license unrelated source
code changes only)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
ply builds and installs a library. Some objects that go in that library
are tagged with a 'section' attribute (excerpt):
__attribute__((section("providers")))
Later on, it references the bounds of that section, with the canonical
__start and __stop markers, which will eventually be created by the
linker:
extern struct provider __start_providers;
extern struct provider __stop_providers;
Sections only exists in an ELF file, and a static library id not an ELF.
So, when creating a static library, the markers are not created. Thus,
when linking the final executable, the link fails because of missing
symbols:
.../powerpc-buildroot-linux-uclibc/bin/ld: ../libply/.libs/libply.a(libply_la-provider.o): in function `provider_get':
provider.c:(.text+0xe): undefined reference to `__start_providers'
.../powerpc-buildroot-linux-uclibc/bin/ld: provider.c:(.text+0x12): undefined reference to `__stop_providers'
.../powerpc-buildroot-linux-uclibc/bin/ld: provider.c:(.text+0x2a): undefined reference to `__start_providers'
.../powerpc-buildroot-linux-uclibc/bin/ld: provider.c:(.text+0x32): undefined reference to `__stop_providers'
So, conceptually, ply can not build in static-only.
Fixes:
- http://autobuild.buildroot.net/results/3a586241d37614b644ff6c4674ae28df2b22fdf8
Signed-off-by: Andreas Klinger <ak@it-klinger.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
wpa_supplicant 2.8 dropped support for the old D-Bus interface, so
remove mentions of it and rename DBUS_NEW variables to just DBUS.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Together, they increase the size of the binary by a bit less than a
megabyte.
As a result, make the wpa_supplicant option a menuconfig.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since wpa_supplicant 2.8, most features are now enabled by default,
instead of being disabled by default. Remove setting of options that are
already enabled by default, and turn ENABLE into DISABLE where
appropriate.
This also makes the existing options disable more features, otherwise,
it would still include dead code or even fail to compile.
Als correct/update some help texts.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Our documentation page already mentions the open-source and freely
available training materials from Bootlin on Buildroot.
It turns out that we now have online training courses accessible to
public registration, which makes them accessible to a wider
audience. It probably makes sense to mention them alongside the
training materials.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
since 2021.01, tools/binman is broken.
tools/binman/control.py imports pkg_resources
the module pkg_resources is supplied by setuptools,
so this new dependency is required.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
CVE-2021-27135: xterm through Patch #365 allows remote attackers to cause a
denial of service (segmentation fault) or possibly have unspecified other
impact via a crafted UTF-8 character sequence.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
CVE-2020-17525: Remote unauthenticated denial-of-service in Subversion
mod_authz_svn
Subversion's mod_authz_svn module will crash if the server is using
in-repository authz rules with the AuthzSVNReposRelativeAccessFile option
and a client sends a request for a non-existing repository URL.
For more details, see the advisory:
https://subversion.apache.org/security/CVE-2020-17525-advisory.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The tool 'protoc' and its associated library libprotoc.so are only
needed during development, to convert a protocol buffer definition in the
associated code for a specific code language.
Buildroot does not officially support creating a development environment on
target, so remove these files to reduce disk usage by more than 1.5 MB
(stripped, uncompressed).
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On install step the host tool syrepoctl is used to install some YANG
modules. Unfortunatly syrepoctl creates some files in /dev/shm folder and
does not cleanup afterwards. This files can be incompatible depending on
the used sysrepo version. This causes autobuilder failures when updating
the package [1].
To make sure we can remove this leftovers of sysrepoctl we specify a
build specific SYSREPO_SHM_PREFIX. With this the files can deleted safely
after installation is completed. This also ensures that concurrent
parallel builds will not affected mutualy.
The prfix must be unique between concurrent builds, so we use the build
directory ($(CONFIG_DIR)) to discriminate builds. It must also be unique
between top-level parallel package builds, so we also use the name of
the current package to discriminate.
Fixes:
[1] http://autobuild.buildroot.net/results/6e559c4f98b7ed93d7b5af638264e907492a6532/
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Co-Developed-by: Yann E. MORIN <yann.morin.1998@free.fr>
[yann.morin.1998@free.fr:
- also use the package name as discriminant
- expand commit log accordingly
- rename the variable to start with the package name
- explain why we clean up before as well
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The sysrepoctl executable from the host-sysrepo package is used to
install YANG modules during installation. So add the dependency here.
Also make sure we use this executable by setting the make environment
variable SYSREPOCTL_EXECUTABLE. Otherwise a system wide installed
sysrepoctl would be used that is not what we want.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Client fixes:
- Check contexts before importing them to reduce risk of extracted files escaping context store
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Security fixes:
- CVE-2021-21285 Prevent an invalid image from crashing docker daemon
- CVE-2021-21284 Lock down file permissions to prevent remapped root from accessing docker state
- Ensure AppArmor and SELinux profiles are applied when building with BuildKit
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When a developer has package/pkg-<infra>.mk assigned to him/her in the
DEVELOPERS file, this has 3 implications:
(1) Patches adding new packages using this infrastructure are Cc'ed
to this developer. This is done by the analyze_patch() function,
which matches the regexp r"^\+\$\(eval
\$\((host-)?([^-]*)-package\)\)$" in the patch, i.e where an
added line contains a reference to the infra maintained by the
developer.
(2) Patches touching the package/pkg-<infra>.mk file itself are Cc'ed
to this developer.
(3) Any patch touching a package using this infra are also Cc'ed to
this developer.
Point (3) causes a significant amount of patches to be sent to
developers who have package/pkg-generic.mk and
package/pkg-autotools.mk assigned to them in the DEVELOPERS
file. Basically, all patches touching generic or autotools packages
get CC'ed to such developers, which causes a massive amount of patches
to be received.
So this patch adjusts the getdeveloperlib.py to drop point (3), but
preserves point (1) and (2). Indeed, it makes sense to be Cc'ed on new
package additions (to make a review that they use the package
infrastructure correctly), and it makes sense to be Cc'ed on patches
that touch the infrastructure code itself.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop patches that are upstream now and fix hash file indentation.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Python 2.7 is EOL, so people should use the python3 package instead if
possible. Make it a bit more obvious that 'python' is not the right package
to use by explicitly mentioning that this is about python 2.7 and that it is
deprecated.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Very similar to the other stm32mp157-based boards, except that we use the
multi_v7 defconfig for ease of maintenance.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The memtester build system does not use CFLAGS/LDFLAGS variables.
Everything should be written to conf-cc and conf-ld.
Use '%' as sed expression delimiter because comma might appear in
LDFLAGS.
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In the output of legal-info, which is JSON-formatted, we include the
CPI_ID (when it is valid).
For xerces, the CPE_ID contains two sequences of \+ (which is exactly
what is present in the NIST DB, [0]).
However, in JSON, like in C, \ escapes the following character; only a
very limited set of characters are valid to escape: " \ / b f n r t u.
Escaping any other character is invalid. Conformant JSON parser will
choke on invalid sequences, and so does not the json python module:
File "/usr/lib/python2.7/json/decoder.py", line 380, in raw_decode
obj, end = self.scan_once(s, idx)
ValueError: Invalid \escape: line 1 column 608554 (char 608553)
We fix that be globally escaping \ in our json output, in the generic
sanitising macro.
[0] https://nvd.nist.gov/products/cpe/detail/645?namingFormat=2.3&orderBy=CPEURI&keyword=xerces&status=FINAL
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes:
We are very sorry to have to report that a problem was found with the
GNU Binutils 2.36 release. It turns out that it contained a small
portion of code that was not covered by an FSF copyright assignment.
So we have created a replacement release - 2.36.1 - with that code
removed.
In addition we found that a fix for a theoretical security
vulnerability[1] was itself broken and could result in the archiver
program "ar" misbehaving. So we have chosen to revert the fix from
the 2.36.1 release whilst the problem is properly resolved.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2021-3177: Python 3.x through 3.9.1 has a buffer overflow in
PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution
in certain Python applications that accept floating-point numbers as
untrusted input, as demonstrated by a 1e300 argument to
c_double.from_param. This occurs because sprintf is used unsafely.
For details, see the advisory:
https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Rebased patches 1 and 4
- Dropped upstreamed patches 5 and 6
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
[yann.morin.1998@free.fr:
- update patches 1-2 with actual backports, as noticed by Stefan
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure on sparc64:
/home/giuliobenetti/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc64-buildroot-linux-gnu/9.3.0/../../../../sparc64-buildroot-linux-gnu/bin/ld: /tmp/ccylTux8.o: in function `find_kaslr_offsets':
/home/giuliobenetti/autobuild/run/instance-0/output-1/build/makedumpfile-1.6.8/makedumpfile.c:4017: undefined reference to `get_kaslr_offset'
Even if this build failure is only raised with version 1.6.8,
get_kaslr_offset was also undeclared on sparc64 in version 1.6.7
Fixes:
- http://autobuild.buildroot.org/results/1421f54f7599bba62c0a4bd5c65ce21c8cc7ee1a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixed the following security issue:
- CVE-2020-6097: An exploitable denial of service vulnerability exists in
the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A
specially crafted sequence of RRQ-Multicast requests trigger an assert()
call resulting in denial-of-service. An attacker can send a sequence of
malicious packets to trigger this vulnerability.
For more details, see the report:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issue:
- wpa_supplicant P2P group information processing vulnerability (no CVE yet)
A vulnerability was discovered in how wpa_supplicant processing P2P
(Wi-Fi Direct) group information from active group owners. The actual
parsing of that information validates field lengths appropriately, but
processing of the parsed information misses a length check when storing a
copy of the secondary device types. This can result in writing attacker
controlled data into the peer entry after the area assigned for the
secondary device type. The overflow can result in corrupting pointers
for heap allocations. This can result in an attacker within radio range
of the device running P2P discovery being able to cause unexpected
behavior, including termination of the wpa_supplicant process and
potentially arbitrary code execution.
For more details, see the advisory:
https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: keep _PATCH near _VERSION and _SITE]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When a armv8 target is used in 32bits mode, xenomai fail to detect the
ARM architecture and abord the build. (__ARM_ARCH_7A__ is not defined
for armv8 cpus).
There are no autobuilder failures for this issue since cobalt is never
selected, but the following defconfig:
BR2_arm=y
BR2_cortex_a53=y
BR2_ARM_FPU_NEON_VFPV4=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_PACKAGE_XENOMAI=y
BR2_PACKAGE_XENOMAI_COBALT=y
This was initialy reproduced using the raspberrypi3_defconfig with
Xenomai package with cobalt selected.
In order to use Xenomai on raspberrypi3 in 32 bits mode, one has to
select BR2_cortex_a7 instead of BR2_cortex_a53 (see a13a388dd4).
See:
https://gitlab.denx.de/Xenomai/xenomai/-/blob/v3.1/lib/cobalt/arch/arm/include/asm/xenomai/features.h#L52
Signed-off-by: Romain Naour <romain.naour@gmail.com>
[yann.morin.1998@free.fr:
- switch to independent conditional 'default y'
- slightly reword the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test RISC-V 64/musl, use a pre-built Bootlin
toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test RISC-V 64/glibc, use a pre-built Bootlin
toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch drops the local syslog.conf in favor of the one shipped with
sysklogd. The upstream syslog.conf sample differs from the Buildroot
one primarily in shifting to /var/log/syslog as the default for log
messages. It also comes with a dedicated /var/log/kern.log and some
commented-out filtering examples.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2020-11105: An issue was discovered in USC iLab cereal through
1.3.0. It employs caching of std::shared_ptr values, using the raw
pointer address as a unique identifier. This becomes problematic if an
std::shared_ptr variable goes out of scope and is freed, and a new
std::shared_ptr is allocated at the same address. Serialization fidelity
thereby becomes dependent upon memory layout. In short, serialized
std::shared_ptr variables cannot always be expected to serialize back
into their original values. This can have any number of consequences,
depending on the context within which this manifests.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump to the latest git commit as this will fix the following CVEs:
git log|grep CVE
sox-fmt: validate comments_bytes before use (CVE-2019-13590) [bug #325]
fix possible null pointer deref in lsx_make_lpf() (CVE-2019-8357)
fft4g: bail if size too large (CVE-2019-8356)
fix possible overflow in lsx_(re)valloc() size calculation (CVE-2019-8355)
fix possible buffer size overflow in lsx_make_lpf() (CVE-2019-8354)
xa: validate channel count (CVE-2017-18189)
aiff: fix crash on empty comment chunk (CVE-2017-15642)
adpcm: fix stack overflow with >4 channels (CVE-2017-15372)
flac: fix crash on corrupt metadata (CVE-2017-15371)
wav: ima_adpcm: fix buffer overflow on corrupt input (CVE-2017-15370)
wav: fix crash writing header when channel count >64k (CVE-2017-11359)
hcom: fix crash on input with corrupt dictionary (CVE-2017-11358)
wav: fix crash if channel count is zero (CVE-2017-11332)
- Tweak configuration options due to
https://sourceforge.net/p/sox/code/ci/6ff0e9322f9891f5a6ac6c9b3bceffbfca16bec3
- libgsm is now an optional dependency since
https://sourceforge.net/p/sox/code/ci/e548827ffcf4dffa7f21709b8e96b04b481c09b8
- Add patch to put back --disable-stack-protector
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop upstream patch.
Use the new mode=release switch, this should automatically
disable features deemed not ready for use.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream changed version scheme: dropped leading 's', reflect it.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
CVE-2020-28473: The package bottle from 0 and before 0.12.19 are vulnerable
to Web Cache Poisoning by using a vector called parameter cloaking. When
the attacker can separate query parameters using a semicolon (;), they can
cause a difference in the interpretation of the request between the proxy
(running with default configuration) and the server. This can result in
malicious requests being cached as completely safe ones, as the proxy would
usually not see the semicolon as a separator, and therefore would not
include it in a cache key of an unkeyed parameter.
In addition, bottle 0.12.18 fixed a compatibility issue with python 3.8+:
https://github.com/bottlepy/bottle/issues/1181
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The mmc probing order has changed since commit 21b2cec61c04bd1 (mmc: Set
PROBE_PREFER_ASYNCHRONOUS for drivers that existed in v4.4), so get rid of
the hardcoded root=/dev/mmcblk1p2. The old vendor U-Boot unfortunately does
not have GPT support, so stick to MBR and use the legacy
root=PARTUUID=<disksignature>-<partition> format and set a fixed disk
signature, similar to how it was done for orangepi-r1 in commit 34cce93adb
(configs/orangepi_r1_defconfig: bump kernel to 5.10.10, u-boot to 2020.10).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In commit 38d04e6b13, I did a last-minute change by adding the comment
to explain where the PARTLABEL was coming from, and introduced a typo in
that comment.
Fix it.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Patch that pins mmc indexes was not accepted to mainline kernel. Drop that
patch and switch to GPT to use partition labels. For GPT the name of the
partition in genimage.cfg is used as the label for that partition. Note
that the default GPT partition table location conflicts with the SPL
location, so move GPT table after bootloaders.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
grpc has plugins for multiple programming languages, which are needed on
development machines only. Examples are grpc_cpp_plugin, grpc_ruby_plugin,
etc.
Even though before commit fedf3318e3,
grpc_cpp_plugin was not installed for target, all other plugins still were.
This causes additional build time and rootfs space.
As Buildroot does not support building a development environment for target,
these tools can be disabled.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In commit fedf3318e3, an obsolete patch to
support cross-compilation was removed, in favor of the upstream solution.
However, this caused a small change in behavior: for the target grpc, the
tool 'grpc_cpp_plugin' is now also built, while before it was not.
This tool is only really needed on development machines. Since Buildroot
does not support compilers and such on target itself, the tool is not
needed.
There exists an option gRPC_BUILD_GRPC_CPP_PLUGIN which can be set to 'OFF',
but disabling it in a cross-compilation context yields build failures.
Add a patch to fix that. This patch is intended to be upstreamed to grpc.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 903de16f5f added passing
'--with-libgrpc++' with the explanation:
"Use --with-libgrpc++ option as otherwise collectd will try to find
grpc++.pc which is not available."
At the time of above commit, grpc version in Buildroot was 1.23.0.
Since grpc 1.25.0, a grpc++.pc file _is_ generated from cmake builds.
Hence, remove passing --with-libgrpc++.
This change fixes a problem introduced by commit
fedf3318e3. As a side effect of that change, a
target version of 'grpc_cpp_plugin' was now created. When collectd was built
after grpc, even without grpc support in collectd enabled, the collectd
configure script would find this target grpc_cpp_plugin and try to use it
(which is not possible because it is built for target).
When not passing '--with-libgrpc++', collectd will instead find the host
version of grpc_cpp_plugin, which works fine.
There are still two underlying problems:
1. the target version of grpc_cpp_plugin is not actually needed. This will
be disabled in a subsequent commit.
2. collectd should not execute any grpc-related action if grpc support for
collectd is disabled. This problem has been reported upstream:
https://github.com/collectd/collectd/issues/3836
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Most of the toolchains now use gcc 9.x and kernel headers 5.9, instead
of gcc 8.x and kernel headers 5.4.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test Xtensa/uclibc, use a pre-built Bootlin toolchain.
To be noted: that fragment was in fact already using a Bootlin
bleeding-edge toolchain, because BR2_TOOLCHAIN_EXTERNAL_CUSTOM=y is
missing from the fragment:
$ cat support/config-fragments/autobuild/br-xtensa-full.config >.config
$ make olddefconfig
$ grep BOOTLIN .config
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_ARCH_SUPPORTS=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_XTENSA_LX60_UCLIBC_BLEEDING_EDGE=y
# BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_XTENSA_LX60_UCLIBC_STABLE is not set
The original fragment was supposed to use a stable toolchain, so we
switch to explictly use a stable Bootlin toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr:
- add blurb about missing BR2_TOOLCHAIN_EXTERNAL_CUSTOM=y
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test x86-64/musl, use a pre-built Bootlin toolchain.
The previous configuration was for an Atom platform, but the Bootlin
toolchains only provide a Core i7 configuration. Since this is close
enough, we change to use this Core i7 configuration.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test x86-64/uclibc, use a pre-built Bootlin toolchain.
The previous configuration was for Core2 platform, but the Bootlin
toolchains only provide a Core i7 configuration. Since this is close
enough, we change to use this Core i7 configuration.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test SPARC64/glibc, use a pre-built Bootlin toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test SPARC/uclibc, use a pre-built Bootlin toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test SH4/uclibc, use a pre-built Bootlin toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: drop BR2_sh4=y which is the default]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test RISC-V 32/glibc, use a pre-built Bootlin
toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test PowerPC e500mc/uclibc, use a pre-built Bootlin
toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test PowerPC64le Power8/glibc, use a pre-built Bootlin
toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test OpenRISC/uclibc, use a pre-built Bootlin
toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test nios2/glibc, use a pre-built Bootlin toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test mipsel/uclibc, use a pre-built Bootlin toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test mipsel32r6/glibc, use a pre-built Bootlin
toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test Microblaze EL/uclibc, use a pre-built Bootlin
toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test m68k 5208/uclibc, use a pre-built Bootlin
toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test m68k 68040/uclibc, use a pre-built Bootlin
toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test ARMv7-M/uclibc, use a pre-built Bootlin
toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test ARMv7/musl, use a pre-built Bootlin toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test ARM Cortex-A9/glibc, use a pre-built Bootlin
toolchain. Since this was meant to test very recent version of
toolchain components, we use the bleeding edge toolchain variant.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test ARMv5/uclibc, use a pre-built Bootlin toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test ARCle HS38/uclibc, use a pre-built Bootlin toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of using an external toolchain built specifically for the
autobuilders to test AArch64/glibc, use a pre-built Bootlin toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This will fix a build failure with libgpiod in version 1.6.2
Even though the examples are not built by default, we explicitly
disable them, to be future-proof in case that default changes in
the future.
Fixes:
- http://autobuild.buildroot.org/results/321004b185213099c7c5633b5ec35ceadd0293bc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- keep dependencies first
- explicitly disable examples
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This reverts commit f2d6c5ff90.
Now that libbsd can't be enabled for static builds, we can drop the
workaround specific to stress-ng.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
For instance on risc-v 64 arch the build would otherwise fail because
of undefined ucontext_t because "-DOPENSSL_NO_ASYNC" would not propagate
through to CFLAGS in the Makefile.
Signed-off-by: Yann Sionneau <ysionneau@kalray.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit f4a61d1ae2 (package/pkg-meson.mk avoid host ccache detection)
forced the host C and C++ compilers so that meson does not try to
autodetect ccache, and instead relies on what we provide.
However, this incorrectly used single-expansion of variables in a
package infra.
For traditional builds, this is OK, because the value does not change
across packages.
However, for builds with per-package directories, this value only refers
to the generic path, which ill not exist until the end of the build when
all packages are aggregated in the host-finalize step.
Fix that by postponing the variable evaluation like all the others.
Reported-by: Xogium on IRC
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit extends pkg-stats to leverage the recently introduced
CPEDB class to verify that the CPEs provided by Buildroot packages are
indeed known in the official CPE dictionnary provided by NVD.
Co-Developed-by: Grégory Clement <gregory.clement@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Python class which consumes a NIST CPE XML and provides helper
functions to access and search the db's data.
- Defines the CPE as a object with operations / formats
- Processing of CPE dictionary
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Co-Developed-by: Grégory Clement <gregory.clement@bootlin.com>
Co-Developed-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When using the headers from the kernel to be built, with the kernel
set to a custom version, and overriding the kernel sources with
LINUX_OVERRIDE_SRCDIR, the linux-headers package is still trying to
download an archive, and fails to validate its hash.
What is going on under the hood is that, with _OVERRIDE_SRCDIR, the
_VERSION of a package is set to 'custom'. Furthermore, the variable
BR_NO_CHECK_HASH_FOR is recursively expanded, so its value is only
evaluated when it is needed.
For linux-headers, we inherit the values from the linux package, and
the LINUX_HEADERS_VERSION takes the value from the configuration.
Thus we end up with the following situation:
LINUX_VERSION=custom
LINUX_HEADERS_VERSION=5.10 # For example
BR_NO_CHECK_HASH_FOR=... linux-custom.tar.gz ...
And thus the archive downloaded by linux-headers will not match any
exclusion, and since there will most probably not be a hash for it,
the download will fail, as was noticed and reported by Jarkko.
But in this case, what we really want is to really use the headers
from the kernel that we build, we do not even want to attempt a
download at all.
So, when using the headers from the kernel to be built, we also
propagate the LINUX_OVERRIDE_SRCDIR to linux-headers, so that we
also use the headers from the overridden sources.
Furthermore, in that configuration, we explicitly disallow
overriding the linux-headers specifically, as it does not make sense
(even though, if they were overridden to the same location, that'd
be OK, but to simplify the condition, we do not even check for that).
Reported-by: Jarkko Sakkinen <jjs@kapsi.fi>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When cross-compiling grpc, a native tool 'grpc_cpp_plugin' is needed.
Patch '0001-target-build-using-host-plugin.patch' in Buildroot provides a
way to pass the path to this tool via a configure option
'gRPC_NATIVE_CPP_PLUGIN'.
In version 1.20.0, the upstream grpc project added better support for
cross-compiling via commit 0d7a0ded [1], searching for the native
grpc_cpp_plugin via PATH (rather than specifying it as configure option as
our patch was doing).
This change renders the mentioned Buildroot patch obsolete, so remove it.
[1] https://github.com/grpc/grpc/commit/0d7a0ded1cc93bb7f4d69a156b0a69829557cbf2
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Reviewed-by: Michael Nosthoff <buildroot@heine.tech>
Tested-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The check for a default route is inverted, causing the script to wait
for the timeout even when a default IPv6 route is available. Fix this up
so that it exits early as expected.
Reported-by: Bhattiprolu RaviKumar <ravikumar.bhattiprolu@gmail.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2021-3281: Potential directory-traversal via archive.extract()
The django.utils.archive.extract() function, used by startapp --template and
startproject --template, allowed directory-traversal via an archive with
absolute paths or relative paths with dot segments.
For details, see the advisory:
https://www.djangoproject.com/weblog/2021/feb/01/security-releases/
Additionally, 3.0.11 fixed a regression:
https://docs.djangoproject.com/en/3.1/releases/3.0.11/
Update indentation in hash file (two spaces).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the announcement:
ChangeLog for Privoxy 3.0.31
--------------------------------------------------------------------
- Security/Reliability:
- Prevent an assertion from getting triggered by a crafted CGI request.
Commit 5bba5b89193fa. OVE-20210130-0001.
Reported by: Joshua Rogers (Opera)
- Fixed a memory leak when decompression fails "unexpectedly".
Commit f431d61740cc0. OVE-20210128-0001.
- Bug fixes:
- Fixed detection of insufficient data for decompression.
Previously Privoxy could try to decompress a partly
uninitialized buffer.
https://www.privoxy.org/announce.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is no need to get both the key and the value out of the dict if the
key is not used, so use dict.values() instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop 0003-rewrite-wcsnrtombs-to-fix-buffer-overflow-and-other-.patch
as it is a backport of upstream commit
3ab2a4e02682df1382955071919d8aa3c3ec40d4 which is part of the 1.2.2
release.
1.2.2 release notes
major changes:
- child restrictions lifted after fork of multithreaded parent
new features:
- _Fork function (POSIX-future)
- reallocarray function (extension from OpenBSD, now widespread)
- gettid function (kernel tid as supported concept)
- SIGEV_THREAD_ID sigevent API (Linux extension)
- tcgetwinsize and tcsetwinsize functions (POSIX-future)
performance:
- faster software sqrt on archs without native sqrt instruction
compatibility:
- realpath no longer depends on procfs availability & accuracy
- time zone parser now always prefers 64-bit tables if present
- crypt_blowfish now supports $2b$ prefix
- res_query now reports errors via h_errno
- set*id and setrlimit are now safe in vforked/cloned child
- setgroups now applies to all threads
- dlopen debugger notification is improved, should work with lldb
- setrlimit no longer needs __synccall broadcast on linux 2.6.36+
- faccessat with AT_EACCESS no longer needs child process on linux 5.8+
bugs fixed:
- buffer overflow and infinite loop errors in wcsnrtombs (CVE-2020-28928)
- sem_close unmapped still-referenced semaphores
- fork of process with active aio could deadlock or crash paren
- pthread_cond_wait was broken with priority-inheritance mutex
- getgrouplist wrongly failed when nscd reported an empty list
- abort could leak modified SIGABRT disposition to fork or posix_spawn child
- regression with mallocng: malloc_usable_size(0) crashed
- readlink wrongly gave EINVAL on zero length dest buffer
- sqrtl was severely inaccurate (not correctly rounded) on ldquad archs
- assert failure wrongly flushed stdio (possible deadlock)
- MUSL_LOCPATH search was broken with multiple components
- missing newline in herror output
- possible deadlock in pthread_exit with pshared mutex or barrier usage
- pthread_mutexattr_getprotocol didn't read back protocol
- v4l2 ioctl translation for pre-time64 kernels didn't work
arch-specific bugs fixed:
- x86_64 longjmp failed to handle 0 argument reliably
- i386 __set_thread_area fallback for pre-2.6 kernels didn't work
- missing O_LARGEFILE macro value on x86_64, x32, mips64
- unpredictable s390x breakage from failure to preserve call-saved registers
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that 2.36.x has been added, that 2.35.x is the default version,
drop support for 2.33.x.
Note that we keep binutils 2.32.x as it is the latest version that
works for FLAT binaries (used on noMMU platforms).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that 2.36 has been released, let's use 2.35.x as the default
binutils version.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When BR2_PACKAGE_XENOMAI_CUSTOM_TARBALL is selected, the xenomai package
declared an empty version, which among others means that the build directory
becomes output/build/xenomai without any version specification, and empty
version information in 'xenomai-show-info'.
Other packages that allow a custom tarball, like 'linux' and
'arm-trusted-firmware', specify 'custom' as version in this case.
Adapt the xenomai package accordingly.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Version 1.6.2 now builds against headers >= 4.8.x. (Previously 5.5 was
required). Functionality might still be limited depending on the kernel version.
* altered note on updating
* disable building of tests
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Major Behavior Changes
- As a reminder for those upgrading from older releases, as of FRR 7.4
and beyond:
RFC 8212 is now enabled by default. BGP will not advertise or use
routes unless explicitly configured to do so with an export or import
policy.
All daemons
Minimum libyang version is now 1.0.184
bfdd
Profile support
Minimum TTL support
bgpd
RPKI now has support for VRFs
Add wide option to route show commands
Add ability to count filtered prefixes when using maximum-prefix
with new force option
Add ability to show selected bestpath routes for a given neighbor
with bestpath-routes option to neighbor show command
Add ability to specify message when admin downing a session with bgp
shutdown message MSG... command
Add IPv6 support for Flowspec
Add ability to shut down neighbor if RTT is too high with neighbor
<neigh> shutdown rtt command
Allow update-delay to be applied globally
Graceful Restart fixes
Stability and performance fixes
EVPN
Beginning of MultiHoming support; stay tuned
isisd
Add VRF support
Add support for Anycast-SIDs
Fix adjacency timer display overflow
ospfd
Segment Routing support for ECMP
Prevent crash if transferring config amongst instances
Various LSA-related fixes
pbrd
Add JSON support to commands
Add ability to match on DSCP/ECN fields
pimd
Add more JSON support to commands
Add support for MSDP SA forwarding
(s,g,rpt) ifchannel is now cleared when (*, G) prune is received
Fix IGMP querier election and IP address mapping
Fix missing mesh-group commands
Fix crash when RP is removed
staticd
Add support for Northbound API
zebra
Nexthop group support for FPM
Netlink batching support
Northbound support for RIB model
Backup nexthop support
Allow upper level protocols to request ARP
Add json output for zebra ES, ES-EVI and access vlan dumps
vtysh
Speed up output across daemons
Fix build-time errors for some --enable flags
Northbound / YANG
Filter and route-map support
OSPF model definition
BGP model definition
RPM Packaging
Moved RPKI to subpackage
Added SNMP subpackage
Signed-off-by: Vadym Kochan <vadym.kochan@plvision.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update to use the official linux kernel v5.10 instead of an
out-of-tree kernel, and use the official U-Boot v2021.01 as the
bootloader. Provide two configuration files of genimage for different
boot flows:
- Boot from SD card (default)
- Boot from SPI flash
A boot script is generated to automatically boot the distro.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop dependency on gcc >= 4.8 for efl options as it is guaranted since
commit dbe2d2e686 which added a dependency
on gcc >= 4.9 for efl
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Both S40xorg and S90nodm tries to run an Xserver on vt1, causing the nodm
one to fail. If nodm is enabled, then that is likely what the user wants to
run, so skip installing S40xorg.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In commit 7a607dab33
("support/scripts/pkg-stats: support generating stats based on
configured packages"), we added a -c option to pkg-stats to generate a
report based on the list of packages enabled in the configuration,
rather than for all packages.
This is done based on the list of packages returned in JSON format by
"make show-info". However, we use the keys of the JSON dict returned
by "make show-info", which include the host- prefix of host
packages. Due to this, none of the host packages are currently
matching and therefore they are not reported in the pkg-stats -c
output.
This commit fixes that by using the recently introduced "name"
property in the "make show-info" JSON dict.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: use anonymous '_' for unused variable]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The keys of the JSON dict returned by "make show-info" is the package
name, including the "host-" prefix for host packages.
However, it is sometimes useful to get the actual name of the package,
without the "host-" prefix, so we add a "name" property that holds the
"raw name" of the package.
Suggested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
So the normal DHCP-on-eth0 logic works for the graphical defconfig where
eudev is used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Explicitly enable PCI support in the kernel after commit eb01d42a77785 (PCI:
consolidate PCI config entry in drivers/pci) and change to GPT partitions /
root=PARTLABEL to find the rootfs instead of hardcoding /dev/mmcblk2p2 as
the mmc probing order has changed since commit 21b2cec61c04bd1 (mmc: Set
PROBE_PREFER_ASYNCHRONOUS for drivers that existed in v4.4).
This has the additional advantage that the same image will work when written
to a USB drive instead of a microsd.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libgeos unconditionally uses wstring which raises the following build
failure:
In file included from /srv/storage/autobuild/run/instance-3/output-1/build/libgeos-3.9.0/tools/astyle/ASLocalizer.cpp:40:
/srv/storage/autobuild/run/instance-3/output-1/build/libgeos-3.9.0/tools/astyle/ASLocalizer.h:72:34: error: 'wstring' does not name a type; did you mean 'stdin'?
string convertToMultiByte(const wstring& wideStr) const;
^~~~~~~
stdin
Fixes:
- http://autobuild.buildroot.org/results/e97d03848d9bbf1845b994f391679a1dbf49f61e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump version and drop local patches already merged upstream. Add Linux
option needed by Linux version >= 4.20 package documentation and to .mk
file that automatically adds it to Linux config when building.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The --cpeid option was mistakenly introduced by commit
92e7089a8c ("support/script/pkg-stats:
show CPE ID in results") but is in fact not necessary.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit bd665d182c
("support/scripts/pkg-stats: improve rendering of CVE information"),
we have better reporting of CVE related information, based on
pkg.status['cve']. However, this commit broke pkg-stats when the
--nvd-path option is not passed, and therefore no CVE information is
available.
This commit fixes that, by making use of the is_status_ok(),
is_status_error() and is_status_na() methods recently introduced.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Make is_status_ok() work when the given status name is not even listed
in the status dict. This will be necessary for following commits.
Introduced similar methods for the error and na status, which will be
used in following commits.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Force Release build to remove -Werror and avoid the following build
failure:
/home/giuliobenetti/autobuild/run/instance-3/output-1/build/open62541-1.0/arch/network_tcp.c: At top level:
cc1: error: unrecognized command line option '-Wno-static-in-inline' [-Werror]
cc1: all warnings being treated as errors
Fixes:
- http://autobuild.buildroot.org/results/24b429ce0ae2b33e72bb6a0f523c3906e539a4fd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2021-3181: rfc822.c in Mutt through 2.0.4 allows remote attackers to
cause a denial of service (mailbox unavailability) by sending email
messages with sequences of semicolon characters in RFC822 address fields
(aka terminators of empty groups). A small email message from the
attacker can cause large memory consumption, and the victim may then be
unable to see email messages from other persons.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Main reason is to fix the issue when secure_getenv() is missing
in older toolchain, but it was fixed in this version by using
getenv() as alternative.
Signed-off-by: Vadym Kochan <vadym.kochan@plvision.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump Linux to 5.10.10 and U-Boot to 2020.10. In the new kernel sunxi-mmc
driver has been switched to asynchronous probe. As a result, mmc indexes
can be shuffled breaking board boot. Add patch that pins mmc indexes to
their original ordered values.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump Linux to 5.10.10 and U-Boot to 2020.10.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump Linux to 5.10.10 and U-Boot to 2020.10.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The 'ubi' collectd plugin was added in 5.11.0.
Add options in Buildroot to enable it.
Based on code by Bart De Vos.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Switch to meson-package
- Drop GDK_PIXBUF_DISABLE_TESTS as it is not needed anymore (meson
doesn't build tests when cross-commpiling)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 4fea71ac78 (package/sudo: security bump to version 1.9.5p2)
removed the patch, but forgot to remove the now unneeded autoreconf. Fix
that.
Reported-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The host build of uboot-tools can occur early in the build process and may
require the creation of BINARIES_DIR before generation of an enabled envimage
and/or boot script binary. So to resolve this in proper way, separated the
build and installation part of uboot env/script in their respective commands.
Signed-off-by: Kalpesh Panchal <kalpesh.panchal@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Major changes between sudo 1.9.5p2 and 1.9.5p1
* Buildroot: dropped a patch that was included in the release.
* Fixed sudo's setprogname(3) emulation on systems that don't
provide it.
* Fixed a problem with the sudoers log server client where a partial
write to the server could result the sudo process consuming large
amounts of CPU time due to a cycle in the buffer queue. Bug #954.
* Added a missing dependency on libsudo_util in libsudo_eventlog.
Fixes a link error when building sudo statically.
* The user's KRB5CCNAME environment variable is now preserved when
performing PAM authentication. This fixes GSSAPI authentication
when the user has a non-default ccache.
* When invoked as sudoedit, the same set of command line options
are now accepted as for "sudo -e". The -H and -P options are
now rejected for sudoedit and "sudo -e" which matches the sudo
1.7 behavior. This is part of the fix for CVE-2021-3156.
* Fixed a potential buffer overflow when unescaping backslashes
in the command's arguments. Normally, sudo escapes special
characters when running a command via a shell (sudo -s or sudo
-i). However, it was also possible to run sudoedit with the -s
or -i flags in which case no escaping had actually been done,
making a buffer overflow possible. This fixes CVE-2021-3156.
https://www.sudo.ws/stable.html#1.9.5p2
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
opentracing-cpp fails to build if clang-tidy is installed:
...
-- clang-tidy found: /usr/lib/llvm/11/bin/clang-tidy
-- Configuring done
-- Generating done
...
[ 25%] Building CXX object CMakeFiles/opentracing.dir/src/propagation.cpp.o
.../buildroot/output/build/opentracing-cpp-1.5.1/include/opentracing/string_view.h:5:10: error: 'algorithm' file not found [clang-diagnostic-error]
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:3:11: warning: '__llvm_libc' needs to be the outermost namespace [llvmlibc-implementation-in-namespace]
namespace opentracing {
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:11:3: warning: use '= default' to define a trivial default constructor [hicpp-use-equals-default,modernize-use-equals-default]
PropagationErrorCategory() {}
^ ~~
= default;
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:13:15: warning: use a trailing return type for this function [modernize-use-trailing-return-type]
const char* name() const noexcept override {
~~~~~~~~~~~ ^
auto -> const char*
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:13:15: warning: method 'name' can be made static [readability-convert-member-functions-to-static]
const char* name() const noexcept override {
^ ~~~~~~
static
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:17:24: warning: use a trailing return type for this function [modernize-use-trailing-return-type]
std::error_condition default_error_condition(int code) const
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:37:15: warning: use a trailing return type for this function [modernize-use-trailing-return-type]
std::string message(int code) const override {
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:58:28: warning: use a trailing return type for this function [modernize-use-trailing-return-type]
const std::error_category& propagation_error_category() {
^
226 warnings and 1 error generated.
Error while processing .../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp.
Suppressed 218 warnings (218 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
Found compiler error(s).
make[3]: *** [CMakeFiles/opentracing.dir/build.make:83: CMakeFiles/opentracing.dir/src/propagation.cpp.o] Error 1
make[3]: *** Waiting for unfinished jobs....
.../buildroot/output/build/opentracing-cpp-1.5.1/include/opentracing/string_view.h:5:10: error: 'algorithm' file not found [clang-diagnostic-error]
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/dynamic_load.cpp:4:
Disable the 'ENABLE_LINTING' option to avoid this influence.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We have three conditions under which some tests may get removed:
uClibc, musl, static libraries. All three use the same mechanism
to exclude those test-cases: remove the files.
The first two use a common variable to list the affected files,
and share the same hook of their own to iterate over that list,
while the third has its own hook.
This is not very clean, so switch to using a single variable and
a single hook for all three conditions.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Petr Vorel <petr.vorel@gmail.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Compile getdents0{1,2}.c which has been fixed in upstream in commit
8a85a2d61 ("getdents: update to the new api, don't mix libc and kernel
types").
Fixes: 84968aa495 ("package/ltp-testsuite: bump version to 20210121")
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As suggested by Yann E. Morin, switch to an active fork with all our
patches as upstream seems pretty dead, and they even acknowledge that
status:
https://ushare.geexbox.org/
By lack of spare time, motivation and interest, uShare development
is currently discontinued (this may change though). Don't expect
release anytime soon :-(
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop libupnp18 as libupnp has been bumped to 1.14.x and 1.8.x will not
been fixed against CallStranger a.k.a. CVE-2020-12695
mpd and vlc are already compliant with libupnp 1.14.x (i.e those
packages use UpnpInit2 instead of the deprecated UpnpInit)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Move site to Orange-OpenSource
- Drop patch (already in version)
- This version is compatible with libupnp 1.14.x to fix
CallStranger a.k.a. CVE-2020-12695
- Add threadutil license (BSD-3-Clause)
- Update hash in license file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Fix CallStranger a.k.a. CVE-2020-12695 as well as CVE-2020-13848
- Update indentation in hash file (two spaces)
- Backport all changes from libupnp18 to libupnp:
- Use COPYING instead of LICENSE (no license change)
- Add host-pkgconf dependency
- Add --enable-reuseaddr
- Add openssl optional dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
If Target u-boot is not available, the host build of uboot-tools
requires user to provide u-boot environment source file.
This change resolves a missing parentheses and updates the comment
for the same.
Signed-off-by: Kalpesh Panchal <kalpesh.panchal@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit adds support for Sinovoip's Banana Pi
M1+. It is mostly based on bananapro_defconfig
but with appropriate device tree and minor tweaks:
- apply bananapi-m1-plus device tree in linux
- apply bananapi_m1_plus defconfig for uboot
- apply patch for OOB IRQs on new device tree
- update device tree name in boot.cmd, genimage.cfg
- update symlink for BRCM driver in rootfs_overlay
- overall clean-up of the config
Tested on BPI-M1+ V1_1.
Signed-off-by: Filip Skoneczny <fskoneczny@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Postgresql includes some extra additional loadable modules.
We need just to pass "world/install-world" as make/install targets
to build this modules.
As a side effect documentation will also be built by "make world".
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some external packages call pg_config to determine the installed
PostgreSQL options. Add this output to Buildroots own pg_config,
so these packages correctly compile.
Added options:
--pkgincludedir
--pgxs
--cflags
--cc
--pkglibdir
--bindir
--sharedir
--localedir
--docdir
--mandir
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
GPT provides partition labels, which can be used to tell the kernel to find
the rootfs based on it (root=PARTLABEL=rootfs) as a nicer/more extensible
solution than the MBR disk signature / PARTUUID.
When using GPT, the name of the partition in genimage.cfg is used as the
label for that partition.
The default GPT partition table location unfortunately conflicts with the
SPL location, so move the 16KB GPT table after it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: add the comment about 'rootfs']
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The probing order of the two mmc controllers (sdcard and sdio wifi) has
changed in kernel 5.10 since commit 21b2cec61c04bd1 (mmc: Set
PROBE_PREFER_ASYNCHRONOUS for drivers that existed in v4.4), so change to
root=PARTUUID=.. instead of hardcoding /dev/mmcblkXp2.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: use feedc0de as magic]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Small (35k), and stand-alone, SSDP responder with built-in web server
(on port 1901) for serving description.xml when Windows scans for any
network devices on the LAN. Also includes ssdp-scan (31k), similar to
the mdns-scan tool, to probe for SSDP capable devices.
Although it does not use fork(), it still fails to build on noMMU: lots
of missing function declarations, and lots of multicast-related structs
definitions, causing warnings like:
ssdp-scan.c:57:12: warning: implicit declaration of function ‘strdup’; did you mean ‘strcmp’? [-Wimplicit-function-declaration]
ssdp-scan.c:57:10: warning: assignment to ‘char *’ from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
and errors like:
ssdp.c:357:17: error: storage size of ‘imr’ isn’t known
struct ip_mreq imr;
^~~
Finding the root cause why those get not defined in MMU on uClibc is
quite a head-scratching, so let's just disablessdp-responder for noMMU
architectures.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr: extend commit log to explain noMMU state]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Replace --exec-prefix, which applies to both sbin and bin, with the more
granular --bindir for logger and --sbindir for syslogd. This because
BusyBox installs its syslgod in /sbin and its logger in /usr/bin.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr: add comment, split one-option-per-line]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Installs to /usr/bin and thus replaces the BusyBox logger if enabled.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr: use usual ifeq-else-endif block]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As is done with the init script, parse the system-level customisation
file, if it exists, from the systemd service unit, to allow users to
provide extra arguments passed to the daemon.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr; offload to its own commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Prefer maintainer provided package, not GitHub generated archive
- Local backport of O_CLOEXEC patch not needed anymore, in v2.2.0
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr:
- keep the exec-prefix and without-logger option
- offload the systemd service changes to its own commit
- adapt commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
ply is a light-weight dynamic tracer for Linux. By means of using the
BPF it can attach probes to the linux kernel (e. g. kprobes).
It's a small alternative to LLVM based tracers for embedded systems.
Project page:
https://github.com/wkz/ply/releases
Documentation can be found here:
https://wkz.github.io/ply/
Tested with beaglebone_defconfig (uClibc-ng as well as glibc)
Signed-off-by: Andreas Klinger <ak@it-klinger.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
GEOS (Geometry Engine - Open Source) is a C++ port of the JTS Topology
Suite (JTS). It aims to contain the complete functionality of JTS in
C++. This includes all the OpenGIS Simple Features for SQL spatial
predicate functions and spatial operators, as well as specific JTS
enhanced functions.
https://trac.osgeo.org/geos
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
[yann.morin.1998@free.fr:
- wrap long lines in Config.in
- wrap long lines in commit log
- drop "invsible characters" <200b>
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr:
- split long lines in help text
- use traditional ifeq-else-endif block
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The upstream mrouted package comes with its own systemd unit file, but
no SysV init script. This script is a modified copy of the sysklogd
init script, but set to start after networking.
Note: for mrouted to start it requires at least two MULTICAST capable
interfaces that are UP. This is why an added startup delay of 30
seconds (-w 30) was added, in case the system has DHCP enabled.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
IP_MULTICAST depends on CONFIG_NET and CONFIG_INET, but those are really
depp-core symbols, and anyone enabling mrouted will be expected to
already have networking and TCP/IP supports enabled already in their
kernel configuraiton.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr:
- add comment about NET and INET,
- update commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
See also commit 4ff6e52392 which describes the
problem in detail.
The same problem now arises again, because syslog-ng renamed the
--enable-snmp-dest option into --enable-afsnmp. See syslog-ng commit
4537938474771673ef5bd4a9cad7c9a7dc20b7c1, first part of 3.27.1.
Update the configure options passed from Buildroot accordingly.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
HDMI support is enabled by default in sunxi_defconfig since commit
c822a3ec17 (ARM: configs: sunxi: Add DRM output-related options), so drop
from fragment.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
arm64 / riscv supports building a gzip compressed 'Image' format kernel,
which is sometimes useful. From arch/arm64/Makefile:
all: Image.gz
Image: vmlinux
$(Q)$(MAKE) $(build)=$(boot) $(boot)/$@
Image.%: Image
$(Q)$(MAKE) $(build)=$(boot) $(boot)/$@
(and similar logic for riscv)
Future architectures may or may not copy this logic, so for robustness add
an explicit Image.gz format rather than copying both Image and Image.gz when
the Image format is used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 40bb37bd70 refactored get-developers, and now the 'os' module is
no longer needed, but still imported:
utils/get-developers:6:1: F401 'os' imported but unused
1 F401 'os' imported but unused
Drop it now.
Reported-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add --disable-metadata configure option. Buildroot by default disable
packages' doc generation. Also generating LTP metadata documentation
would require have host package, which could be complicated since the
LTP build system is autoconf but not automake based.
Drop cacheflush01 patch (from this release) and rebase musl workaround
patch.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop upstream security patch.
Rename --with-system-libpcap to --disable-local-libpcap following
upstream change.
The configure scripts uses pkg-config to find libpcap, add host-pkgconf
dependency.
pkg-config handles static build for us. Remove explicit static build
handling.
Use https for SITE to save redirect.
Update license file hash due to whitespace changes.
Format hashes with two space delimiters.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
configure script now uses pkg-config. Add host-pkgconf dependency.
pkg-config should provide necessary info for libnl build/link. Don't
pass paths to configure.
Add --without-dpdk to make sure we don't link with host installed
libraries.
Format hashes with two space delimiters.
Use https for SITE to save redirect.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add patches needed for compatibility with Postgresql 13, which are
still under review upstream.
Debug builds (BR2_ENABLE_DEBUG=y) fails because of warnings, so
disable WARNINGS_AS_ERRORS.
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The vuejs developers have changed the way this package is distributed.
The tarball containing the dist files does not contain anymore the
LICENSE file. The license remains MIT but until it is reintroduced in
the tarball, we have to skip the license file hash verification.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 6a91580c11 added the hash of
0001-Define-_GNU_SOURCE_required_for_O_CLOEXEC_on_uClibc.patch but this
is not needed as this file is included in buildroot and not downloaded
While at it, update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
meson will by default try to detect the presence of ccache, and if
found, will use it unconditionally.
However, using a system-wide ccache, which would be using our own cache
directory, may very well conflict with our own ccache.
But there is no option to disable that meson behaviour. The only
workaround that is even the official documented way to do so, is to
actually pass environment variables that point to the compiler:
https://mesonbuild.com/Feature-autodetection.html#ccache
For the host variants, we pass $(HOST_CONFIGURE_OPTS) in the environment,
and this contains correct settings for CC and CXX, so meson does not try
and detect ccache; it uses exactly what we tell it to use.
For the target variant, the settings for the cross-compiler are defined
in the cross-compilation file, and so meson just abides by our will. But
for the compiler-for-build, there is no way to specify the CC_FOR_BUILD
or CXX_FOR_BUILD via a cross-compilation file:
https://mesonbuild.com/Machine-files.htmlhttps://mesonbuild.com/Cross-compilation.html
We could pass the full TARGET_CONFIGURE_OPTS in the environment, like we
do for the host variant, but this contains a lot more variables that are
supposed to be covered by the cross-compilation file.
So, we stay safe and just provide the exact two variables that meson
will use to avoid detecting ccache.
If the current configuration defines the use of ccache, then these two
variables will be properly setup to use our own ccache.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Gleb Mazovetskiy <glex.spb@gmail.com>
Cc: James Hilliard <james.hilliard1@gmail.com>
Cc: Norbert Lange <nolange79@gmail.com>
As reported on IRC by sephthir, the qemu_sparc_ss10_defconfig doesn't
work as expected: the system generated when booted under Qemu produces
illegal instruction messages.
gcc 8.3, 9.2 are the latest working gcc version. git bisect between
gcc 8.3 and 8.4 allowed to identify the commit that introcuced the
regression.
Reverting this patch allowed to produce a working rootfs.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/786589934
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- cmd/go: packages using cgo can cause arbitrary code execution at build time
The go command may execute arbitrary code at build time when cgo is in use
on Windows. This may occur when running “go get”, or any other command
that builds code. Only users who build untrusted code (and don’t execute
it) are affected.
In addition to Windows users, this can also affect Unix users who have “.”
listed explicitly in their PATH and are running “go get” or build commands
outside of a module or with module mode disabled.
Thanks to RyotaK (https://twitter.com/ryotkak) for reporting this issue.
This issue is CVE-2021-3115 and Go issue golang.org/issue/43783.
- crypto/elliptic: incorrect operations on the P-224 curve
The P224() Curve implementation can in rare circumstances generate
incorrect outputs, including returning invalid points from ScalarMult.
The crypto/x509 and golang.org/x/crypto/ocsp (but not crypto/tls) packages
support P-224 ECDSA keys, but they are not supported by publicly trusted
certificate authorities. No other standard library or golang.org/x/crypto
package supports or uses the P-224 curve.
The incorrect output was found by the elliptic-curve-differential-fuzzer
project running on OSS-Fuzz and reported by Philippe Antoine (Catena cyber).
This issue is CVE-2021-3114 and Go issue golang.org/issue/43786.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add optional lttng-libust support and enable tracing support
in case.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- add new host-python3-jinja2 and host-python3-ply dependencies
- change android, documentation options from boolean to feature
- disable new tracing option (needs lttng-ust)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- fixes: sysklogd 1.6 klogd with newer glibcs: kernel messages are
logged to user facility
- sysklogd removed klogd, functionality has been moved to syslogd
- now supports config fragments in /etc/syslog.d
- disabled sysklogd logger to not interfere with other loggers
- license has changed from GPL-2.0+ to BSD-3-Clause
Signed-off-by: Andreas Hilse <andreas.hilse@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
https://sources.debian.org/data/main/u/unzip/6.0-25 is unreachable so
switch to the debian archive provided by snapshot.debian.org to retrieve
all debian patches at once.
While at it, also update indentation in hash file and add
UNZIP_IGNORE_CVES entries.
The Debian patch archive we refernce brings in a large set of patches,
some of them fixing CVEs. Since we only cary the Debian patch archive
as a single entity, just refer to it to identify all the CVEs the
individual patches there in are fixng.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- don't wrap _SITE line that is anyway too long even when wrapped
- don't enumerate Debian patches one by one, just refere to them
globally
- as a consequence, reorder CVEs
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Use github as a source site, to get a newer version than 4.5, which
was released in May 2011
- Add upstream link to patch
- Use the new COPYING file
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update chrony to version 4.0 and add/remove configuration of
features as necessary.
Remove support for readline. Add support for nettle and
gnutls (required for NTS support). Add pkg-config support (for
nss, nettle and gnutls).
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
CVE-2020-7746 (https://nvd.nist.gov/vuln/detail/CVE-2020-7746)
The options parameter is not properly sanitized when it is processed.
When the options are processed, the existing options (or the defaults
options) are deeply merged with provided options. However, during this
operation, the keys of the object being set are not checked, leading to
a prototype pollution.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
chartjs 2.9.3 has a security vulnerability (CVE-2020-7746) which is not
detected by the CVE scripts, presumably because our version variable starts
with a 'v'.
Move that 'v' prefix out of the version variable to fix that.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since 2.0.0, pyjwt has dropped Python 2.x support, so Python 3.x is
mandatory.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 5b95a5dc2 (support/download: change format of archives generated
from git) changed the way the archives generated from git repositories
are named, adding a "format-version" identifier right between the
package version and the file extension.
Commit c043ecb20 (support/download: change format of archives generated
from svn) did so for archives generated from a subversion checkout.
However, for a few packages, we manually force the _SOURCE variable,
because we want to share the archive with another package, to avoid
downloading and storing those archives twice. This is the case for:
- linux-headers and linux
- barebox-aux and barebox
When the generated tarballs were renamed with the aforementioned
commits, those packages were not updated accordingly.
Fix that by manually propagating the per-site-method format-version.
Reported-by: "Stephane Viau (OSS)" <stephane.viau@oss.nxp.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: "Stephane Viau (OSS)" <stephane.viau@oss.nxp.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit dfcc18f84b cmake-package
_INSTALL_STAGING_OPTS/_INSTALL_TARGET_OPTS use 'install/fast'
instead of 'install', adjust documentation accordingly.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Due to libabseil dependencies the host gcc is at least 4.9.
So the fix for host gcc 4.8 is no longer needed.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Under the assumption that all Buildroot build hosts nowadays are
multithreaded, we can boost performance of host-zstd by enabling
multithreaded operation.
See also commit 52154e5206.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following linking error with uClibc-ng:
/nvme/rc-buildroot-test/scripts/instance-1/output-1/host/bin/arc-buildroot-linux-uclibc-gcc -o/nvme/rc-buildroot-test/scripts/instance-1/output-1/build/coremark-pro-1.1.2743/builds/linux/gcc/bin/cjpeg-rose7-preset cjpeg-rose7-preset.o /nvme/rc-buildroot-test/scripts/instance-1/output-1/build/coremark-pro-1.1.2743/builds/linux/gcc/obj/bench/consumer_v2/cjpeg/*.o /nvme/rc-buildroot-test/scripts/instance-1/output-1/build/coremark-pro-1.1.2743/builds/linux/gcc/obj/mith.a -lm -lpthread -lrt
/nvme/rc-buildroot-test/scripts/instance-1/output-1/host/lib/gcc/arc-buildroot-linux-uclibc/10.2.0/../../../../arc-buildroot-linux-uclibc/bin/ld: /nvme/rc-buildroot-test/scripts/instance-1/output-1/host/lib/gcc/arc-buildroot-linux-uclibc/10.2.0/libgcc.a(unwind-dw2-fde-dip.o): in function `_Unwind_Find_FDE':
/nvme/rc-buildroot-test/scripts/instance-1/output-1/build/host-gcc-final-arc-2020.09-release/build/arc-buildroot-linux-uclibc/libgcc/../../../libgcc/unwind-dw2-fde-dip.c:469: undefined reference to `dl_iterate_phdr'
/nvme/rc-buildroot-test/scripts/instance-1/output-1/host/lib/gcc/arc-buildroot-linux-uclibc/10.2.0/../../../../arc-buildroot-linux-uclibc/bin/ld: /nvme/rc-buildroot-test/scripts/instance-1/output-1/build/host-gcc-final-arc-2020.09-release/build/arc-buildroot-linux-uclibc/libgcc/../../../libgcc/unwind-dw2-fde-dip.c:469: undefined reference to `dl_iterate_phdr'
/nvme/rc-buildroot-test/scripts/instance-1/output-1/host/lib/gcc/arc-buildroot-linux-uclibc/10.2.0/../../../../arc-buildroot-linux-uclibc/bin/ld: GOT and PLT relocations cannot be fixed with a non dynamic linker
/nvme/rc-buildroot-test/scripts/instance-1/output-1/host/lib/gcc/arc-buildroot-linux-uclibc/10.2.0/../../../../arc-buildroot-linux-uclibc/bin/ld: final link failed: bad value
collect2: error: ld returned 1 exit status
/nvme/rc-buildroot-test/scripts/instance-1/output-1/build/coremark-pro-1.1.2743/workloads/cjpeg-rose7-preset//Makefile:65: recipe for target '/nvme/rc-buildroot-test/scripts/instance-1/output-1/build/coremark-pro-1.1.2743/builds/linux/gcc/bin/cjpeg-rose7-preset' failed
Since uClibc-ng 1.0.18 a circular dependency between libc and libgcc
exist, when static linking is used. It can be resolved by the compiler
when -static is correctly passed in the linking step.
So use TARGET_LDFLAGS to pass LDFLAGS
Fixes:
- http://autobuild.buildroot.org/results/ca86624b09fed961d2b9086fee8b2029845746ea
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fixes CVE-2021-23239, a potential information leak in sudoedit that
could be used to test for the existence of directories not normally
accessible to the user in certain circumstances. When creating a new
file, sudoedit checks to make sure the parent directory of the new
file exists before running the editor. However, a race condition
exists if the invoking user can replace (or create) the parent
directory. If a symbolic link is created in place of the parent
directory, sudoedit will run the editor as long as the target of the
link exists. If the target of the link does not exist, an error
message will be displayed. The race condition can be used to test for
the existence of an arbitrary directory. However, it cannot be used to
write to an arbitrary location.
- Fixes CVE-2021-23240, a flaw in the temporary file handling of
sudoedit's SELinux RBAC support. On systems where SELinux is enabled,
a user with sudoedit permissions may be able to set the owner of an
arbitrary file to the user-ID of the target user. On Linux kernels
that support protected symlinks setting
/proc/sys/fs/protected_symlinks to 1 will prevent the bug from being
exploited. For more information, see Symbolic link attack in
SELinux-enabled sudoedit.
- Update license hash:
- copyright of python bindings added with
https://github.com/sudo-project/sudo/commit/6c1b155fed23348c58a03f6c1193922132b5b66a
- a few other files (ISC licenced) added with
https://github.com/sudo-project/sudo/commit/d4b2db9078bd54f158261017dcb4d1340398a5fa
- year updated with
https://github.com/sudo-project/sudo/commit/9e111eae57524ca72002ad1db36eb68ccd50b167
- Update indentation in hash file (two spaces)
https://www.sudo.ws/stable.html#1.9.5p1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
First patch is not needed since commit
7b3ac6d24d which adds a dependency on
headers >= 4.12
It should also be noted that upstream didn't merge it either
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Using absolute paths within getdeveloperlib isn't very sensible, it
makes a lot more sense to handle everything as relative paths from the
top-level Buildroot source directory.
parse_developers() is changed to no longer take the base path as
argument: it is automatically calculated based on the location of
utils/getdeveloperlib.py. Then, the rest of the logic is adjusted to
use relative paths, and prepend them with the base "brpath" when
needed.
This commit allows pkg-stats to report correct developers information
even when executed from an out of tree directory.
Before this patch:
$ ~/buildroot/support/scripts/pkg-stats -p ipmitool --json out.json
$ cat out.json | jq '.packages.ipmitool.developers'
[]
$ cat out.json | jq '.defconfigs.stm32f469_disco'
{
"name": "stm32f469_disco",
"path": "configs/stm32f469_disco_defconfig",
"developers": []
}
After this patch:
$ ~/buildroot/support/scripts/pkg-stats -p ipmitool --json out.json
$ cat out.json | jq '.packages.ipmitool.developers'
[
"Floris Bos <bos@je-eigen-domein.nl>",
"Heiko Thiery <heiko.thiery@gmail.com>"
]
$ cat out.json | jq '.defconfigs.stm32f469_disco'
{
"name": "stm32f469_disco",
"path": "configs/stm32f469_disco_defconfig",
"developers": [
"Christophe Priouzeau <christophe.priouzeau@st.com>"
]
}
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With Python 3.8, the following deprecation warnings are emitted:
/home/thomas/projets/buildroot/./support/scripts/pkg-stats:418: DeprecationWarning: The explicit passing of coroutine objects to asyncio.wait() is deprecated since Python 3.8, and scheduled for removal in Python 3.11.
/home/thomas/projets/buildroot/./support/scripts/pkg-stats:536: DeprecationWarning: The explicit passing of coroutine objects to asyncio.wait() is deprecated since Python 3.8, and scheduled for removal in Python 3.11.
The correct way to pass coroutines is to use asyncio.create_task(),
but this is rather new method (Python 3.7), and using it breaks
compatibility with older Python versions. As suggested at
https://docs.python.org/3/library/asyncio-task.html#asyncio.create_task,
use the more cryptic, but also more compatible asyncio.ensure_future()
method.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The cve module needs ijson, which may not be installed. Since cve
matching is only enabled when --nvd-path is passed, it is a bit silly
to error out about ijson being missing if it's not used.
So instead of unconditionally importing the cve module, only do it
conditionally.
However, instead of doing it right at the point where it is used, we
do it at the beginning of the main() function. Indeed, if the cve
module is needed but cannot be imported, we want to error out
immediately rather than doing a whole bunch of things, and failing on
the user later on in the middle of the pkg-stats execution.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libzstd.so is built without multi-threading support by default.
The 'HAVE_THREAD' flag is not respected by lib/Makefile, only by
programs/Makefile.
Use the %-mt recipe in lib/Makefile to enable multithreading.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As reported on the mailing list [1], the imx sdma firmwares for
imx[6,7,8] are provided by two packages: firmware-imx and
linux-firmware
$ sha256sum ./firmware-imx-8.10/firmware/sdma/sdma-imx6q.bin
7790c161b7e013a9dbcbffb17cc5d4cb63d952949a505647e4679f02d04c4784
./firmware-imx-8.10/firmware/sdma/sdma-imx6q.bin
$ sha256sum ./linux-firmware-20201022/imx/sdma/sdma-imx6q.bin
7790c161b7e013a9dbcbffb17cc5d4cb63d952949a505647e4679f02d04c4784
./linux-firmware-20201022/imx/sdma/sdma-imx6q.bin
firmware-imx also has firmwares for older variants as well, so this is
what we keep as the only imx sdma firmware provider.
[1] http://lists.busybox.net/pipermail/buildroot/2021-January/300938.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Stephane Viau <stephane.viau@oss.nxp.com>
Cc: Gary Bisson <gary.bisson@boundarydevices.com>
[yann.morin.1998@free.fr: explain why we keep firmware-imx]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Christian Stewart <christian@paral.in>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: rename package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Until now the bootlin-x86-64-glibc was using a Bootlin toolchain as a
custom external toolchain. However, now that we have the
toolchain-external-bootlin package explicitly supporting Bootlin
toolchains as known toolchain profiles, it makes sense to use
that. Indeed, this will ensure that this autobuilder configuration
will use the latest available version of the Buildroot toolchain for
x86-64 glibc.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Adding these patches brings our ffmpeg package to the same level as the
kodi-provided ffmpeg package allowing us to switch the kodi build to
use the system-provided ffmpeg instead of its internal build when kodi
is bumped to version 19.0-Matrix.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bump ATF, U-Boot and Linux kernel to the NXP BSP 5.4.70_2.3.0 versions.
Note for configs/freescale_imx8mmevk:
On 5.4.70_2.3.0 the default "i.MX8MM LPDDR4 EVK RevB board" support is
removed and replaced by "i.MX8MM LPDDR4 EVK with QCA WIFI revB board".
In case an older revB board is used, then the following step in U-Boot is
needed:
=> setenv fdt_file imx8mm-evk-revb-qca-wifi.dtb
=> saveenv
=> reset
Build- and run-tested on:
o i.MX8MN DDR4 EVK
o i.MX8MQ EVK
Build-tested only for other configs.
Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Tested-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
I do not have access to MacchiatoBin hardware anymore.
So remove its BSP components from my watch list.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix U-Boot config snippet in TestATFAllwinner. Bump U-Boot
version to fix DTC build on hosts with gcc 10 and add
pylibfdt dependency.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There were only two users of Marvell ATF: SolidRun MacchiatoBin board
and ClearFrog GT 8k board. After mv-ddr-marvell package update both
boards switched to upstream ATF. Remove tests for now unused
Marvell ATF.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump U-Boot and Linux kernel versions. Fix recent build failures caused
by mv-ddr-marvell package update. Marvell ATF does not provide a version
compatible with up-to-date mv-ddr-marvell. According to commit log,
Marvell developers are now contributing directly to upstream ATF. So
switch to upstream ATF instead of using older Marvell ATF versions.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/938922500
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
mesa3d should only need expat for a limited set of drivers. However,
the condition in their meson.build is borked:
required: not with_platform_android or with_any_broadcom or with_any_intel
So, as soon as the platform is not android, expat is required. If it
is not already present in the configuraiotn, then meson will try to be
helpful and will try to download its own copy under the table:
Run-time dependency expat found: NO (tried pkgconfig and cmake)
Looking for a fallback subproject for the dependency expat
Downloading expat source from https://github.com/libexpat/libexpat/releases/download/R_2_2_5/expat-2.2.5.tar.bz2
<urlopen error unknown url type: https>
A fallback URL could be specified using source_fallback_url key in the wrap file
../O/build/mesa3d-20.3.3/meson.build:1366:2: ERROR: could not get https://github.com/libexpat/libexpat/releases/download/R_2_2_5/expat-2.2.5.tar.bz2 is the internet available?
Ideally, we would like to fix the condition in the meson.build, to drop
the spurious and dubious condition on the android platform. However it
is not totally obvious what the prupose was, and expat compiles quikly,
so we just add expat as an unconditional mandatory dependency.
Fixes:
http://autobuild.buildroot.org/results/f71865771482b1d71d12e77767d236ca693785d5/http://autobuild.buildroot.org/results/98290b9681a38b3be820017823a4a4196d474476/
....
Reported-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
[yann.morin.1998@free.fr:
- make it a generic fix, not tied to freedreno, reported by Fabio
- rewrite commit log to explain the root cause
- also reported about virgl, by Titouan
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Hard-float support is pretty stable, so make that default for HSDK
boards.
The hard-float setting is a bit convulated since current ARC gcc lacks
--with-fpu - so this is done with BR2_TARGET_OPTIMIZATION
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
[yann.morin.1998@free.fr: split off into its own commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We are no longer actively working on uClibc, so make that default
for HSDK boards.
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
[yann.morin.1998@free.fr: drop enabling hard float]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
No config changes done
| make snps_archs38_hsdk_defconfig
| make savedefconfig
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
For the HS48 processor, BR currently builds with -mcpu=hs4x_rel31 which
generates suboptimal code as it inhibits delay slot and back-back ST and so on.
Enable a new variant to build with -mcpu=hs4x for normal codegen.
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
[yann.morin.1998@free.fr:
- simplify dependencies on MMU page size
- wrap long lines
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This definition is useless, because it is equal to the default value
of <pkg>_CPE_ID_NAME as calculated by generic-package.
Before and after this patch, the CPE ID calculated for the linux-pam
package is exactly the same, according to "make linux-pam-show-info".
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As we discussed on the mailing list, using $(<pkg>_NAME) when defining
CPE ID variables feels a bit odd and needlessly complicated. Just use
the package name directly.
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cpe:2.3:a:ntp:ntp is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Antp%3Antp
The specification of the version needs to be reworked a little
bit. Indeed, versions look like 4.2.8p15. For the download, we need to
extract 4.2 as the folder is named ntp-4.2. However, for the CPE ID we
need to extract 4.2.8 and p15 into two separate fields.
So, we set:
NTP_VERSION_MAJOR = 4.8
NTP_VERSION_MINOR = 2
NTP_VERSION_POINT = 15
and construct the version:
NTP_VERSION = $(NTP_VERSION_MAJOR).$(NTP_VERSION_MINOR)p$(NTP_VERSION_POINT)
Note that the choice of "point" comes from
http://support.ntp.org/bin/view/Main/ReleaseNumberingScheme, which
states "The letter p followed by an increasing number indicates a
Point (i.e. incremental) Release.".
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- minor maintainence release mainly to address exist build issues;
- remove the following patches since all have been upstreamed:
0001-erofs-utils-fix-multiple-definition-of-sbi.patch;
0002-erofs-utils-fuse-fix-linking-when-using-with-selinux.patch;
0003-erofs-utils-fuse-disable-backtrace-if-unsupported.patch.
Signed-off-by: Gao Xiang <hsiangkao@aol.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop upstream patch which is included in the new version.
Add additional config option `--enable-a2dpconf` to build small (13 kB)
utility `a2dpconf` which does not depend on any external dependencies.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Integrate the RCW into the storage device image, so the image can also
be used a boot source. The SoC expects the RCW at offset 4096 of the SD
card or eMMC.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* add option for new library Boost.JSON
* drop patch 0001 as it's applied upstream
* host: disable options that were added over time but never disabled for the host-build
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When a package has both a target and a host variant, and uses git
submodules, and the host variant is downloaded before the target one, we
end up with the generated archive missing the submodules.
This happens in exactly one package in our tree: c-capnproto.
This issue was not caught before because after a few days, the full
sources are added to sources.buildroot.net. So when the hash check
fails, the full tarball is simply downloaded from there.
Propagate the git submodule setting from the target variant to the host
variant, unless the host variant explicitly opted-out.
Fixes:
http://autobuild.buildroot.org/results/2de9c6c8ce83569d18cc7140ebc60d6fe1aadcbf/
Reported-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Commit 37a909cacf (package/tar: drop specific version for host variant)
updated the host variant from 1.29 to 1.32.
However, because there is no longer any upper-limit to the version of
tar accepted from the system, and because tests were conducted on a
recent distribution, there was no need to build the host variant of tar.
As a consequence, updating the hash file was missed.
Do so now.
Also switch to using the new two-space separators.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Use the COREMARK_PRO_MARKS definition from the build recipe to
generate the coremark-pro.sh
- Use %x:%X as the date stamp in the results file.
Suggested-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
nvidia-modprobe package adds a utility and headers for probing the NVIDIA
hardware at runtime.
https://github.com/NVIDIA/nvidia-modprobe
Signed-off-by: Christian Stewart <christian@paral.in>
[Arnout:
- use upstream Makefile instead of building directly;
- don't install to staging;
- remove dependency on host-pkgconf;
- correct license to GPL-2.0;
- remove dependency on threads and glibc;
- add dependency on MMU.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop 5.9 stable (EOL).
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
[Peter: add Config.in.legacy handling for 5.9]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that we can generate reproducible archives, with all known tar
versions starting with 1.27, we don't need to clamp the host-tar
version to the old 1.29, and can now bump to any later version.
Drop the host-tar version, and use the same as the target variant.
Note that we still need the _SOURCE trick, to avoid depending on tar
to extract the tar tarball...
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
So far, we checked that the tar present on the host was at most tar
1.29, because tar 1.30 changed the way it generates archives.
Having a maximum tar version requirement meant that we would eventually
always have to build our own host-tar, as distributions are updating
the version they use.
But now, we have found a way to generate reproducible archives starting
with tar 1.27 onward, so we no longer need the check for a maximum tar
version, so we can drop that requirement.
Note: this is semantically a revert of b8fa273d50 (check-host-tar.sh:
blacklist tar 1.30+), but keeping the new, mostly-linear code-path.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
Like we recently did for git, switch the archives generated from
subversion to be reproducible whatever the tar version.
We have no in-tree users of the svn backend which also has hashes,
so no hash to update.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Heiko Thiery <heiko.thiery@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
Commit 89f5e9893 (support/download/svn: generate reproducible svn
archives) did what it said, but can be siplified a bit.
Indeed, we are doing an svn export, so we won't have any of the .svn
directories, neither at the root of the extract, nor in any of the
sub-directories.
As such, we do not need to filter them out when we generate the list
of files to include in the archive.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Heiko Thiery <heiko.thiery@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
Switch to using the tarball helper, that can generate reproducible
archives whatever the tar version >= 1.27.
However, those archives are not identical to the previous ones generated
in the (now-broken) gnu format.
To avoid any clashing between old and new archives, and new and old
Buildroot versions, we need to name the new generated archives
differently from the existing ones.
So, we bump the git-specific format-version to -br1.
The %ci date has been supported by git back to 1.6.0, released August
2008); it is not strictly ISO8601, but is still accepted as a PAX date
header. The strict ISO8601 placeholder, %cI, was only introduced with
2.2.0, release in November 2014, so too recent to be widely available.
As the format and the names of the archives changes, we need to update
all the hash files with the new names and hashes.
Of all the bootloaders that have a git download method, vexpress-firmware
is the only one to have a hash. Others have no hash files, or they have
explicitly set BR_NO_CHECK_HASH_FOR.
For the packages, linux-headers is the special snowflake, as the git
download is only for custom git tree, so it is excluded from the hash
verification with BR_NO_CHECK_HASH_FOR.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
---8<------8<------8<------8<---
#!/bin/sh
# Find and download all packages using git as backend.
# Manually fix hashes for affected packages.
# Packages that only have a host variant
HOST_ONLY='imx-mkimage|mxsldr|netsurf-buildsystem|opkg-utils|prelink-cross|qoriq-rcw|vboot-utils'
# Packages that have a non-git main _SOURCE, and/or which
# have BR_NO_CHECK_HASH_FOR for the git _SOURCE
NOT_GIT='aufs|aufs-util|xenomai|linux-headers'
export BR2_DL_DIR=$(pwd)/temp-dl-dir
make defconfig
make $( git grep -l -E 'SITE_METHOD[[:space:]]*:?=[[:space:]]*git\>|_SITE[[:space:]]*:?=[[:space:]]*git:' \
boot/vexpress-firmware/ package/ \
|sed -r -e 's,.*/([^/]+)\.mk,\1,' \
|sed -r -e '/^('"${NOT_GIT}"')$/d;' \
-e 's/^('"${HOST_ONLY}"')/host-\1/;' \
-e 's/$/-legal-info/;'
)
---8<------8<------8<------8<---
We currently need to generate reproducible archives in at least two
locations: the git and svn download backends. We also know of some
future potential use (e.g. the other download backends, like cvs, or
in the upcoming download post-processors for vendoring, like cargo
and go).
However, we are currently limited to a narrow range of tar versions
that we support, to create reproducible archives, because the gnu
format we use has changed with tar 1.30.
As a consequence, and as time advances, more and more distros are,
or will eventually start, shipping with tar 1.30 or later, and thus
we need to always build our on host-tar.
Now, thanks to some grunt work by Vincent, we have a set of options
that we can pass tar, to generate reproducible archives back from
tar-1.27 and up through tar-1.32, the latest released version.
However, those options are non-trivial, so we do not want to have
to repeat those (and maintain them) in multiple locations.
Introduce a helper that can generate a reproducible archive from
an input directory.
The --pax-option, to set specific PAX headers, does not accept
RFC2822 timestamps which value are too away from some fixed point
(set atcompile-time?):
tar: Time stamp is out of allowed range
However, the same timestamps passed as strict compliant ISO 8601 are
accepted, so that's what we expect as a date format.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
---8<------8<------8<------8<---
# Here is a Makefile used to test all the versions of tar, with
# different output formats and different sets of options:
# Versions prior to 1.27 do not build on recent machines, because
# 'gets()' got removed (rightfully so), so don't count them as
# candidates.
VERSIONS = 1.27 1.27.1 1.28 1.29 1.30 1.31 1.32
DATE = Thu 21 May 2020 06:44:11 PM CEST
TARS = \
$(patsubst %,test_gnu_%.tar,$(VERSIONS)) \
$(patsubst %,test_posix_%.tar,$(VERSIONS)) \
$(patsubst %,test_posix_paxoption_%.tar,$(VERSIONS))
all: $(TARS)
sha1sum $(^)
.INTERMEDIATE: test_%.tar
test_gnu_%.tar: tar.% list
./$(<) cf - -C test \
--transform="s#^\./#test-version/#" \
--numeric-owner --owner=0 --group=0 \
--mtime="$(DATE)" \
--format=gnu \
-T list \
>$(@)
test_posix_%.tar: tar.% list
./$(<) cf - -C test \
--transform="s#^\./#test-version/#" \
--numeric-owner --owner=0 --group=0 \
--mtime="$(DATE)" \
--format=posix \
-T list \
>$(@)
test_posix_paxoption_%.tar: tar.% list
./$(<) cf - -C test \
--transform="s#^\./#test-version/#" \
--numeric-owner --owner=0 --group=0 \
--mtime="$(DATE)" \
--format=posix \
--pax-option='delete=atime,delete=ctime,delete=mtime' \
--pax-option='exthdr.name=%d/PaxHeaders/%f,exthdr.mtime={$(DATE)}' \
-T list \
>$(@)
list: .FORCE
list: test
(cd test && find . -not -type d ) |LC_ALL=C sort >$(@)
LONG = L$$(for i in $$(seq 1 200); do printf 'o'; done)ng
test: .FORCE
test:
rm -rf test
mkdir -p test/bar
echo foo >test/Foo
echo bar >test/bar/Bar
ln -s bar/Bar test/buz
echo long >test/Very-$(LONG)-filename
ln test/Very-$(LONG)-filename \
test/short
.PRECIOUS: tar.%
tar.%: tar-%
cd $(<) && ./configure
$(MAKE) -C $(<)
install -m 0755 $(<)/src/tar $(@)
.PRECIOUS: tar-%
tar-%: tar-%.tar.gz
tar xzf $(<)
.PRECIOUS: tar-%.tar.gz
tar-%.tar.gz:
wget "https://ftp.gnu.org/gnu/tar/$(@)"
.FORCE:
clean:
rm -rf tar-* tar.* test_* test list
---8<------8<------8<------8<---
When we want to change the format of an archive we generate (e.g. those
we generate from git trees), the hashes of those archives will change.
To avoid any issue (e.g. an older Buildroot using newer archives, or the
other way around) that would conclude that the hashes do not match, we
want to change the filenames of the generated archives whenever we
change their format.
Introduce a new internal variable, specific to each site method, that we
can set to include a "format version" for the archives generated from
that site method.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
The .tar.gz default extension is historical, and we initially used
to only fetch tarballs from remote sites.
When we introduced downloads from VCS repositories, we kept that
extension, and kept compressing with gz, by lack of good reason to
switch to some other compression scheme.
However, nowadays, we will want to change the way we construct the
tarballs we generate from VCS. This will de facto change the hashes
of those tarballs.
So we will want that the archives we generate do not clash with the
existing ones, so we need another filename. Thus, we need a way to
be able to use a different extension when we generate archives from
VCS.
Use a macro as suggested by Arnout.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
The LLVM project has switched to using a monorepo to host all their
components. The separate, individual repositories have been closed
late 2020 / early 2021. The libclc repository is no longer.
Switch to using the libclc source from the llvm legacy and frozen
mirror.
Even though we could switch over to using the github helper, we just
keep using the git download method: it is a small repository, and it
will not impact people that were already using it.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Valentin Korenblit <valentinkorenblit@gmail.com>
Cc: Michael Opdenacker <michael.opdenacker@bootlin.com>
Acked-by: Romain Naour <romain.naour@gmail.com>
---
Changes v1 -> v2:
- keep everything as-is, just switch to the frozen mirror
The following commits:
- 7868289fd5 package/zic: bump version to 2020f
- c99374ecbb package/tzdata: bump version to 2020f
bumped the tzdata from version 2020a to 2020f. However, in 2020b, the
zic option '-y' was removed, and so was the yearistype.sh script [0].
This now spews annoying warnings:
warning: -y ignored
Fortunately, it still consumes its argument, so the missing yearistype.sh
is simply ignored.
Drop that option.
[0] https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
As stated in README.md, multipath-tools is covered by several licenses
and LGPL-2.0 is "just" the default license:
- GPL-2.0+ (e.g. libmultipath/alias.c)
- GPL-3.0+ (e.g. libdmmp/libdmmp.c)
- LGPL-2.1+ (e.g. libmpathcmd/mpath_cmd.c)
So replace COPYING (which is a symlink to LICENSES/LGPL-2.0) by the
approriate license files in LICENSES directory
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: further split long lines]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yair Ben-Avraham <yairba@protonmail.com>
[yann.morin.1998@free.fr:
- correctly fix build without lzma in an upstreamable fashion
- actually fix the build without udev
- depend on udev, not libudev (which does not exist)
- don't use += for the first variable assignment to _CONF_OPTS
- explicitly disable unsupported fuzz options
- add explicit optiopnal support for bash-completion
- drop useless comments about "features" and "booleans"
- fix alphabetical order in DEVELOPERS
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions
are vulnerable to a use-after-free bug in its TLS implementation. When
writing to a TLS enabled socket, node::StreamBase::Write calls
node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first
argument. If the DoWrite method does not return an error, this object is
passed back to the caller as part of a StreamWriteResult structure. This
may be exploited to corrupt memory leading to a Denial of Service or
potentially other exploits
- CVE-2020-8287: HTTP Request Smuggling in nodejs Affected versions of
Node.js allow two copies of a header field in a http request. For
example, two Transfer-Encoding header fields. In this case Node.js
identifies the first header field and ignores the second. This can lead
to HTTP Request Smuggling
- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js.
You can read more about it in
https://www.openssl.org/news/secadv/20201208.txt
Update the license hash for the addition of the (MIT licensed)
cjs-module-lexer module:
https://github.com/nodejs/node/commit/9eb1fa19248949dfc716807b1dc97dedf36da14e
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In libIEC61850 before version 1.4.3, when a message with COTP message
length field with value < 4 is received an integer underflow will happen
leading to heap buffer overflow. This can cause an application crash or
on some platforms even the execution of remote code. If your application
is used in open networks or there are untrusted nodes in the network it
is highly recommend to apply the patch. This was patched with commit
033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when
available. As a workaround changes of commit 033ab5b can be applied to
older versions.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Frotz is an interpreter for old Infocom adventures and other Z-code
games.
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes build error
output/host/opt/ext-toolchain/bin/../lib/gcc/aarch64-amd-linux-gnu/4.9.1/../../../../aarch64-amd-linux-gnu/bin/ld:
cannot find -latomic
using this defconfig
BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_AARCH64=y
BR2_PACKAGE_OPENSSL=y
libopenssl is only used here as an example: all packages adding -latomic
if BR2_TOOLCHAIN_HAS_LIBATOMIC=y are broken, like dav1d, ffmpeg, gnutls,
kodi and vlc.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
XorCurses is a remake of the 8-bit game 'Xor' by Astral Software.
Your task is to roam around a series of mazes where you have to
collect all blue masks before finding the exit. You have two 'shields'
(players) and you can use either one at any time and switch between
them. While the first level is simply a matter of navigation, the
following levels introduce further objects like bombs and teleports,
which have to be used right to solve the puzzles.
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Switch to upstream ATF of recent version to fix build with recently
updated mv-ddr. The vendor does not provide public access to newer ATF
versions anymore.
Bump U-Boot and kernel to fix dtc build on hosts with gcc 10.
Increase rootfs size. The default 60MB is not enough.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/948622614
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Don't add mbedtls support since it require a bundled and specific
version.
Keep experimental Python binding support disabled for now.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit switches the luasyslog package to use a fork of the
project that has good Lua 5.3 support.
This fork has a public repository on Github
(https://github.com/ntd/luasyslog/), and is available as a Lua Rock
(https://luarocks.org/modules/ntd/luasyslog), but unfortunately the
rockspec uses a build method that is not supported by the Buildroot
luarocks infrastructure. Therefore, we used the autotools build system
provided by this fork.
Because this fork has good support for Lua 5.3, the "Lua 5.3
compatibility" patch becomes useless and can be dropped.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The manual incorrectly refers to the script file as `setup-environment';
it is actually called `environment-setup'.
Signed-off-by: Konrad Schwarz <konrad.schwarz@siemens.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
linux-*/arch/arm/boot/dts/imx6ul.dtsi
requires the install of the sdma-imx6q.bin as stated in
line 727: fsl,sdma-ram-script-name = "imx/sdma/sdma-imx6q.bin";
without the BR2_PACKAGE_FIRMWARE_IMX_SDMA_FW_NAME being set to "imx6q"
line 102 of firmware-imx.mk does not install the firmware to to target
Signed-off-by: Rob Mellor <Rob.Mellor@ultra-pals.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Changes:
* Add JAS_VERSION_MAJOR, JAS_VERSION_MINOR, JAS_VERSION_PATCH for
easier access to the JasPer version.
* Fixes stack overflow bug on Windows, where variable-length
arrays are not available. (#256)
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
support/scripts/pkg-stats:81:22: E211 whitespace before '('
support/scripts/pkg-stats:404:1: E305 expected 2 blank lines after class or function definition, found 1
support/scripts/pkg-stats:561:12: E713 test for membership should be 'not in'
support/scripts/pkg-stats:567:1: E302 expected 2 blank lines, found 1
support/scripts/pkg-stats:595:1: E302 expected 2 blank lines, found 1
support/scripts/pkg-stats:1051:1: E302 expected 2 blank lines, found 1
support/scripts/pkg-stats:1057:1: E302 expected 2 blank lines, found 1
Also fix:
support/scripts/pkg-stats:1054:5: E722 do not use bare 'except'
found by a more recent flake8 version. The exception may be either
IndexError or AttributeError, so use Exception to catch either.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
move
http-client-body-temp-path
http-proxy-temp-path
http-fastcgi-temp-path
http-scgi-temp-path
http-uwsgi-temp-path
from /var/tmp/nginx to /var/cache/nginx
this allows the use of systemd constructs
LogsDirectory=nginx
CacheDirectory=nginx
to replace
ExecStartPre=/usr/bin/mkdir -p /var/log/nginx /var/tmp/nginx
as there isn't a similar construct for /var/tmp.
Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit improves pkg-stats to fill in pkg.status['cve'] depending
on the situation for CVEs affecting this package. They are then used
in the HTML rendering.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Virtual packages (with in pkg-stats speak have "no valid
infrastructure") and packages that have no version specified cannot be
used for CVE checking. They trigger a bunch of warnings from the CVE
checking code, as it cannot parse their version: they don't have any
version. So instead, we simply skip those packages.
A follow-up commit will improve the reporting to be able to
distinguish those packages from packages that have seen their CVEs
checked and don't have any reported.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit modifies cve.py, as well as its users cve-checker and
pkg-stats to support CPE ID based matching, for packages that have CPE
ID information.
One of the non-trivial thing is that we can't simply iterate over all
CVEs, and then iterate over all our packages to see which packages
have CPE ID information that match the CPEs affected by the
CVE. Indeed, this is an O(n^2) operation.
So instead, we do a pre-filtering of packages potentially affected. In
check_package_cves(), we build a cpe_product_pkgs dict that associates
a CPE product name to the packages that have this CPE product
name. The CPE product name is either derived from the CPE information
provided by the package if available, and otherwise we use the package
name, which is what was used prior to this patch.
And then, when we look at CVEs, we only consider the packages that
have a CPE product name matching the CPE products affected by the
CVEs. This is done in check_package_cve_affects().
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit improves the pkg-stats script to show the CPE ID of
packages, if available. For now, it doesn't use CPE IDs to match CVEs.
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Link with libatomic if available.
Fixes:
- http://autobuild.buildroot.net/results/e0766eef95a2559d51e58d1a81a9c40df84ae509
.../build/quickjs-2020-11-08/quickjs.c:12229: undefined reference to `__atomic_fetch_xor_1'
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
- make it a generic variable, not tied to -latomic
- pass it in all step, like CROSS_PREFIX
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Set CMAKE_BUILD_TYPE to Release to avoid the following build failure
with glibc < 2.12:
/home/buildroot/autobuild/run/instance-1/output-1/build/libmdbx-0.9.2/mdbx.c:487:5: error: #warning "libmdbx was only tested with GLIBC >= 2.12." [-Werror=cpp]
# warning "libmdbx was only tested with GLIBC >= 2.12."
^~~~~~~
cc1: all warnings being treated as errors
Fixes:
- http://autobuild.buildroot.org/results/1a60b2c3d2f276f99a22da48e8e16fcf5744eba0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Leonid Yuriev <leo@yuriev.ru>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since its introduction in Buildroot in 2013 with commit 07203d78c2
(trace-cmd: new package), trace-cmd has declared installing in staging.
But trace-cmd is a generic-package, and has never, ever provided any
commands for staging installation.
Drop this declaration.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
rpcbind is only used by nfsd to export nfs share supporting older
v2, v3 protocols.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
- move the select to the corresponding symbol
- tweak the commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The layout of the pacakge direcotry has changed, as upstream has added
more than just trace-cmd in the repository (e.g. kernel-shark).
However, the buildsystem for trace-cmd is... unconventional:
- the top-level Makefile will recurse into the trace-cmd/
sub-directory, but does not pass any variable on the $(MAKE) command
line; instead, it exports them in the environment, e.g.:
export CFLAGS
- the top-level Makefile appends some definitions to CFLAGS et al.,
sometimes with a simple append-assignment, sometimes with an
overriden append-assignment, e.g.:
CFLAGS += -DVSOCK
override CFLAGS += -DNO_PTRACE
- the top-level Makefile does not export all the variables. For
example, LDFLAGS is not exported;
- the Makefile in the trace-cmd/ sub-directory expects some variables
to be set, which is done by the top-level Makefile.
As a consequence, we can no longer pass our variable definitions as make
variable defintions on the command line; we must pass them in the
environment. Note that for some, like CFLAGS, that would still work, but
it would not for others, like LDFLAGS; for consistency, we put all in
the environment.
We can however use the provided 'make install', that behaves as
expected. But we must repeat most environment variables; especially, we
duplicate TARGET_CONFIGURE_OPTS as it has PATH et al. which are needed
by the top-level Makefile to properly detect tools (e.g. swig), which it
uses to decide what it should install.
Drop upstreamed patch.
Update the licensing information: new license files have been added in a
sub-directory, and the top-level COPYING now only references those two
(rather than being the actual text of the GPL-2).
Use two spaces in hash file.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
[yann.morin.1998@free.fr:
- keep using a git clone
- unbreak the build:
- use the default make target rule, or the plugins and python
bindings be built at install time, with the host compiler
- use the default install target rule
- expand commit log:
- detail buildsystem issues
- add new license files and their hashes
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add -p argument that ignore that specified directory already exists.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr:
- split to its own patch
- rewrite commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add -p argument that ignore that specified directory already exists.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr:
- split to its own patch
- rewrite commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr:
- use $(INSTALL), not "mkdir -p + cp"
- split to its own patch
- rewrite commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add the new SAM9X60 Evaluation Kit with linux4sam_2020.04
components. Update README file with new defconfigs.
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Set GIT_EXECUTABLE to OFF to avoid the following build failure:
CMake Error at /home/fabrice/br-test-pkg/br-arm-cortex-a9-glibc/host/arm-buildroot-linux-gnueabihf/sysroot/usr/share/bctoolbox/cmake/bctoolboxCMakeUtils.cmake:162 (message):
invalid git describe version: ''
Call Stack (most recent call first):
CMakeLists.txt:125 (bc_compute_lib_version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 7d17ae2acf (.flake8: fix check for 80/132 columns) introduced a
difference in how flake8 behaves between the automatic checks done in
the CI, where the maximum line length is 132, and the local checks,
where the maximum line length is 80.
The rationale at the time was that we recommend 80 char lines, but that
we accept 132 when it makes sense for readability.
However, this is very annoying when running flake8 locally, because of
two reasons:
1. human reviews on python scripts have not been as thorough as we did
expect; indeed, we've let a lot of long lines slip through; this
causes a lot of spurious failures that hide away the actual errors;
2. when hacking on a python script, the issues reported will not be
caused by the current changes, so the many reported failures
actually hide away the newly introduced issues.
Additionally, our 'make check-flake8' rule already enforces the 132-char
limit, and the issues reported are different than when manually running
flake8 on individual files.
Furthermore, the readability rationale for the 80-char limit is
definitely shattered by the mere rationale of allowing 132-char limit
for... readability...
We've arrived to a point where this separation is causing our checks
around flake8 to become mostly unusable and useless, as they do not
report meaningful issues, and people are no longer paying attention, and
this has caused actual issues to be introduced.
Finally, terminal emulators of today have long lifted the 80-char limit,
and are more than capable of displaying 132-char wide lines.
Switch back to using a 132-char limit.
This reverts commit 7d17ae2acf.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
An 'else' or 'elif' clause inside a make conditional should not be indented
in the same way as the if/endif clause. check-package did not recognize the
else statement and expected an indentation.
For example:
ifdef FOOBAR
interesting
else
more interesting
endif
would, according to check-package, need to become:
ifdef FOOBAR
interesting
else
more interesting
endif
Treat 'else' and 'elif' the same as if-like keywords in the Indent test, but
take into account that 'else' is also valid shell, so we need to correctly
handle line continuation to prevent complaining about the 'else' in:
ifdef FOOBAR
if true; \
... \
else \
... \
fi
endif
We don't add the 'else' and 'elif' statements to start_conditional, because
it would cause incorrect nesting counting in class OverriddenVariable.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a menu entry to enable/disable jitterentropy library. Make it
enabled by default to preserve the old behavior.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 7105e65cd6 ("package/openvpn:
adds target install of systemd unit files") added the installation of
systemd unit files. But in fact, they can be installed by openvpn's
build system. It was simply not working due to the custom install step
implemented in openvpn.mk.
So instead, let's have the autotools-package infra call "make
install", which properly installs everything that's needed for
openvpn, including systemd units, but also plugins, etc.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
While bumping:
* removing upstreamed patches
* adding a dependency on libatomic_ops required by the newer version
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
François Perrad already has package/lua* associated to him in the
DEVELOPERS file, so it makes sense to have him as well associated to
all Lua test cases.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch adds libmdbx v0.9.2:
- libmdbx is one of the fastest compact embeddable key-value ACID database.
- libmdbx has a specific set of properties and capabilities,
focused on creating unique lightweight solutions.
- libmdbx surpasses the legendary LMDB (Lightning Memory-Mapped Database)
in terms of reliability, features and performance.
- https://github.com/erthink/libmdbx
Signed-off-by: Leonid Yuriev <leo@yuriev.ru>
[yann.morin.1998@free.fr: split long lines]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
gdb python support now uses Python3 if python3 is selected, otherwise
uses python(2) as before.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
[yann.morin.1998@free.fr: drop the gdb-python-config duplication]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The gdb-python-config simulates a python-2.7, with a hard-coded 2.7
version.
gdb also supports running with python3 nowadays, so prepare the wrapper
to return appropriate values.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
XML bomb protection for Python stdlib modules.
Signed-off-by: Simon Rowe <simon.rowe@citrix.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Dependency on threads comes from libllcp itself not from libusb (which
is not even selected)
While at it, also add a comment about this dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
[yann.morin.1998@free.fr: two spaces for license files in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit d82da39d55 forgot to move
BR2_PACKAGE_CA_CERTIFICATES condition under BR2_PACKAGE_LIBTASN1 to
avoid the following build failure:
checking if trust module is enabled... configure: WARNING: --with-libtasn1 is needed in order to build the trust module, disabling
no
checking for trust module paths... configure: error: need --enable-trust-module in order to specify trust module paths.
Fixes:
- http://autobuild.buildroot.org/results/e7f68205e1b776f9af34e6017f6eb17f46aa2f19
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Rebase on the mv-ddr-devel branch as the release branches are no longer
maintained.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Required in order to build properly with the latest stable release of
EDK2 UEFI firmware.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Additionally, fix the ldflags specification of the package version.
The "autogen" script does not actually configure anything anymore, and
instead exports a LDFLAGS environment variable which we can't
use. Instead, specify the version information via LDFLAGS directly in
the Buildroot makefile, similar to containerd and other packages.
While at it, fix the formatting of the hash file for the LICENSE file
hash.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
While at it, fix the formatting of the hash file for the LICENSE file
hash.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adds build targets for runc shims.
Removes the outdated and now unnecessary symlinks to docker-runc
docker-containerd etc as well.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In barebox v2020.09.0, kconfig has been updated to a newer version
based on Linux 5.9-rc2. As in linux, kconfig can call the compiler
to test its capabilities.
We have no way to know if a custom version would require it or not,
so we just unconditionally depend on the toolchain
Signed-off-by: Jules Maselbas <jmaselbas@kalray.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We're now using 2.32 as the default glibc version, so we no longer
need to use a special version for the ARC architecture.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for obsolete RPC was dropped in glibc 2.14 (2011-05-31), then
reinstated and marked obsolete in glibc 2.16 (2012-06-30), and finally
dropped for good in 2.32 (2020-08-04), which we are about to start
using.
In preparation for that, drop the usage of obsolete RPC support in
glibc.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: add a bit of history]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Same version as NXP release 5.4.70-2.3.0
- No changelog provided by NXP
- Tested on Nitrogen8M device with Weston (DRM backend) as follows:
# cd /usr/share/examples/viv_samples/vdk/
# ./tutorial7
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Same version as NXP release 5.4.70-2.3.0
- EULA/COPYING: update to LA_OPT_NXP_Software_License v17
- No changelog provided by NXP
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Same version as NXP release 5.4.70-2.3.0
- EULA/COPYING: update to LA_OPT_NXP_Software_License v17
- backend libraries have moved to separated folders
- can now be simply copied, no more symlink or -fb/wl/x11.so
- wayland backend was renamed from 'wl' to 'wayland'
- sed on headers for LINUX removed as packages now expected to use
pkgconfig files properly (just like fb fixup was removed)
Key Improvements (from NXP changelog):
- GLES CTS 3.2.6.1
- Vulkan 1.1.6
- OpenVX 1.2
- GPU & NPU accelerated ML support
- OpenCV 4.2
- Chromium v74
- Support for renderdoc 1.7
- Support for TFlite 2.2
- NNCTS 1.2
- Vulkan backend support for Unity
Fixes: afbeed5d17 ("package/freescale-imx/imx-gpu-viv: bump version to
6.4.3.p0.0")
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With the introduction of gdb 10.1, we now have four versions of gdb
supported, so let's drop support for the oldest.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Now that we have added gdb 10.1, let's switch to using gdb 9.2 as the
default version.
Noe that there previously was a discrepancy between the default when a
host gdb was enabled, and when it was not: in the ofrmer case, the
default was 8.3.x, while for the latter it was 8.2.x. Now both are
aligned to 9.2.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: add blurb about previous version discrepancy]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
All patches from gdb 9.2 are kept, except
0006-sim-ppc-Fix-linker-error-with-fno-common.patch which is
upstream. The other patches are rebased to accommodate some code
re-organization in gdb 10.x, especially the move of the gdbserver code
from gdb/gdbserver/ to gdbserver/.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Starting with glibc-2.32, the RPC code has been removed from
glibc [0], and it is not possible anymore to enable it, even
with the --enable-obsolete-rpc configure option (which was
also removed).
riscv32 and arc both use a glibc 2.32+ so do not forcefully
enable native RPC for them.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The logic in gen-bootlin-toolchains was assuming all glibc toolchains
have RPC support, which is no longer true since glibc 2.32 has dropped
RPC support.
It turns out that gen-bootlin-toolchains already had some proper logic
that selects BR2_TOOLCHAIN_HAS_NATIVE_RPC depending on the presence of
BR2_TOOLCHAIN_EXTERNAL_INET_RPC in the toolchain fragment. As such
toolchain fragments have been fixed in https://toolchains.bootlin.com,
we can now rely on this to properly decide if the toolchain has RPC
support or not.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
[yann.morin.1998@free.fr:
- fix filename for sha256 entry
- two spaces in hash file
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
It was originally added in 6dc861f2a2 ("libtirpc: new package")
for libtirpc 0.2.2 (8 years ago). It might have been fixed in
5f00f8c ("Remove dependency to nis.h"), released in 1.0.2.
Testing with test-pkg shows the only failure for br-riscv32:
RPC support not available in C library, please disable
BR2_TOOLCHAIN_EXTERNAL_INET_RPC
But test fails with the same error even when this patch is kept.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Use a more generic template for SysV init script, similar to packages
like syslog-ng. This includes adding support for both reload and
restart. Add support for sourcing /etc/default/connmand file, so that
new commandline arguments can be added more easily.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The upstream git tree has disappeared, but a ZIP file is still hosted
somewhere at NXP. The content of that zip file has been verified to be
100% identical to the tarball we hosted on s.b.o.
As this is a zip file, we can't use the generic extract commands, and
must come up with our own. As such, it no longer makes sense to fix the
CRLF as a post-extract hook; this is moved to the extract command.
Add a hash file while at it.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
With 1.10, building without libnuma is no longer supported (upstream
commit 240938737e: rt-tests: cyclictest: Remove support for compiling
without NUMA)
So, revert 7e90744e6 (package/rt-tests: make numactl an optional
dependency) while bumping to rt-test 1.10.
Signed-off-by: Florian La Roche <Florian.LaRoche@gmail.com>
[yann.morin.1998@free.fr: reintroduce dependency on numactl]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This variable can be used by package to pass extra environment
variables to the download logic. It will be used for the Go/Cargo
vendoring.
The <pkg>_DL_ENV variable is intentionally not documented: at this
point, it is not meant to be used by packages directly, but only by
package infrastructures.
Suggested-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: move the two _ENV variables to the same line]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for the jitterentropy lib is added by the services/entropyd
module in the SELinux refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for the iputils is added by the admin/netutils module in the
SELinux refpolicy for the following tools :
- arping
- ping
- tracepath
- traceroute6
Support for rdisc is added by services/rdisc.
Support for tftpd is added by services/tftp.
Note: listing the same SELinux module multiple times is OK, as the list
of modules is eventually $(sort)ed anyway.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
[yann.morin.1998@free.fr: simplifications to only use positive logic]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for wpa_supplicant is added by the services/networkmanager
module in the SELinux refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for NetworkManager is added by the services/networkmanager
module in the SELinux refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for iwd and its configuration files is added by the
services/networkmanager module in the SELinux refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
typing_extensions package is needed starting from aiohttp v3.7.1.
While at it sort all dependencies alphabetically.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As of meson 0.56.0, `<lang>_args` and `<lang>_link_args` in the
`[properties]` section are deprecated and should be placed in the
`[built-in options]` section instead.
Source: https://mesonbuild.com/Machine-files.html#properties
Fixes the following deprecation warnings:
> DEPRECATION: c_args in the [properties] section of the machine file is deprecated, use the [built-in options] section.
> DEPRECATION: c_link_args in the [properties] section of the machine file is deprecated, use the [built-in options] section.
> DEPRECATION: cpp_args in the [properties] section of the machine file is deprecated, use the [built-in options] section.
> DEPRECATION: cpp_link_args in the [properties] section of the machine file is deprecated, use the [built-in options] section.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, rt-tests don't show up in menuconfig and cannot be built if
BR2_PACKAGE_NUMACTL_ARCH_SUPPORTS is not available for the target
architecture. In such a case numactl is also not available what
applies for most small embedded targets.
This dependency was introduced with commit 7f50cbfb80
("package/rt-tests: bump to version 1.8")
But rt-tests can also be build without numactl when passing NUMA=0 to make.
This possibility is documented on
https://wiki.linuxfoundation.org/realtime/documentation/howto/tools/rt-tests
So this commit changes rt-tests to handle numactl as an optional
dependency.
Signed-off-by: Andreas Klinger <ak@it-klinger.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This adds generic firmware for USB TI 3410/5052 devices and a couple of
device specific firmwares.
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the folloing build failure with protobuf (enabled since commit
31c68a449e) and gcc 5.3.0:
[ 53%] Building CXX object modules/dnn/CMakeFiles/opencv_dnn.dir/opencv-caffe.pb.cc.o
In file included from /home/peko/autobuild/instance-1/output-1/per-package/opencv3/host/opt/ext-toolchain/mips64el-buildroot-linux-uclibc/include/c++/5.5.0/atomic:38:0,
from /home/peko/autobuild/instance-1/output-1/per-package/opencv3/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/google/protobuf/io/coded_stream.h:115,
from /home/peko/autobuild/instance-1/output-1/build/opencv3-3.4.12/buildroot-build/modules/dnn/opencv-caffe.pb.h:23,
from /home/peko/autobuild/instance-1/output-1/build/opencv3-3.4.12/buildroot-build/modules/dnn/opencv-caffe.pb.cc:4:
/home/peko/autobuild/instance-1/output-1/per-package/opencv3/host/opt/ext-toolchain/mips64el-buildroot-linux-uclibc/include/c++/5.5.0/bits/c++0x_warning.h:32:2: error: #error This file requires compiler and library support for the ISO C++ 2011 standard. This support must be enabled with the -std=c++11 or -std=gnu++11 compiler options.
#error This file requires compiler and library support \
^
Fixes:
- http://autobuild.buildroot.org/results/7caf175af039054a032b8f63b458b3940d9ec0f3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenCV-3's buildsystem will try to detect ccache and use it if
available. This may yield a system-installed ccache.
However, in Buildroot, ccache is entirely hidden away and handled in the
toolchain wrapper.
Forcibly disable detection of ccache.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The imx-gpu-viv install libOpenCL.so.1.2 library and cl.h header,
so declare it as a libopencl provider.
With this support we can select the clinfo package provided by
Buildroot instead of the one provided by imx-gpu-viv package.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add all configure options through DHCP_CONFIG_OPTS and avoid splitting
lines when they are less than 80 characters
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With BR2_RELRO_PARTIAL or BR2_RELRO_FULL, our toolchain wrapper will
forcibly add -Wl,-z,relro to any call to the actual compiler. This
usually works OK, because gcc will only use those options it needs for
the compile step it has to carry: pre-processing, compiling, assembling,
or linking, and ignore those options it does not need.
Excpt in one case: when -v is passed standalone, with no input file,
then gcc will falsely believe it has to do a link stage;
$ gcc -Wl,-z,relro -v
[...]
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/9/../../../x86_64-linux-gnu/Scrt1.o: in function `_start':
(.text+0x24): undefined reference to `main'
collect2: error: ld returned 1 exit status
Fixing that in our wrapper will not be easy, because we'd have to detect
there is no input file. Doing so would probably require we support
almost all gcc options to differentiate between the parameter of an
option (e.g. -I /some/path) from an actual inpout file. This would not
be very robust, and would have a high risk od breaking when we introduce
the next gcc version.
Since it seems that only rhash is affected, due to its inventive,
custom, hand-written configure script, we just patch it to be a bit more
robust in the face of a compiler that could not accept -v, and fallback
to --version.
Fixes:
- http://autobuild.buildroot.org/results/8605c16cc28316954ce8b9dcc266974390c5da20
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- retain "$CC -v" as default, fallback to "$CC --version", in the hope
that it stands better chance with upstream
- write a commit log to explain the actual root-cause of the build
failure
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Multi format codec (MFC) is the IP present in Samsung Exynos series SoCs
for video encoding/decoding operations.
Signed-off-by: Stefan Agner <stefan@agner.ch>
[yann.morin.1998@free.fr: add all FW versions]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In buildroot, stripping for the target is configured and implemented
with the global `BR2_STRIP_strip` option that drive the stripping in
the target-finalize step.
So, we explicitly disable stripping at build time for the target
variants.
For the host variants, however, we don't much care about symbols and
stuff, but smaller executables will hopefully load faster than bigger
ones (disputable, given that sections in ELF files are paged-in
on-demand), so we explictly enable stripping.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[yann.morin.1998@free.fr:
- add burb about the target-finalize step
- enable stripping for host variants
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes:
- http://autobuild.buildroot.net/results/966a3de94aa97fa8e9895eede29c9cbfb4bd7301
.../host/lib/gcc/arm-buildroot-linux-musleabihf/9.3.0/../../../../arm-buildroot-linux-musleabihf/bin/ld: warning: libisccfg.so.163, needed by ../../lib/bind9/.libs/libbind9.so, not found (try using -rpath or -rpath-link)
.../host/lib/gcc/arm-buildroot-linux-musleabihf/9.3.0/../../../../arm-buildroot-linux-musleabihf/bin/ld: ../../lib/bind9/.libs/libbind9.so: undefined reference to `cfg_obj_line'
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Peter: replace by upstream patches]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2020-25692: A NULL pointer dereference was found in OpenLDAP server
and was fixed in openldap 2.4.55, during a request for renaming RDNs. An
unauthenticated attacker could remotely crash the slapd process by sending
a specially crafted request, causing a Denial of Service.
- CVE-2020-25709: Assertion failure in CSN normalization with invalid input
- CVE-2020-25710: Assertion failure in CSN normalization with invalid input
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Peter: add CVE info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Includes security fixes up to XSA-359:
XSA-345: x86: Race condition in Xen mapping code
XSA-346: undue deferral of IOMMU TLB flushes
XSA-347: unsafe AMD IOMMU page table updates
XSA-348: undue recursion in x86 HVM context switch code (CVE-2020-29566)
XSA-351: Information leak via power sidechannel (CVE-2020-28368)
XSA-352: oxenstored: node ownership can be changed by unprivileged clients
(CVE-2020-29486)
XSA-353: oxenstored: permissions not checked on root node (CVE-2020-29479)
XSA-355: stack corruption from XSA-346 change
XSA-356: infinite loop when cleaning up IRQ vectors (CVE-2020-29567)
XSA-358: FIFO event channels control block related ordering (CVE-2020-29570)
XSA-359: FIFO event channels control structure ordering (CVE-2020-29571)
And drop now upstreamed security patches.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2020-8277: Denial of Service through DNS request (High). A Node.js
application that allows an attacker to trigger a DNS request for a host of
their choice could trigger a Denial of Service by getting the application
to resolve a DNS record with a larger number of responses.
https://nodejs.org/en/blog/release/v12.19.1/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The commit [1] added this option a second time.
Remove the first occurence.
Fixes:
configs/nitrogen6x_defconfig:31:warning: override: reassigning to symbol BR2_PACKAGE_HOST_UBOOT_TOOLS
[1] 6ea9f662a0
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This will avoid the following build failure with xtensa:
[ 62%] Linking CXX executable ../../guids_test
[ 62%] Building CXX object retrace/CMakeFiles/retrace_common.dir/retrace.cpp.o
CMakeFiles/guids_test.dir/guids_test.cpp.o:(.debug_line+0xf7b): dangerous relocation: overflow after relaxation
collect2: error: ld returned 1 exit status
lib/guids/CMakeFiles/guids_test.dir/build.make:85: recipe for target 'guids_test' failed
Fixes:
- http://autobuild.buildroot.org/results/8fea93a88bb34e98e391a048c3b996b45ebac803
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In a Linux system without IPv6 support (or booted with "ipv6.disable=1")
file /proc/net/snmp6 is not present. If such file is not present an allocated
memory is not freed. Memory leak occurs even without snmp queries.
Problem seen at least since netsnmp 5.7.3 (probably even v5.6.1).
Patch backported from netsnmp 5.9, where the problem does not appear any more.
Signed-off-by: Adam Wujek <dev_public@wujek.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add xf86drm.c as the license file and while at it, update the indentation
in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that
$ssl_force_tls was processed if an IMAP server's initial server response
was invalid. The connection was not properly closed, and the code could
continue attempting to authenticate. This could result in authentication
credentials being exposed on an unencrypted connection, or to a
machine-in-the-middle.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_PACKAGE_QT5BASE_OPENSSL was dropped by commit 4be1f9b9873
(package/qt5enginio: drop qt 5.6 support), but python-pyqt5 not updated to
match. Fix that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This allows to build against newer kernels (up to 5.10).
Added support for new HW (Edimax EW-7811Un V2, RTL8188FU, MERCUSYS
MW150US v2, various RTL8188CE)
Tested on kernel v5.9.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The host-ncurses install step attempts to run ldconfig, causing a permission
failure:
cd /buildroot/output/host/lib && (ln -s -f libncurses.so.6.0 libncurses.so.6; ln -s -f libncurses.so.6 libncurses.so; )
test -z "" && /sbin/ldconfig
/sbin/ldconfig: Can't create temporary cache file /etc/ld.so.cache~: Permission denied
make[3]: [/buildroot/output/host/lib/libncurses.so.6.0] Error 1 (ignored)
The error is non-fatal and ignored, but confusing.
The ncurses makefiles already avoid calling ldconfig when DESTDIR is set
(target case) but for host-ncurses DESTDIR is empty and the output/host path
is passed via --prefix.
Pass an empty ac_cv_path_LDCONFIG to the configure step, so than ldconfig is
not called.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The 'opkg.py' script installed by host-opkg-utils has as shebang:
#!/usr/bin/env python3
which may not be available on all host machines.
Add a potential dependency on host-python3 via BR2_PYTHON3_HOST_DEPENDENCY,
which will only add the host-python3 dependency if no python3 is already
available on the host.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
His e-mail has been bouncing for quite a while:
<sunsetbrew@sunsetbrew.com>: connect to
sunsetbrew.com[2a05:d014:9da:8c10:306e:3e07:a16f:a552]:25: Network is
unreachable
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
His e-mail has been bouncing for quite a while:
<owen@walpole.dev>: connect to mail.walpole.dev[99.91.194.115]:25: Connection
timed out
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When BR2_PER_PACKAGE_DIRECTORIES=y, $(TARGET_DIR) is evaluated as
$(BASE_DIR)/target, but $$(TARGET_DIR) is evaluated as
$(BASE_DIR)/per-package/$(PKG)_NAME/target.
Signed-off-by: Tian Yuanhao <tianyuanhao@aliyun.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When building for an ARMv8 in 32-bit, Go does not yet support ARMv8
optimizations (see issue: https://github.com/golang/go/issues/29373)
but can still benefit from ARMv7 optimizations.
Signed-off-by: Michael Baudino <michael@baudi.no>
[yann.morin.1998@free.fr:
- move the comment to its own line, expand and reword it a bit
- reword the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit fixes a typo in variable names that caused CC and CXX
environment variables to be empty.
Signed-off-by: Michael Baudino <michael@baudi.no>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Starting with CMake 3.4 CMake supports setting a compiler launcher
like ccache. The feature is described in
https://cmake.org/cmake/help/latest/variable/CMAKE_LANG_COMPILER_LAUNCHER.html
This should be safe since everything is built for the host using make or ninja.
The use of *_ARG1 is discouraged by the cmake developers
https://cmake-developers.cmake.narkive.com/OTa9EKfj/cmake-c-compiler-arg-not-documented .
Without this patch I get the following error message with CMake 3.19.1 on Arch Linux.
Disabling BR2_CCACHE also resolves the issue.
/usr/bin/cmake [~]/buildroot/build/host-lzo-2.10/ -DCMAKE_INSTALL_SO_NO_EXE=0 -DCMAKE_FIND_ROOT_PATH="[...]" -DCMAKE_FIND_ROOT_PATH_MODE_PROGRAM="BOTH" -DCMAKE_FIND_ROOT_P
ATH_MODE_LIBRARY="BOTH" -DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE="BOTH" -DCMAKE_INSTALL_PREFIX="[...]" -DCMAKE_C_FLAGS="-O2 -I[...]/include" -DCMAKE_CXX_FLAGS="-O2 -I[...]/include" -DCMAKE_EXE_LINKER_FLAGS="-L[...]/lib -Wl,-rpath,[...]/lib" -DCMAKE_SHARED_LINKER_FLAGS="-L[...]/l
ib -Wl,-rpath,[...]/lib" -DCMAKE_ASM_COMPILER="/usr/bin/as" -DCMAKE_C_COMPILER="[...]/bin/ccache" -DCMAKE_CXX_COMPILER="[...]/bin/ccache"
-DCMAKE_C_COMPILER_ARG1="/usr/bin/gcc" -DCMAKE_CXX_COMPILER_ARG1="/usr/bin/g++" -DCMAKE_COLOR_MAKEFILE=OFF -DBUILD_DOC=OFF -DBUILD_DOCS=OFF -DBUILD_EXAMPLE=OFF -DBUILD_EXAMPLES=OFF -DBUILD_TEST=OFF -DBUILD_TESTS=OFF -DBUILD_TESTING=O
FF -DENABLE_SHARED=ON -DENABLE_STATIC=OFF )
-- The C compiler identification is unknown
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - failed
-- Check for working C compiler: [...]/bin/ccache
-- Check for working C compiler: [...]/bin/ccache - broken
CMake Error at /usr/share/cmake-3.19/Modules/CMakeTestCCompiler.cmake:66 (message):
The C compiler
Signed-off-by: Bernd Amend <bernd.amend@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Tested-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This is really only for QoriQ SoCs. Also the upstream package - despite
its base name of the git repository - is "qoriq-components/rcw". Thus
rename it to a more specify package name.
Note that there are other rcw implementations for other platforms, and
each implementation only applies to that specific platform; it hus does
not make sense that there are more than one rcw enabled at the same
time; so we keep using /usr/share/rcw as the install location; this also
help backward compatibility with existing post-build scripts.
Signed-off-by: Changming Huang <jerry.huang@nxp.com>
Cc: Michael Walle <michael@walle.cc>
[yann.morin.1998@free.fr:
- rebase on master
- incorporate changes by Michael
- don't move to an 'nxp' sub-directory
- reword the legacy entry; select the new package
- expand commit log to explain why we keep installing in
host/usr/share/rcw/ (thanks to Michael for prompting that)
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Remove the note about non-working network. This was actually fixed with
linux kernel 5.9. This board is now on 5.10.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release. Drop the now upstreamed patches and add 3 new post-2.0.2
patches from the fixes branch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.15.6 (released 2020/12/03) includes fixes to the compiler, linker, runtime,
the go command, and the io package.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
TF-A supports stack smashing protection (-fstack-protector-*).
However, that feature is currently silently disabled because
ENABLE_STACK_PROTECTOR is not set during build time.
As documented in the TF-A user guide, the flag ENABLE_STACK_PROTECTOR
is required to enable stack protection support. When enabled the symbols
for the stack protector (e.g. __stack_chk_guard) are built.
This needs to be done because TF-A does not link against an external
library that provides that symbols (e.g. libc).
So in case we see that BR2_SSP_* is enabled, let's enable the corresponding
ENABLE_STACK_PROTECTOR build flag for TF-A as documented in the TF-A user guide.
This patch also fixes a the following linker errors with older TF-A versions
if BR2_SSP_* is enabled (i.e. -fstack-protector-* is used as compiler flag)
and ENABLE_STACK_PROTECTOR is not set, which are caused by the missing
stack protector symbols:
[...]
params_setup.c:(.text.params_early_setup+0xc): undefined reference to `__stack_chk_guard'
aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x14): undefined reference to `__stack_chk_guard'
aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x104): undefined reference to `__stack_chk_guard'
aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x118): undefined reference to `__stack_chk_fail'
aarch64-none-linux-gnu-ld: ./build/px30/release/bl31/pmu.o: in function `rockchip_soc_sys_pwr_dm_suspend':
pmu.c:(.text.rockchip_soc_sys_pwr_dm_suspend+0xc): undefined reference to `__stack_chk_guard'
[...]
TF-A releases after Nov 2019, that include 7af195e29a4, will circumvent
these issue by explicitliy and silently disabling the stack protector
by appending '-fno-stack-protector' to the compiler flags in case
ENABLE_STACK_PROTECTOR is not set.
Tested on a Rockchip PX30 based system (TF-A v2.2 and upstream/master).
Signed-off-by: Christoph Müllner <christoph.muellner@theobroma-systems.com>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Commit 78dc1f185b forgot to update the
license file from COPYING to LICENSE.
Here is an extract of the ChangeLog for Nmap 7.90 [2020-10-03]:
Upgraded the Nmap license form a sort of hacked-up version of GPLv2 to a
cleaner and better organized version (still based on GPLv2) now called
the Nmap Public Source License to avoid confusion. See
https://nmap.org/npsl/ for more details and annotated license text. This
NPSL project was started in 2006 (community discussion here:
https://seclists.org/nmap-dev/2006/q4/126) and then it lost momentum for
7 years until it was restarted in 2013
(https://seclists.org/nmap-dev/2013/q1/399) and then we got distracted
by development again. We still have some ideas for improving the NPSL,
but it's already much better than the current license, so we're applying
NPSL Version 0.92 to the code now and can make improvements later if
needed. This does not change the license of previous Nmap releases.
Fixes:
- http://autobuild.buildroot.org/results/8cef6a5e99ae341cced405a389346e2faccf6eec
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patch '0001-fix-compile-time-atomic-detection.patch' claims to be Merged but
this is not true. The linked issue is closed with 'Needs information', and
the code itself is effectively not merged.
Clarify the 'Upstream-status' line to make this more clear.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
* 4.6.2: A vulnerability (CVE-2020-27783) was discovered in the HTML Cleaner
by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner now
removes more sneaky "style" content.
* 4.6.1: A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry,
which allowed JavaScript to pass through. The cleaner now removes more
sneaky "style" content.
For more details, see the changes file:
https://github.com/lxml/lxml/blob/lxml-4.6.2/CHANGES.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A new major version, see the announcement for details:
https://mosquitto.org/blog/2020/12/version-2-0-0-released/
License has now changed to v2.0 of the Eclipse Public License, so update the
license info and hashes to match.
There is now optional cJSON support, so handle that.
Add upstream post-2.0.0 patches fixing build with cJSON and without TLS
support.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2020-27207: Zetetic SQLCipher 4.x before 4.4.1 has a
use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in
sqlite3.c. A remote denial of service attack can be performed. For
example, a SQL injection can be used to execute the crafted SQL command
sequence. After that, some unexpected RAM data is read.
https://www.zetetic.net/blog/2020/11/25/sqlcipher-442-release
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Propagate the fmt dependency on wchar.
Fixes:
- http://autobuild.buildroot.net/results/814b0f9c3df0076791ca73579b844ef4d56f13c3
[ 66%] Building CXX object CMakeFiles/fmt.dir/src/os.cc.o
In file included from .../build/fmt-7.1.3/include/fmt/os.h:26,
from .../build/fmt-7.1.3/src/os.cc:13:
.../build/fmt-7.1.3/include/fmt/format.h:1139:8: error: 'wstring' in namespace 'std' does not name a type
std::wstring str() const { return {&buffer_[0], size()}; }
^~~~~~~
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Currently, the ti-sgx packages and the beaglebone_qt5_defconfig do
not work with KMS nor Weston. What's worse, is the latest SDK version
06.03.00.106 (as of this commit) of these packages is broken and does
not correctly support KMS, and attempting to run KMS applications
results in eglfs initialization failures. As such, bumping these
packages to the version before 06.03.00.106 is the best option.
Because of the above problems, several packages must change at the
same time to ensure this patch does not break any other packages:
- ti-sgx-libgbm
- dropped, merged into ti-sgx-um, see below
- ti-sgx-um:
- bump the version that matches TI SDK 06.01.00.08.
- demove select BR2_PACKAGE_TI_SGX_LIBGBM in Config.in, as the libgbm
package merges ti-sgx-libgbm with this package.
- ti-sgx-km:
- bump the version that matches TI SDK 06.01.00.08.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Tested-by: Markus <zehnder@live.com>
[yann.morin.1998@free.fr:
- actually switch qt5base to use ti-sgx-um
- split the beaglebone config changes to their own patch
- split the ti-sgx-demos changes to their own patch
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Weston does not work with the ti-sgx SDK, so switch to using the
KMS-based demos.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr: split off into its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
weston does not work on the ti-sgx SDK, so switch to using KMS directly,
and drop the wayland-related config options.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr: split into its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Chnage hash file license marker to the more usual 'Hashes for
license files' text.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The hash of the license file is changed due to:
-Copyright (c) 2008-2019 Andrey Petrov and contributors (see CONTRIBUTORS.txt)
+Copyright (c) 2008-2020 Andrey Petrov and contributors (see CONTRIBUTORS.txt)
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changes:
* Fix CVE-2020-27828, heap-overflow in cp_create() in jpc_enc.c
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The configure script now runs 'make ready'. Drop it from BUILD_CMDS.
Refresh the musl support path.
Upstream now provides sha256 hashes. Format hashes with two spaces.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The Qt KNX module implements the client side of a connection between a
client and a KNXnet/IP server.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The Qt MQTT module provides a standard compliant implementation of the
MQTT protocol specification.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some qmake based packages need to call the syncqt.pl script before
building to have a properly populated "include" directory inside the
package build tree.
This script is normally automatically executed by qmake when a source
tree is from a git clone: buildroot purges the .git directory hence
the script never runs, and we need to call it explicitly. Setting
<pkg>_SYNC_QT_HEADERS = YES will force calling this script.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When tags was added by commit 011206b2bf
to detect the qemu command line, the qemu_arm_vexpress_tz_defconfig
was ignored due to a build issue.
This build issue has been fixed by previous patches, so we can
enable the runtime testing by adding the tag in the readme.txt
and the post-image script in the defconfig.
Since Qemu from HOST_DIR is now executed directly from BINARIES_DIR,
we can remove all the string before "qemu-system-*".
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Usually the qemu command line start directly with "qemu-system-<arch> ...".
But the command line for qemu_arm_vexpress_tz_defconfig start by doing
"cd output/images && ../host/bin/qemu-system-arm". This is necessary
since boot binaries, except BL1, are primarily loaded via semi-hosting
so all binaries has to reside in the same directory as QEMU is started
from [1].
To order to handle this case correctly, update the post-image.sh used
by all qemu defconfigs to execute qemu from BINARIES_DIR.
Since we have to change the current directory use a subshell to
restore the current directory after Qemu execution.
[1] https://github.com/ARM-software/arm-trusted-firmware/blob/4ebbea9592ab37fc62217d0ac62fa13a3e063527/docs/plat/qemu.rst
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When boot-qemu-image.py script was added, we wanted to run
each qemu defconfig in gitlab, so we expect that all qemu
defconfig generate the script start-qemu.sh in images
directory.
Don't make it a hard requirement even if we prefer to be
able to do a runtime test for each qemu defconfig.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which
allows access by actors other than the current user.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Bump to the latest kernel v5.9.11 and require openssl.
- Switch to PSCI for bringing up the secondary CPUs.
- Switch to GICv3.
- Update the instruction in the readme.txt to use the latest FVP v8
Foundation Platform 11.12 build 38, and to start 4 cores in SMP.
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fix the download url to reflect upstream website changes.
- Fix line numbers in patch 0001.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
upstream is finally using include_lib to include libraries. Adapt the patch
accordingly.
The hash of the license file has changed, due to:
-Copyright 2002-2019 ProcessOne SARL
+Copyright 2002-2020 ProcessOne SARL
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The rebar.config.script file adds a dependency to base64url package. Since we remove
all rebar dependencies, add a patch to remove such dependency. Otherwise rebar would
try to download it during the build.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The license file hash has changed due to:
-Copyright 2002-2019 ProcessOne SARL
+Copyright 2002-2020 ProcessOne SARL
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The license file hash has changed due to:
-Copyright 2002-2019 ProcessOne SARL
+Copyright 2002-2020 ProcessOne SARL
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- remove 0001-fix-compiler-errors-with-gcc-10.patch
(upstream)
- remove 0002-added-include-string-to-card.h-to-follow-gcc10-porti.patch
(upstream)
- convert to meson
- add patch to use system fmt instead of git submodule (fixes
configure 'ERROR: Include dir ext/fmt/include does not exist.')
- add patch to use system pybind11 instead of git submodule (fixes
configure 'ERROR: Include dir ext/pybind11/include does not exist.')
- add patch to use python only if pykms is enabled (fixes
configure 'ERROR: Dependency "pybind11" not found, tried pkgconfig')
- add optional libevdev dependency (needed for utils/kmstouch)
- update LICENSE file hash (replaced short copyright notice and
link to http://mozilla.org/MPL/2.0/ with complete license text)
- lift toolchain headers requirement to at least 4.11 (include
linux/dma-buf.h)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
While bumping, removing upstreamed patches. Removing also autoreconf
step cause we are not patching it anymore.
License hash is changed due to remove of notice for file
filter/sys5ippprinter.c.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
linux-firmware version 20201022 introduced a new sdio firmware for
QCA9377 sdio devices. Install it when support is selected.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
For readability, this reformatting is done in a separate commit, as this
package contains many license files.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Exporting ARCH and KERNELDIR makes easier to compile an external kernel
or out of tree kernel modules.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This commit adds a number of test cases to verify that the CPE_ID_*
variables are properly handled by the generic package infrastructure
and that the "make show-info" JSON output matches what we expect.
A total of 5 different example packages are used to exercise different
scenarios of CPE_ID_* variables usage.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, the match between Buildroot packages and CVEs is solely
based on the package names. Unfortunately, as one can imagine, there
isn't necessarily a strict mapping between Buildroot package names,
and how software projects are referenced in the National Vulnerability
Database (NVD) which we use.
The NVD has defined the concept of CPE (Common Platform Enumeration)
identifiers, which uniquely identifies software components based on
string looking like this:
cpe:2.3:a:netsurf-browser:libnsbmp:0.1.2:*:*:*:*:*:*:*
In particular, this CPE identifier contains a vendor name (here
"netsurf-browser"), a product name (here "libnsbmp") and a version
(here "0.1.2").
This patch series introduces the concept of CPE ID in Buildroot, where
each package can be associated to a CPE ID. A package can define one
or several of:
- <pkg>_CPE_ID_VENDOR
- <pkg>_CPE_ID_PRODUCT
- <pkg>_CPE_ID_VERSION
- <pkg>_CPE_ID_VERSION_MINOR
- <pkg>_CPE_ID_PREFIX
If one or several of those variables are defined, then the
<pkg>_CPE_ID will be defined by the generic package infrastructure as
follows:
$(2)_CPE_ID = $$($(2)_CPE_ID_PREFIX):$$($(2)_CPE_ID_VENDOR):$$($(2)_CPE_ID_NAME):$$($(2)_CPE_ID_VERSION):$$($(2)_CPE_ID_VERSION_MINOR):*:*:*:*:*:*
<pkg>_CPE_ID_* variables that are not explicitly specified by the
package will carry a default value defined by the generic package
infrastructure.
If a package is happy with the default <pkg>_CPE_ID, and therefore
does not need to define any of <pkg>_CPE_ID_{VENDOR,PRODUCT,...}, it
can set <pkg>_CPE_ID_VALID = YES.
If any of the <pkg>_CPE_ID_{VENDOR,PRODUCT,...} variables are defined
by the package, then <pkg>_CPE_ID_VALID = YES will be set by the
generic package infrastructure.
Then, it's only if <pkg>_CPE_ID_VALID = YES that a <pkg>_CPE_ID will
be defined. Indeed, we want to be able to distinguish packages for
which the CPE ID information has been checked and is considered valid,
from packages for which the CPE ID information has never been
verified. For this reason, we cannot simply define a default value
for <pkg>_CPE_ID.
The <pkg>_CPE_ID_* values for the host package are inherited from the
same variables of the corresponding target package, as we normally do
for most package variables.
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Reviewed-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, when the version encoded in a CPE is '-', we assume all
versions are affected, but when it's '*' with no further range
information, we assume no version is affected.
This doesn't make sense, so instead, we handle '*' and '-' in the same
way. If there's no version information available in the CVE CPE ID, we
assume all versions are affected.
This increases quite a bit the number of CVEs and package affected:
- "total-cves": 302,
- "pkg-cves": 100,
+ "total-cves": 597,
+ "pkg-cves": 135,
For example, CVE-2007-4476 has a CPE ID of:
cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*
So it should be taken into account. In this specific case, it is
combined with an AND with CPE ID
cpe:2.3:o:suse:suse_linux:10:*:enterprise_server:*:*:*:*:* but since
we don't support this kind of matching, we'd better be on the safe
side, and report this CVE as affecting tar, do an analysis of the CVE
impact, and document it in TAR_IGNORE_CVES.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Enabling package host build for abootimg so that boot images can be
created for boards which boot from this format.
Signed-off-by: Mike Frampton <mikeframpo@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Installs the required Wifi/BT firmware blobs for the Qualcomm
Dragonboard 410c SBC.
Signed-off-by: Mike Frampton <mikeframpo@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Update the hash accordingly.
- Remove a patch, as its fix is in this new version of pixz.
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Attempting to compile this package with newer Kernel version (e.g. v5.4)
fails with message:
Generating local configuration database from kernel ...Kernel version parse failed!
Upgrading the package to 5.8 fixes this issue. Anyways, v4.4 is now
rather old and beat the very purpose of having newer drivers in older
kernels.
Since backports tag v4.14-rc4-1, the requirement on minimal kernel
version changed from 3.0 to 3.10. See commit [1]. The minimal kernel
version check is changed accordingly.
License files are also updated: the linux backports package copies the
license files from the kernel version used for its generation. v5.8 is
now "GPL-2.0 WITH Linux-syscall-note". However, there is no such SPDX
identifier (contrary to what is said in the COPYING file), so we keep it
as GPL-2.0 (which also keeps it aligned to what we have in linux.mk).
[1] https://git.kernel.org/pub/scm/linux/kernel/git/backports/backports.git/commit/?id=a0d05f9f9ca50ea8b1d60726fac6b54167257e76
Signed-off-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Tested-by: Petr Vorel <petr.vorel@gmail.com>
[yann.morin.1998@free.fr: keep license as GPL-2.0, like for linux]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* master: (125 commits)
package/jpeg-turbo: security bump to version 2.0.5
package/modem-manager: bump to version 1.14.8
package/c-ares: security bump to version 1.17.0
docs/website: update for 2020.02.8
Update for 2020.02.8
docs/website: update for 2020.08.2
Update for 2020.08.2
package/qemu: fix build with 64 bits time_t
package/harfbuzz: fix build without threads
boot/uboot: fix custom repo error message
package/numactl: needs -fPIC
package/dovecot-pigeonhole: fix build with per-package directories
package/libpam-tacplus: remove duplicate LIBPAM_TACPLUS_AUTORECONF
package/openntpd: needs host-bison
package/xorriso: fix host option
DEVELOPERS: drop Trent Piepho
package/postgresql: security bump to version 12.5
package/redis: security bump to version 6.0.9
Revert "package/linux-backports: bump version to 5.8"
package/linux-backports: bump version to 5.8
...
python-protobuf: drop patch 0001 as it is applied upstream
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Static build of luajit is disabled since commit b2e8f28efa
("package/luajit: disable for static build"). Remove the related
BUILDMODE handling as well.
Cc: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bumping the package requires two fixes:
* pillow looks for header files in paths returned by pkg-config.
On buildroot, pkg-config returns nothing if PKG_CONFIG_ALLOW_SYSTEM_CFLAGS
is disabled.
* png is the default pillow image format and png format is working only
if python zlib module is available.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Tested-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
QT can default to outputting the logs to syslog instead of to the
console with this compile time switch. That behavior can still be
overridden by setting the environment variable QT_LOGGING_TO_CONSOLE to
1.
Signed-off-by: Jeff Zignego <jzignego@hedcontrols.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
@@ -72,9 +72,17 @@ You will see something like this at boot time:
[ 4.569596] GPT:266272 != 7864319
[ 4.572925] GPT: Use GNU Parted to correct GPT errors.
What does not work
==================
Updating the bootloader
=======================
For reasons unknown, the network card doesn't work if you use the original
vendor bootloader. Board support patches for upstream u-boot are currently
pending. Stay tuned.
Buildroot will automatically build the u-boot bootloader. The resulting
image is called u-boot.rom and you can find it in the images/ directory.
To update the bootloader on the board you could either copy it to an
USB thumb drive or you could put it on a TFTP server. The following
example assumes you have the bootloader image copied to the root of
a thumb drive:
# usb start
# load usb 0:1 $loadaddr u-boot.rom
# sf probe 0 && sf update $fileaddr 0x210000 $filesize
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.