- Fix CVE-2020-11100: In hpack_dht_insert in hpack-tbl.c in the HPACK
decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can
write arbitrary bytes around a certain location on the heap via a
crafted HTTP/2 request, possibly causing remote code execution.
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5ec43086bc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
* CVE-2020-11501: It was found that GnuTLS 3.6.3 introduced a
regression in the DTLS protocol implementation. This caused the DTLS
client to not contribute any randomness to the DTLS negotiation
breaking the security guarantees of the DTLS protocol.
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 170d06cfc6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gcc fails to build in debug build with debug optimisations:
BR2_x86_corei7=y
BR2_ENABLE_DEBUG=y
BR2_DEBUG_3=y
BR2_OPTIMIZE_G=y
BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y
which fails with:
../../../../libsanitizer/libbacktrace/../../libbacktrace/elf.c:772:21: error: ‘st.st_mode’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
return S_ISLNK (st.st_mode);
^
Upstream has been unable to reproduce/fix properly, details:
https://gcc.gnu.org/legacy-ml/gcc-patches/2019-03/threads.html#00827
Upstream recommends passing -Wno-error as a workaround, see:
https://gcc.gnu.org/pipermail/gcc-patches/2019-April/519867.html
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr: add the reproducing defconfig]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit dcaf6e75ac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
After the staging installation, we replace a number of paths in libtool
.la files so that those paths point to STAGING_DIR instead of a location
in the build machine.
However, we replace only paths that start with /usr. And it turns out
that the linux-pam package is configured with --libdir=/lib (linux-pam
seems to always be installed in /lib rather than /usr/lib).
Due to this, libpam.la contains the following line:
libdir='/lib'
When building a configuration that has:
- BR2_ROOTFS_MERGED_USR=y
- BR2_PACKAGE_LINUX_PAM=y
- BR2_PACKAGE_POLKIT=y
on a system that has its system-wide PAM library installed in /lib,
the build fails with:
/lib/libpam.so: file not recognized: File format not recognized
For some reason, libtool searches only in STAGING_DIR/usr/lib, but
when BR2_ROOTFS_MERGED_USR=y, STAGING_DIR/lib points to
STAGING_DIR/usr/lib, so libtool finds libpam.la. And this libpam.la
contains a bogus libdir='/lib' path. libtool then goes on, finds
/lib/libpam.so, and links with it, causing the build failure.
By doing the proper replacement of libdir='/lib', we have a correct
libpam.la, and solve the build issue.
There is no autobuilder failure associated to this issue, as it
requires /lib/libpam.so to exist. This is the case on ArchLinux, on
which Xogium reported the issue, which can also be reproduced in an
ArchLinux container.
Reported-by: Xogium <contact@xogium.me>
Cc: Xogium <contact@xogium.me>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Yann E. MORIN <yann.morin.1998@free.fr>
[yann.morin.1998@free.fr:
- tested by manually creating a symlink to libpam.so in /lib
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7ae7c82dd6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2020-5291: Bubblewrap (bwrap) before version 0.4.1, if installed
in setuid mode and the kernel supports unprivileged user namespaces,
then the `bwrap --userns2` option can be used to make the setuid process
keep running as root while being traceable. This can in turn be used to
gain root permissions. Note that this only affects the combination of
bubblewrap in setuid mode (which is typically used when unprivileged
user namespaces are not supported) and the support of unprivileged user
namespaces.
Also update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d82a5ade0b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The following defconfig:
BR2_x86_i686=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y
BR2_TOOLCHAIN_EXTERNAL_URL="http://toolchains.bootlin.com/downloads/releases/toolchains/x86-i686/tarballs/x86-i686--glibc--bleeding-edge-2018.11-1.tar.bz2"
BR2_TOOLCHAIN_EXTERNAL_GCC_8=y
BR2_TOOLCHAIN_EXTERNAL_HEADERS_4_14=y
BR2_TOOLCHAIN_EXTERNAL_CUSTOM_GLIBC=y
BR2_TOOLCHAIN_EXTERNAL_CXX=y
BR2_INIT_NONE=y
BR2_TARGET_SYSLINUX=y
BR2_TARGET_SYSLINUX_EFI=y
fails to build due to missing setjmp/longjmp definitions, which is a
consequence of a change introduced between gnu-efi 3.0.9 and 3.0.10.
This build failure is fixed by adding another syslinux paytch, which
has been submitted upstream.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6d5da6d916)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the swupdate SYSTEMD option is enabled, systemd needs to be built
before swupdate, otherwise the build fails with:
core/notifier.c:27:10: fatal error: systemd/sd-daemon.h: No such file or directory
27 | #include <systemd/sd-daemon.h>
| ^~~~~~~~~~~~~~~~~~~~~
Of course, it remains up to the user to make sure that the systemd
package is enabled when systemd support is enabled in the swupdate
configuration.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bea0d20c78)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The cgit URL is a mirror of the gitlab repository.
The README.md file of the kmscube project also points
to the gitlab repository, so switch the URL accordingly.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8ab9acbed8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The sysdig homepage we have points to an "on-sale" domain, that is
purportedly serving malware while at it. Update to point to the wiki on
github instead.
Fixes#12746.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
- use wiki instead of git repo
- expand commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ca3166da48)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
"This release fixes three security issues in ntpd and provides 46
bugfixes and addresses 4 other issues." [1]
NONE: Sec 3610: process_control() should bail earlier on short packets.
MEDIUM: Sec 3596: Unauthenticated ntpd may be susceptible to IPv4 spoof
attack from highly predictable transmit timestamps.
MEDIUM: Sec 3592: DoS Attack on unauthenticated client.
The fix for https://bugs.ntp.org/3445 introduced a bug whereby a system that
is running ntp-4.2.8p12 (possibly earlier) or p13 that only has one
unauthenticated time source can be attacked in a way that causes the
victim's next poll to its source to be delayed, for as long as the attack is
maintained.
[1] http://support.ntp.org/bin/view/Main/SecurityNotice#March_2020_ntp_4_2_8p14_NTP_Rele
The copyright year has changed in the COPYRIGHT file, so adjust the hash to
match and adjust the spacing to match recent agreements:
@@ -3,7 +3,7 @@
jpg "Clone me," says Dolly sheepishly.
- Last update: 2-Jan-2017 11:58 UTC
+ Last update: 4-Feb-2020 23:47 UTC
__________________________________________________________________
The following copyright notice applies to all files collectively called
@@ -32,7 +32,7 @@
Burnicki is:
***********************************************************************
* *
-* Copyright (c) Network Time Foundation 2011-2017 *
+* Copyright (c) Network Time Foundation 2011-2020 *
* *
* All Rights Reserved *
* *
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Peter: clarify security impact, document COPYRIGHT change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9daf7483e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The help text of BR2_LINUX_KERNEL_IMAGE_NAME is somewhat incomplete,
in the sense that it assumes just a filename can be passed, while it
can be a relative path, such as 'compressed/vmlinux.bin.z'. So make it
clear that such paths are relative to arch/ARCH/boot/.
Also, drop the part about this being only useful for Xtensa as this is
not true: on MIPS it might be needed as well for some specific image
types.
Reported-by: Paul Cercueil <paul@crapouillou.net>
Cc: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ea044ee20c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The Linux kernel image is typically found in arch/ARCH/boot/, which is
why LINUX_IMAGE_PATH is defined as:
LINUX_IMAGE_PATH = $(LINUX_ARCH_PATH)/boot/$(LINUX_IMAGE_NAME)
However, on MIPS, some kernel image types are available from
arch/mips/boot/compressed, or even at the top-level directory. For
such cases, LINUX_IMAGE_NAME might be set (using
BR2_LINUX_KERNEL_IMAGE_NAME) to values such as:
compressed/vmlinux.bin.z
or
../../../uzImage.bin
Except that the line:
$(INSTALL) -m 0644 -D $(LINUX_IMAGE_PATH) $(1)/$(LINUX_IMAGE_NAME)
will lead to such images be installed in:
$(TARGET_DIR)/boot/compressed/vmlinux.bin.z
$(BINARIES_DIR)/compressed/vmlinux.bin.z
and:
$(TARGET_DIR)/boot/../../../uzImage.bin
$(BINARIES_DIR)/../../../uzImage.bin
which of course is completely bogus.
So let's install them under their name, not their full relative path
to arch/ARCH/boot/.
Reported-by: Paul Cercueil <paul@crapouillou.net>
Cc: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 19be97d497)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues (1.1.1e):
CVE-2019-1551 [Low severity]: There is an overflow bug in the x64_64
Montgomery squaring procedure used in exponentiation with 512-bit moduli.
No EC algorithms are affected. Analysis suggests that attacks against
2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect
would be very difficult to perform and are not believed likely. Attacks
against DH512 are considered just feasible. However, for an attack the
target would have to re-use the DH512 private key, which is not recommended
anyway. Also applications directly using the low level API BN_mod_exp may
be affected if they use BN_FLG_CONSTTIME. Reported by OSS-Fuzz and Guido
Vranken.
https://www.openssl.org/news/secadv/20191206.txt
CVE-2019-1563 [Low severity]: In situations where an attacker receives
automated notification of the success or failure of a decryption attempt an
attacker, after sending a very large number of messages to be decrypted, can
recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted
message that was encrypted with the public RSA key, using a Bleichenbacher
padding oracle attack. Applications are not affected if they use a
certificate together with the private RSA key to the CMS_decrypt or
PKCS7_decrypt functions to select the correct recipient info to decrypt.
Reported by Bernd Edlinger.
https://www.openssl.org/news/secadv/20190910.txt
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d397b231b7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect
indication of disconnection in certain situations because source address
validation is mishandled. This is a denial of service that should have
been prevented by PMF (aka management frame protection). The attacker
must send a crafted 802.11 frame from a location that is within the
802.11 communications range.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 650d907c13)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect
indication of disconnection in certain situations because source address
validation is mishandled. This is a denial of service that should have
been prevented by PMF (aka management frame protection). The attacker
must send a crafted 802.11 frame from a location that is within the
802.11 communications range.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 749fbab0bb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2017-6892: In libsndfile version 1.0.28, an error in the
"aiff_read_chanmap()" function (aiff.c) can be exploited to cause an
out-of-bounds read memory access via a specially crafted AIFF file.
- Fix CVE-2017-8361: The flac_buffer_copy function in flac.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(buffer overflow and application crash) or possibly have unspecified
other impact via a crafted audio file.
- Fix CVE-2017-8362: The flac_buffer_copy function in flac.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(invalid read and application crash) via a crafted audio file.
- Fix CVE-2017-8363: The flac_buffer_copy function in flac.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) via a crafted
audio file.
- Fix CVE-2017-8365: The i2les_array function in pcm.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(buffer over-read and application crash) via a crafted audio file.
- Fix CVE-2017-12562: Heap-based Buffer Overflow in the
psf_binheader_writef function in common.c in libsndfile through 1.0.28
allows remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 76d5ab4d17)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If python or python3 is selected, nftables should depend on the package
and set the --enable-python option, otherwise set --disable-python
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d6f33d36af)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
make-4.3 shipped with a backward incompatible change in how sharp signs
are handled in macros. Previously, up to make 4.2, the sharp sign would
always start a comment, unless backslash-escaped, even in a macro or a
fucntion call.
Now, the sharp sign is no longer starting a comment when it appears
inside such a macro or function call. This behaviour was supposed to be
in force since 3.81, but was not; 4.3 fixed the code to match the doc.
As such, use of external toolchains is broken, as we use the sharp sign
in the copy_toolchain_sysroot macro, in shell variable expansion to
strip off any leading /: ${target\#/}.
Fix that by applying the workaround suggested in the release annoucement
[0], by using a variable to hold a sharp sign.
[0] https://lists.gnu.org/archive/html/info-gnu/2020-01/msg00004.html
Signed-off-by: Yaroslav Syrytsia <me@ys.lc>
[yann.morin.1998@free.fr:
- move the SHARP_SIGN definition out of Makefile and into support/
- expand the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 35c5cf56d2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
External protobuf is used instead of embedded one since commit
31c68a449e. However it fails to build on:
[ 63%] Building CXX object modules/dnn/CMakeFiles/opencv_dnn.dir/misc/caffe/opencv-caffe.pb.cc.o
In file included from /home/naourr/work/instance-0/output-1/build/opencv3-3.4.9/modules/dnn/misc/caffe/opencv-caffe.pb.cc:4:
/home/naourr/work/instance-0/output-1/build/opencv3-3.4.9/modules/dnn/misc/caffe/opencv-caffe.pb.h:17:2: error: #error This file was generated by an older version of protoc which is
17 | #error This file was generated by an older version of protoc which is
| ^~~~~
/home/naourr/work/instance-0/output-1/build/opencv3-3.4.9/modules/dnn/misc/caffe/opencv-caffe.pb.h:18:2: error: #error incompatible with your Protocol Buffer headers. Please
18 | #error incompatible with your Protocol Buffer headers. Please
| ^~~~~
/home/naourr/work/instance-0/output-1/build/opencv3-3.4.9/modules/dnn/misc/caffe/opencv-caffe.pb.h:19:2: error: #error regenerate this file with a newer version of protoc.
19 | #error regenerate this file with a newer version of protoc.
| ^~~~~
/home/naourr/work/instance-0/output-1/build/opencv3-3.4.9/modules/dnn/misc/caffe/opencv-caffe.pb.cc:12:10: fatal error: google/protobuf/wire_format_lite_inl.h: No such file or directory
12 | #include <google/protobuf/wire_format_lite_inl.h>
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fix this error by setting PROTOBUF_UPDATE_FILES to ON
Fixes:
- http://autobuild.buildroot.org/results/219258c90709fc34748929f1dcdf4f0649215e61
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ad6a0d0d65)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
Program terminated with signal SIGSEGV, Segmentation fault.
#0 xkb_state_key_get_layout (state=state@entry=0x0, kc=kc@entry=50) at ../src/state.c:217
Program terminated with signal SIGSEGV, Segmentation fault.
#0 XkbKey (kc=kc@entry=45, keymap=0x0) at ../src/keymap.h:430
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 75fbc58f3f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The libbfd library provided by binutils unfortunately changed its API
in binutils >= 2.34. This is causing some build failures at the moment
on architectures such as ARC that are using a very recent binutils
version, but it would also cause build failures on other architectures
once they start using binutils 2.34.
We fix this build issue by backporting an upstream oprofile
patch. However, this patch touches configure.ac, which means we need
to autoreconf, which needs another fix in configure.ac for autoreconf
to succeed.
With all that in place, this commit fixes:
http://autobuild.buildroot.net/results/583d281c6cd2aecb65556080b379db24101ae3a8/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8883b8387a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x
before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server
socket without configuring an authorization rule. A local attacker could
connect to this server socket and issue D-Bus method calls. (Note that
the server socket only accepts a single connection, so the attacker
would have to discover the server and connect to the socket before its
owner does.)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a9f38acbf2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
daemon/gvfsbackendadmin.c mishandles a file's user and group ownership
during move (and copy with G_FILE_COPY_ALL_METADATA) operations from
admin:// to file:// URIs, because root privileges are unavailable.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit fc42ac086a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is
not used.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 062d0f6913)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
daemon/gvfsbackendadmin.c has race conditions because the admin backend
doesn't implement query_info_on_read/write.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e49aa31f5c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
An incorrect permission check in the admin backend in gvfs before
version 1.39.4 was found that allows reading and modify arbitrary files
by privileged users without asking for password when no authentication
agent is running. This vulnerability can be exploited by malicious
programs running under privileges of users belonging to the wheel group
to further escalate its privileges by modifying system files without
user's knowledge. Successful exploitation requires uncommon system
configuration.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 346040e269)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add double quotes around the $@ variable to prevent word splitting.
Reported-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr: s/globbing/word splitting/]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 30b6db05cb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes build with gcc-10, by backporting an upstream patch:
programs/ld-ctype.c:855:18: error: array subscript 0 is outside the bounds of an interior zero-length array ‘unsigned char[0]’ [-Werror=zero-length-bounds]
855 | replace[0].bytes[0] = '?';
| ~~~~~~~~~~~~~~~~^~~
Fixes: #12711
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: slight reword in commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 13cc36dcfe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libical allows remote attackers to cause a denial of service
(use-after-free) and possibly read heap memory via a crafted ics file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 69b51259a2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer
vulnerability has been detected in the diraliases linked list. When the
*lookup_alias(const char alias) or print_aliases(void) function is
called, they fail to correctly detect the end of the linked list and try
to access a non-existent list member. This is related to init_aliases in
diraliases.c.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1d8426b32c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2020-7105: async.c and dict.c in libhiredis.a in hiredis
through 0.14.0 allow a NULL pointer dereference because malloc return
values are unchecked.
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 40bc86afe9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
386: Prevents arbitrary code execution during python/object/new
constructor
https://github.com/yaml/pyyaml/pull/386
The hash of the license file changed due to the following diff:
-Copyright (c) 2017-2019 Ingy döt Net
+Copyright (c) 2017-2020 Ingy döt Net
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9063df44da)
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It was searching for CONFIG_ASH=y and CONFIG_HUSH=y at $(@D)/.config,
which does not contain the package build path at the target-finalize
step. Use $(BUSYBOX_DIR), instead.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9ab1d565ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The aarch64 compile uses the sys/auxv.h header which is not
provided by uclibc-ng. Add configure.ac patch to check for
the header before using it in ext/standard/crc32.c.
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=12626
build/php-7.4.3/ext/standard/crc32.c:26:12: schwerwiegender Fehler: sys/auxv.h: Datei oder Verzeichnis nicht gefunden
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 16e0bf6b9f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
$(TARGET_DIR)/usr/share/collectd/postgresql_default.conf
should not be removed when postgresql support is enabled,
as that module tries to load that file by default.
Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 35e845700f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The v3d driver for arm uses neon instructions unconditionally, so
depend on BR2_ARM_CPU_HAS_NEON.
Fixes:
http://autobuild.buildroot.net/results/66c4df4ee84b73160dde5fe4437b5abdbd2b50d2
[1050/1079] Compiling C object 'src/gallium/drivers/v3d/99241e4@@v3d_neon@sta/v3d_tiling.c.o'.
{standard input}: Assembler messages:
{standard input}:417: Error: selected processor does not support `vldm r6,{q0,q1,q2,q3}' in ARM mode
{standard input}:418: Error: selected processor does not support `vst1.8 d0,[r4],r5' in ARM mode
{standard input}:419: Error: selected processor does not support `vst1.8 d1,[r4],r5' in ARM mode
{standard input}:420: Error: selected processor does not support `vst1.8 d2,[r4],r5' in ARM mode
{standard input}:421: Error: selected processor does not support `vst1.8 d3,[r4],r5' in ARM mode
{standard input}:422: Error: selected processor does not support `vst1.8 d4,[r4],r5' in ARM mode
{standard input}:423: Error: selected processor does not support `vst1.8 d5,[r4],r5' in ARM mode
{standard input}:424: Error: selected processor does not support `vst1.8 d6,[r4],r5' in ARM mode
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ff00c284c5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add mesa3d patch to add a vc4 option to disable
the optional neon support and set it dependent
on BR2_ARM_CPU_HAS_NEON.
Fixes:
http://autobuild.buildroot.net/results/6387b0a99e1a0922811919623d9a10b0943988df
[1086/1254] Compiling C object 'src/gallium/drivers/vc4/691f666@@vc4_neon@sta/vc4_tiling_lt_neon.c.o'.
{standard input}: Assembler messages:
{standard input}:334: Error: selected processor does not support `vldm r4,{q0,q1,q2,q3}' in ARM mode
{standard input}:335: Error: selected processor does not support `vst1.8 d0,[r3],r2' in ARM mode
{standard input}:336: Error: selected processor does not support `vst1.8 d1,[r3],r2' in ARM mode
{standard input}:337: Error: selected processor does not support `vst1.8 d2,[r3],r2' in ARM mode
{standard input}:338: Error: selected processor does not support `vst1.8 d3,[r3],r2' in ARM mode
{standard input}:339: Error: selected processor does not support `vst1.8 d4,[r3],r2' in ARM mode
{standard input}:340: Error: selected processor does not support `vst1.8 d5,[r3],r2' in ARM mode
{standard input}:341: Error: selected processor does not support `vst1.8 d6,[r3],r2' in ARM mode
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 85c95e3614)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When a package installs a kernel module, it is currently not possible to
have it loaded with modprobe or when the kernel requests an alias for
it, as the module is not listed in /lib/modules/<kernel-version>/modules.dep
and the associated files.
So, we need to run depmod after all packages are installed, to register
any such out-of-tree module.
This means we should be able to let go of calling depmod at the time the
kernel is installed, but if we pass an invalid command, the kernel
whines:
DEPMOD 5.4.27
./scripts/depmod.sh: 46: /dev/null: Permission denied
make[2]: *** [Makefile:1326: _modinst_post] Error 126
This is because the kernel does not directly call to depmod, but uses a
wrapper that is not happy if depmod is not depmod.
Since the call to depmod does not cost much, we just keep it.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
[yann.morin.1998@free.fr:
- keep calling depmod when installing kernel
- expand commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 82e7656400)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2020-0556: Improper access control in subsystem for BlueZ before
version 5.54 may allow an unauthenticated user to potentially enable
escalation of privilege and denial of service via adjacent access
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html
Changes since version 5.52:
5.54:
Fix issue with HOGP to accept data only from bonded devices.
Fix issue with A2DP sessions being connected at the same time.
Fix issue with class UUID matches before connecting profile.
Add support for handling MTU auto-tuning option for AVDTP.
Add support for new policy for Just-Works repairing.
Add support for Enhanced ATT bearer (EATT).
5.53:
Fix issue with handling unregistration for advertisment.
Fix issue with A2DP and handling recovering process.
Fix issue with udpating input device information.
Add support for loading blocked keys.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3a678c952f)
[Peter: mention security issue]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The C program inside check-kernel-headers.sh has two checking mode: a
strict and a loose one.
In strict mode, we want the kernel headers version declared by the
user to match exactly the one of the toolchain.
In loose mode, we want the kernel headers version of the toolchain to
be greater than or equal to the one declared by the user: this is used
when we have a toolchain that has newer headers than the latest
version known by Buildroot.
However, in loose mode, we continue to show the "Incorrect kernel
headers version" message, even though we then return a zero error
code. This is very confusing: you see an error displayed on the
terminal, but the build goes on.
We fix that by first doing the loose check first, and returning 0 if
it succeeds. And then we move on with the strict check where we want
the version to be identical.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c3c4b3dfa8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The external toolchain configure step calls the
check_kernel_headers_version make function to compare the kernel
headers version declared in the configuration with the actual kernel
headers of the toolchain.
This function takes 4 arguments, but due to a missing comma what
should be the first two arguments are both passed into the first
argument. Due to this, when check_kernel_headers_version does:
if ! support/scripts/check-kernel-headers.sh $(1) $(2) $(3) \
$(if $(BR2_TOOLCHAIN_HEADERS_LATEST),$(4),strict); \
Then:
$(1) contains "$(BUILD_DIR) $$(call toolchain_find_sysroot,$$(TOOLCHAIN_EXTERNAL_CC))"
$(2) contains "$$(call qstrip,$$(BR2_TOOLCHAIN_HEADERS_AT_LEAST))"
$(3) contains "$$(if $$(BR2_TOOLCHAIN_EXTERNAL_CUSTOM),loose,strict))"
So from the point of view of check-kernel-headers.sh, it already has
four arguments, and therefore the additional argument passed by:
$(if $(BR2_TOOLCHAIN_HEADERS_LATEST),$(4),strict); \
is ignored, defeating the $(BR2_TOOLCHAIN_HEADERS_LATEST) test.
The practical consequence is that a toolchain that has 5.4 kernel
headers but declared as using 5.3 kernel headers does not abort the
build, because the check is considered "loose" while it should be
"strict".
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 96f8d0bb46)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Post-build scripts may want to do something based on the list of files
installed by a package. However, since commit
0e2be4db8a the final packages-file-lists.txt
file is only created _after_ the post-build scripts.
Move the assembly of the file lists upwards, before the post-build scripts.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d4d52d907b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If a package sets a FOO_SUBDIR (meaning its sources are not under
output/build/foo-123 but under output/build/foo-123/$(FOO_SUBDIR)), the
.files-list.txt file were also created under FOO_SUBDIR, due to which the
logic in the Makefile would not find it.
Change the instrumentation steps so that the file list is directly under the
package dir, ignoring the subdir.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9f876c7f16)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In very limited configurations, it is possible to have a case where no
.files-list-staging.txt files are created. In this case:
cat $(sort $(wildcard $(BUILD_DIR)/*/.files-list-staging.txt)) > \
$(BUILD_DIR)/packages-file-list-staging.txt
becomes:
cat > \
$(BUILD_DIR)/packages-file-list-staging.txt
which of course makes the build hang.. forever.
So we fix this by checking the list is not empty. To keep the code
readable, we introduce an intermediate variable to store the list of
these files.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[yann.morin.1998@free.fr: always create the file, even if empty]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit aa1e74745c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Radvd has its own main(), and does not use yywrap() from libfl.so,
because scanner.l module contains noyywrap option. So, none of the
functions exported by libfl.so are used, and there's no need to have
the flex runtime on target.
Signed-off-by: Alexander Mukhin <alexander.i.mukhin@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6274868bd1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When barebox, and thus barebox-aux, are downloaded from a git tree, then
barebox-aux download fails because a hash check is attempted on the
downloaded archive:
Could not fetch special ref 'v2020.03.0'; assuming it is not special.
ERROR: No hash found for barebox-aux-v2020.03.0.tar.gz
This is because we only exclude from the check the archive of the bare
barebox:
BR_NO_CHECK_HASH_FOR += $(BAREBOX_SOURCE)
However, the default name of an archive is based on the package name,
which for barebox-aux is not 'barebox'.
Since barebox-aux really uses the exact same source as the bare barebox,
it should also share the archive name.
This has two direct consequences and advantages:
- the hash check is completely avoided for the barebox-aux archive;
- the barebox-aux archive is not downloaded as it is already
downloaded for barebox.
Reported-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 451ee6fa54)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
perf auto-detects and uses the libbfd (from binutils) and openssl
libraries if they are detected and happen to be built before perf is,
but if they're not, or if per-package directories are enabled, it won't
detect these libraries. Explicitly add dependencies on these packages if
they are enabled, and disable the feature if not, so that the behavior
is deterministic.
Signed-off-by: Robert Hancock <hancock@sedsystems.ca>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 013cc68bf7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the release notes:
https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
================================================================================
Redis 5.0.8 Released Thu Mar 12 16:05:41 CET 2020
================================================================================
Upgrade urgency HIGH: This release fixes security issues.
[FIX] revisit CVE-2015-8080 vulnerability
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit caed3878a6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
LLVM builds bindings for other languages such as Go and OCaml when the
appropriate dependencies can be found. We currently don't support
building these bindings in Buildroot, as they're currently unused by any
package.
Building these bindings was originally disabled by overriding the
dependencies with values indicating that they were not found.
Newer versions of LLVM no longer disable the OCaml bindings when overriding
OCAMLFIND. Consequently, the build process attempts to install the bindings
to the default location on the host of /usr/lib/ocaml/llvm, causing a
permissions error and build failure.
Additionally, LLVM has since added the variable LLVM_ENABLE_BINDINGS to
control whether bindings are enabled, so we override that to disable the
bindings.
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e6a1ee9a8a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The initramfs is not a reall filesystem, so it does not use the
$(rootfs) infrastructure.
As a consequence, the usual rootfs-related variables are not set,
especially the name, type, and dependencies of the (non-)filesystem.
Yet, it is present in the list of rootfs to build, and thus we end
up including it in the output of show-info. But the missing variables
yield an incorrect json:
"": {
"type": "",
"virtual": false,
"version": "",
"licenses": "",
"dl_dir": "",
"install_target": ,
"install_staging": ,
"install_images": ,
"downloads": [ ],
"dependencies": [ ],
"reverse_dependencies": [ ]
},
First, the object key is empty; second, the install_target,
install_staging, and install_images values are empty, which is not
valid (if they were null, that be OK though). Third, this is clearly
the layout of a 'package' entry, not that of a 'rootfs' entry.
An option to fix that would be to actually make use of the rootfs
infra. However, that would mean doing a lot of work for nothing
(there is actually nothing to do, yet the infra would still do a lot
of preparatory and clean up work).
The alternative is pretty simple: declare and set the variables as if
it were a real filesystem, so that show-info can filter it to the
proper layout and can spit out appropriate content (even if fake).
The third option would be to teach show-info (and its internal
implementation, the macro json-info) to ignore specific cases, like
no-name items, or replace empty values with null, or whatnots. This
again would be quite a lot of work for a single occurence.
So we go for the simple faked variables.
We add linux as a dependency, so that the graph-depends also properly
represent the dependency chain, which ends up with something liKe:
ALL
|
v
rootfs-initramfs
| |
v v
linux rootfs-cpio
which is pretty fitting in the end.
Reported-by: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b42db7db9f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some ATF configurations, such as the ones for the STM32MP1 processor
family, require DTC during the build as Device Tree files are
used. Without dtc, the build fails:
/bin/sh: 1: dtc: not found
dtc version too old (), you need at least version 1.4.4
plat/st/stm32mp1/platform.mk:239: recipe for target 'check_dtc_version' failed
make[1]: *** [check_dtc_version] Error 1
To solve this, this commit implements a
BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_DTC option, in a way that mimics
the BR2_TARGET_UBOOT_NEEDS_DTC option we already have for the U-Boot
package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ddbb5dbd83)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
localedef needs bison to satisfy a .y.c rule to generate a parser for
plural forms, to ultimately generate data for the target. So we do not
want to depend on the host-provided bison; we want to build our own (for
reproducibility).
localedef is a host-only package, and dependencies are not inherited
from the target variant, so we need to make them explicit host
dependencies.
And move the assignment after all the download-related variables.
Reported-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit af90a104c0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With BR2_PER_PACKAGE_DIRECTORIES=y, we have the following code in the
main Makefile:
target-finalize: $(PACKAGES) $(TARGET_DIR) host-finalize
@$(call MESSAGE,"Finalizing target directory")
$(call per-package-rsync,$(sort $(PACKAGES)),target,$(TARGET_DIR))
$(foreach hook,$(TARGET_FINALIZE_HOOKS),$($(hook))$(sep))
The per-package-rsync call creates the global $(TARGET_DIR) from the
per-package $(TARGET_DIR). Then, we call the TARGET_FINALIZE_HOOKS.
One of the TARGET_FINALIZE_HOOKS, PURGE_LOCALES, remove locales that
are not desired by the user. It does so using a loop with the
$(wildcard ...) function.
However, the $(wildcard ...) function is expanded at the moment the
rule is evaluated. And with per-package directory, at the time the
rule is evaluated, the global $(TARGET_DIR) is empty, so $(wildcard
...) will return nothing. It is indeed only after the call to
per-package-rsync that the TARGET_DIR will be populated.
This commit fixes that by moving away from $(wildcard ...) and use a
shell test instead, since we are anyway in big block of shell code.
With this, locales are properly purged again when
BR2_PER_PACKAGE_DIRECTORIES=y.
Fixes: c4e6d5c8be ("core: implement per-package SDK and target")
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr:
- make the style look like the code around (no space in front of ;)
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 658a80ec73)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If syslog-ng is selected in Buildroot and net-snmp is not, but net-snmp is
found on the host machine (at least its net-snmp-config script) then
compilation of syslog-ng fails with:
CC modules/snmp-dest/modules_snmp_dest_libsnmpdest_la-snmpdest-grammar.lo
CC modules/snmp-dest/modules_snmp_dest_libsnmpdest_la-snmpdest.lo
CC modules/snmp-dest/modules_snmp_dest_libsnmpdest_la-snmpdest-plugin.lo
arm-none-linux-gnueabi-gcc: ERROR: unsafe header/library path used in cross-compilation: '-I/usr/include'
make[3]: *** [Makefile:17397: modules/snmp-dest/modules_snmp_dest_libsnmpdest_la-snmpdest-grammar.lo] Error 1
make[3]: *** Waiting for unfinished jobs....
arm-none-linux-gnueabi-gcc: ERROR: unsafe header/library path used in cross-compilation: '-I/usr/include'
make[3]: *** [Makefile:17404: modules/snmp-dest/modules_snmp_dest_libsnmpdest_la-snmpdest.lo] Error 1
arm-none-linux-gnueabi-gcc: ERROR: unsafe header/library path used in cross-compilation: '-I/usr/include'
make[3]: *** [Makefile:17411: modules/snmp-dest/modules_snmp_dest_libsnmpdest_la-snmpdest-plugin.lo] Error 1
make[2]: *** [Makefile:21428: all-recursive] Error 1
make[1]: *** [Makefile:8740: all] Error 2
make[1]: Leaving directory '.../buildroot/output/build/syslog-ng-3.25.1'
make: *** [package/pkg-generic.mk:269: .../buildroot/output/build/syslog-ng-3.25.1/.stamp_built] Error 2
The path /usr/include is obtained via /usr/bin/net-snmp-config.
The fix comprises two parts:
1. only enable net-snmp support in syslog-ng if the net-snmp package is
enabled in Buildroot
2. for the case where net-snmp is selected in Buildroot, fix the configure
script of syslog-ng to allow parsing --with-netsnmp=<path> correctly.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 4ff6e52392)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In commit 0e2be4db8a
("package/pkg-generic: make file list logic parallel build
compatible"), the logic to create the list of files installed by a
particular package was significantly reworked to be compatible with
top-level parallel build.
Before this commit, there was only a after-install step of listing the
files in HOST_DIR/TARGET_DIR/STAGING_DIR. But after this commit, we
now have a before-install logic and an after-install logic.
It turns out that when the before-install logic is called for the very
first host package, $(HOST_DIR) doesn't exist yet, and therefore the
cd $(2) fails, with an error message:
/bin/sh: line 0: cd: /home/thomas/buildroot/output/host: No such file or directory
In fact, $(HOST_DIR), $(STAGING_DIR), $(TARGET_DIR) and
$(BINARIES_DIR) are created by the make rules for host installation,
staging installation, target installation and images installation, but
*after* calling the step_start hooks.
So, we simply fix this problem by creating the directories *before*
calling the step_start hooks.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c84ce1f98c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add upstream patch to fix double-conversion compile for xtensa
and drop dependency on !BR_xtensa.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 572b25c0d4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use "--exec-prefix=/" to install syslogd and klogd at /sbin, as required
by the init scripts. This also ensures that the BusyBox counterparts are
not installed.
Update the systemd unit files, accordingly.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 33642d8d95)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Without linux-pam built first, polkit will throw a configuration error:
configure: error: Could not find pam/pam-devel, please install the needed packages.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 35a0878aa9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, vapi support does not work with meson due to meson calling vapigen
directly instead of the vala wrapper. As such, when building typelib files for
gobject-introspection, vapigen fails to find the proper .gir files and fails
to build.
Explicitly disable vapi until a fix for vapi is made.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9de3b9c094)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It is required that all patches in packages have the Signed-off-by of
the contributor who brought them into Buildroot.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 94784f092b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When building a toolchain with upstream gcc 9.x the build
fail due to several issues.
Note: The upstream Binutils support csky target since
release 2.32 but the support was never enabled in the
Buildroot packaging. So the latest version (2.33.1) was
tested here.
[upstream gcc 9.x w/ glibc csky fork with binutils csky for or binutils 2.33.1]
In file included from <command-line>:
./../include/libc-symbols.h:534:26: error: '__EI___errno_location' specifies less restrictive attributes than its target '__errno_location': 'const', 'nothrow' [-Werror=missing-attributes]
534 | extern __typeof (name) __EI_##name \
[upstream gcc 9.x w/ glibc 2.30 w/ binutils csky fork]
/tmp/ccThLRhb.s: Assembler messages:
/tmp/ccThLRhb.s:10: Error: invalid or unsupported encoding in .cfi_personality
/tmp/ccThLRhb.s:11: Error: invalid or unsupported encoding in .cfi_lsda
[upstream gcc 9.x w/ glibc 2.30 w/ binutils 2.33.1]
build/elf/librtld.os: in function `__sync_fetch_and_add_2':
libgcc/config/csky/linux-atomic.c:116: undefined reference to `__kernel_cmpxchg'
Currenlty, only the toolchain using binutils, gcc, glibc
fork produce a working toolchain. So disable gcc 9.x for
csky.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Guo Ren <guoren@kernel.org>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7542a59601)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If multiple entries are specified for _MESON_EXTRA_BINARIES, the current
sed expression will only replace the first one.
Specifically, from GNU sed 4.8 the manual says:
/regexp/
Match lines matching the regular expression regexp. Matching
is performed on the current pattern space, which can be modified
with commands such as ``s///''.
so after the first binary has been added, the next entry no longer
matches since the pattern space has been modifed.
Instead of adding a script for each value, apply the match once and add
a subsitution for all entries at once.
Signed-off-by: John Keeping <john@metanate.com>
Tested-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: do a single substitution]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a1e3c7b693)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The values in the cross-compilation file are expected to be quoted with
single quotes, which we have in our template.
However, the endian value we are injecting comes from Kconfig, so it is
double-quoted, and those quotes end up in the cross-compilation files we
generate (the internal one, and the SDK one):
endian = '"little"'
So qstrip the value before we inject it.
Propagate the fix to the two generated files by using the same variable
HOST_MESON_TARGET_ENDIAN in both cases, rather than replicating the
(flawed) logic.
While at it, also use the common GCC_TARGET_CPU variable for the SDK
file too.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 92eca65ddf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
$$(STAGING_DIR) -> $(STAGING_DIR) in PKG_MESON_INSTALL_CROSS_CONF.
$$ resulted in `$(STAGING_DIR)` in the file instead of the expanded
value.
Note that this change only affects the etc config at:
host/etc/meson/cross-compilation.conf
Per-package cross-compilation.conf files are already correct.
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3fb784afb1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add openssl linker flags via LIBS to fix configure gensio
library detection.
Fixes:
http://autobuild.buildroot.net/results/66e0d3e0a2a8dc5a62c267d16a53216f0f2ce8dd
checking gensio/gensio.h usability... yes
checking gensio/gensio.h presence... yes
checking for gensio/gensio.h... yes
checking for str_to_gensio in -lgensio... no
configure: error: libgensio won't link, please install gensio dev package
The build/ser2net-4.1.1/config.log files states:
.../arm-buildroot-linux-uclibcgnueabi/bin/ld: .../host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libgensio.a(gensio_filter_ssl.o): in function `gensio_do_ssl_init':
gensio_filter_ssl.c:(.text+0x34): undefined reference to `OPENSSL_init_ssl'
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The Buildroot's gitlab testing infra reported a build issue
with the qemu_arm_vexpress_tz_defconfig due to host-python3
modules issues [1]. Thoses issues has been fixed by the
previous patch.
But the defconfig doesn't boot with the current master
(2020.02-rc3).
It turn out that is an Qemu 4.2.0 regression that was
fixed upstream by [2]. This issue was found by using
git bisect old/new.
Fixes:
$ ../host/bin/qemu-system-arm -machine virt -machine secure=on -cpu cortex-a15 -smp 1 -s -m 1024 -d unimp -serial stdio -netdev user,id=vmnic -device virtio-net-device,netdev=vmnic -semihosting-config enable,target=native -bios bl1.bin
NOTICE: Booting Trusted Firmware
NOTICE: BL1: v2.0(release):2020.02-rc3-43-g9abf171ea6
NOTICE: BL1: Built : 12:44:52, Mar 8 2020
ERROR: Failed to load BL2 firmware.
After fixing host-python3 issue from [1]
[1] https://gitlab.com/buildroot.org/buildroot/-/jobs/456818689
[2] 21bf9b06cb
Signed-off-by: Adrien Grassein <adrien.grassein@smile.fr>
[Romain:
- improve commit log
- add upstream link
]
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Etienne Carriere <etienne.carriere@linaro.org>
Cc: Gerome Burlats <gerome.burlats@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
TypeError: cannot use a str to initialize an array with typecode 'B'
File "../../scripts/file_to_c.py", line 32, in main
for x in array.array("B", inf.read()):
for x in array.array("B", inf.read()):
TypeError: cannot use a str to initialize an array with typecode 'B'
TypeError: cannot use a str to initialize an array with typecode 'B'
Signed-off-by: Romain Naour <romain.naour@smile.fr>
[Peter: reword commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
optee-os needs host-python-pycrypto build for python3. The only way we can
force building host-python modules for python3 is to select python3 package
for the target.
Since we want to avoid adding more host-python3-<modules>
(host-python-pycrypto host-python-pyelftools), select python3 package
even if it's not used.
This problem will be fixed as soon as python2 is removed.
Fixes:
File "scripts/pem_to_pub_c.py", line 24, in main
from Crypto.PublicKey import RSA
ImportError: No module named 'Crypto'
https://gitlab.com/buildroot.org/buildroot/-/jobs/456818689
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
xtensa ld fails with the following message
ld: BFD (GNU Binutils) 2.31.1 internal error, aborting at
elf32-xtensa.c:3283 in elf_xtensa_finish_dynamic_sections
during domoticz package build. It happens because of mismatch between
the size allocated for dynamic relocations in the executable image and
the number of PLT relocations actually written to the image. The
mismatch is caused by the fact that undefined weak symbol is treated as
dynamic (and thus needing PLT relocation), but xtensa linker not
expecting that.
Fixes: http://autobuild.buildroot.net/results/7885705f1b1c0f31cf21b464150f5509929c1906/
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Backported from: e15a8da9c71336b06cb5f2706c3f6b7e6ddd95a3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Apply patch from upstream and set PPPD_INGORE_CVES appropriately.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When running ser2net it looks for config files in the legacy conf
format and the new yaml format so we need to allow either in the
sysv init script.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a configuration to enable the JavaScript shell (default off). So
far only libmozjs is required (by polkit) and the shell takes around
24MiB.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The web-interface files (~1.8MB) are by default installed under
/usr/share/doc/cups, which is unfortunate as Buildroot removes usr/share/doc
in target-finalize, breaking the webui.
As a fix, store the web-interface files under /usr/share/cups/doc-root,
similar to how it is done in Debian.
Signed-off-by: Alexey Lukyanchuk <skif@skif-web.ru>
[Peter: use --with-docdir, update description]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The SWUPDATE_SET_BUILD_OPTIONS macro sets a number of swupdate
configuration options with local build details, especially the
cross-compiler path and sysroot path.
This means that if one stores an swupdate defconfig file as part of
Buildroot, generated with "make swupdate-update-defconfig", it will
contain things like:
CONFIG_CROSS_COMPILE="/home/thomas/projets/buildroot/output/host/bin/arm-linux-"
CONFIG_SYSROOT="/home/thomas/projets/buildroot/output/host/arm-buildroot-linux-uclibcgnueabi/sysroot"
which obviously are not good, as they are specific to where the build
was done.
So instead this commit:
- Uses the CROSS_COMPILE environment variable to pass the
cross-compiler path.
- Drops entirely the use of CONFIG_SYSROOT, since all it does is pass
a --sysroot option to the compiler, which is not needed in the
context of Buildroot.
- Pass EXTRA_CFLAGS/EXTRA_LDFLAGS also through the environment.
Thanks to that the swupdate defconfig file no longer contains any
local build details, and can be re-used by different users of a given
Buildroot configuration.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- disable introspection unconditionally (as already done for all
other original gstreamer1 packages)
- use '=' instead of '+=' for the first usage of GST1_VALIDATE_CONF_OPTS
Fixes:
http://autobuild.buildroot.net/results/e6e43fb85c71af9bb599ea8bbe2e805b392cf1ad
GEN GstValidate-1.0.gir
Couldn't find include 'GstPbutils-1.0.gir' (search path: '['/nvmedata/autobuild/instance-6/output-1/host/bin/../aarch64-buildroot-linux-gnu/sysroot/usr/bin/../share/gir-1.0', '/usr/share/gir-1.0', '/usr/share/gir-1.0', '/usr/share/gir-1.0', '/usr/share/gir-1.0', '/usr/share/gir-1.0', '/nvmedata/autobuild/instance-6/output-1/host/share', 'gir-1.0', '/nvmedata/autobuild/instance-6/output-1/host/share/gir-1.0', '/usr/share/gir-1.0']')
make[5]: *** [Makefile:1612: GstValidate-1.0.gir] Error 1
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
host-thrift can fail if a broken Qt4 is found on host:
CMake Error in lib/cpp/CMakeLists.txt:
Imported target "Qt4::QtCore" includes non-existent path
"/nvmedata/autobuild/instance-4/output-1/host/usr/mkspecs/default"
in its INTERFACE_INCLUDE_DIRECTORIES. Possible reasons include:
* The path was deleted, renamed, or moved to another location.
* An install or uninstall procedure did not complete successfully.
* The installation package was faulty and references files it does not
provide.
Fixes:
- http://autobuild.buildroot.org/results/57cad5313896c868e99b0b9534678f1c83a386f2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changelog (since 1.60):
- 1.61 2020-01-11 Fixed errors in the documentation for bcm2835_spi_write.
Fixes issue seen on Raspberry Pi 4 boards where 64-bit off_t is used by
default via -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64. The offset was
being incorrectly converted, this way is clearer and fixes the problem.
Contributed by Jonathan Perkin.
- 1.62 2020-01-12 Fixed a problem that could cause compile failures with
size_t and off_t
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The tools option installs more than gst-launch and gst-inspect, so
simplify its prompt to just "install tools", and update the Config.in
help text. While at it, we list them alphabetically.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
checking for a Python interpreter with version >= 2.6... none
configure: error: no suitable Python interpreter found
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Activate already existing mesa3d solution for the isinf compile
failure for uclibc based toolchains instead of using a custom
workaround.
- remove 0005-src-gallium-drivers-nouveau-codegen-nv50_ir_ra.cpp-p.patch
- add 0004-c99_math-import-isinf-for-uclibc-based-toolchains.patch
Fixes:
http://autobuild.buildroot.net/results/cbefc5d4a4fefb674e596400fa1d2698cd89c5b3/http://autobuild.buildroot.net/results/dc974da012f53fa4ed3be616f937b0afae423d66/
../src/gallium/drivers/nouveau/codegen/nv50_ir_ra.cpp: In member function 'bool nv50_ir::GCRA::simplify()':
../src/gallium/drivers/nouveau/codegen/nv50_ir_ra.cpp:1348:19: error: expected unqualified-id before '(' token
if (std::isinf(bestScore)) {
^
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
It was discovered the fix for CVE-2018-19758 (libsndfile) was not
complete and still allows a read beyond the limits of a buffer in
wav_write_header() function in wav.c. A local attacker may use this flaw
to make the application crash.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is a heap-based buffer over-read at wav.c in wav_write_header in
libsndfile 1.0.28 that will cause a denial of service.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Several users of rolling-release distributions have been reporting on
IRC that Buildroot is broken now that they have switched to the newly
released make 4.3.
It turns out that the constructs we use to generated and include the
internal br2-external related fragments is no longer working with
make-4.3.
Indeed, an upstream bug report [0] seems to imply that it so far was
working by chance. There has been no further feedback, whether this is
really considered a fix for a previous ill-defined behaviour, or an
actual regression...
In the meantime, we add a workaround, suggested in that same bug report,
that fixes the issue for make 4.3, and that should not break on older
make versions either (verified on all relevant versions: from 3.81,
3.82, 4.0, 4.1, and 4.2).
[0] https://savannah.gnu.org/bugs/?57676
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Mircea Gliga <mgliga@bitdefender.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2019-1010301: jhead 3.03 is affected by: Buffer Overflow. The
impact is: Denial of service. The component is: gpsinfo.c Line 151
ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG
file.
- Fix CVE-2019-1010302: jhead 3.03 is affected by: Incorrect Access
Control. The impact is: Denial of service. The component is: iptc.c
Line 122 show_IPTC(). The attack vector is: the victim must open a
specially crafted JPEG file.
- Fix CVE-2019-19035: jhead 3.03 is affected by: heap-based buffer
over-read. The impact is: Denial of service. The component is:
ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is:
Open a specially crafted JPEG file.
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2020-9402: Potential SQL injection via tolerance parameter in GIS
functions and aggregates on Oracle.
GIS functions and aggregates on Oracle were subject to SQL injection,
using a suitably crafted tolerance.
For more details, see the advisory:
https://www.djangoproject.com/weblog/2020/mar/04/security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 9ea528f84b (package/python-nfc: bump to version 0.13.5) changed the
python-nfc package to download from github, so the package no longer needs
bzr on the host.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add patch to fix static linking of tools.
Fixes:
http://autobuild.buildroot.net/results/b33019b3c9ad856aced34215c69bb292b536e25e
.../bin/ld: .../usr/lib/libgstreamer-1.0.a(gstplugin.c.o): in function `gst_plugin_register_func':
gstplugin.c:(.text+0x3bc): undefined reference to `g_module_make_resident'
.../bin/ld: .../usr/lib/libgstreamer-1.0.a(gstplugin.c.o): in function `_priv_gst_plugin_load_file_for_registry':
gstplugin.c:(.text+0x1228): undefined reference to `g_module_supported'
.../bin/ld: gstplugin.c:(.text+0x126c): undefined reference to `g_module_open'
.../bin/ld: gstplugin.c:(.text+0x1368): undefined reference to `g_module_symbol'
.../bin/ld: gstplugin.c:(.text+0x1494): undefined reference to `g_module_supported'
.../bin/ld: gstplugin.c:(.text+0x17f4): undefined reference to `g_module_close'
.../bin/ld: gstplugin.c:(.text+0x1a2c): undefined reference to `g_module_error'
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With classpath removed, no packages select these symbols any more - So drop
them and their corresponding logic in dependencies.sh / genrandconfig.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This package has been abandoned by upstream since 2016 and has not
had a release since 2012. In addition the GNU Compiler for Java
that classpath was written to be used with has been removed as of
GCC 7.
It is no longer feasible to support classpath as it requires a java
compiler capable of producing java 1.5 compatible bytecode which is
not possible on hosts with a recent java compiler.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to
overwrite arbitrary files via a .. (dot dot) in a zip file, because of
the function unzzip_cat in the bins/unzzipcat-mem.c file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
An issue was discovered in ZZIPlib through 0.13.69. There is a memory
leak triggered in the function __zzip_parse_root_directory in zip.c,
which will lead to a denial of service attack.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
GNU patch through 2.7.6 is vulnerable to OS shell command injection that
can be exploited by opening a crafted patch file that contains an ed
style diff payload with shell metacharacters. The ed editor does not
need to be present on the vulnerable system. This is different from
CVE-2018-1000156.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In GNU patch through 2.7.6, the following of symlinks is mishandled in
certain cases other than input files. This affects inp.c and util.c.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings
beginning with a ! character. NOTE: this is the same commit as for
CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to
a shell metacharacter.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The comment "Check files that are touched by more than one package"
was previously located right before the calls to the check-uniq-files
script. However, this script and the logic calling it have been
removed in commit 2496189a42 ("core:
drop check-uniq-files"), so the comment no longer makes any sense:
let's drop it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a
memory leak (CWE-655) in VNC server code, which allow an attacker to
read stack memory and can be abused for information disclosure. Combined
with another vulnerability, it can be used to leak stack memory and
bypass ASLR. This attack appear to be exploitable via network
connectivity. These vulnerabilities have been fixed in commit
d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability
in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
During the CVE checking phase, we can still see a huge amount of
Python processes (actually 128) running on the host, even though
the CVE step is entirely ran in the main thread.
These are actually the worker processes spawned to check for the
packages URL statuses and the latest versions from release-monitoring.
This is because of an issue in Python's multiprocessing implementation:
https://bugs.python.org/issue34172
The problem was already there before the CVE matching step was
introduced, but because pkg-stat was terminating right after the
release-monitoring step, it went unnoticed.
Also, do not hold a reference to the multiprocessing pool from
the Package class, as this is not needed.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In Python 3, the functions from the subprocess module return bytes
(and no longer strings as in Python 2), which must be decoded for
further text operations.
Now, pkg-stats can be run in Python 3.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib
1.11.1 allows remote attackers to cause information disclosure
(heap-based buffer over-read) via a crafted audio file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In TagLib 1.11.1, the rebuildAggregateFrames function in
id3v2framefactory.cpp has a pointer to cast vulnerability, which allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a crafted audio file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building qdoc requires a llvm and clang for the host.
However, there is a limitation in the llvm and clang packages in
Buildroot, which makes it impossible to have a host variant without
a target variant.
So, propagate the dependencies of the target llvm and clang, to ensure
we can only have a host-llvm and -clang packages that are correctly
built.
Note that we do propagate all of the dependencies (instead of just the
architecture part), to be consistent.
Reported-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Julien Corjon <corjon.j@ecagroup.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This fixes the following CVEs:
- CVE-2020-9428:
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14,
the EAP dissector could crash. This was addressed in
epan/dissectors/packet-eap.c by using more careful sscanf parsing.
- CVE-2020-9429:
In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash.
This was addressed in epan/dissectors/packet-wireguard.c by
handling the situation where a certain data structure intentionally
has a NULL value.
- CVE-2020-9430:
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14,
the WiMax DLMAP dissector could crash.
This was addressed in plugins/epan/wimax/msg_dlmap.c by validating
a length field.
- CVE-2020-9431:
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14,
the LTE RRC dissector could leak memory. This was addressed in
epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a
stack-based buffer over-read.
Same patch as for CVE-2017-14160
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- update 0001-*.patch to also reference CVE-2018-10393
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not
validate the number of channels, which allows remote attackers to cause
a denial of service (heap-based buffer overflow or over-read) or
possibly have unspecified other impact via a crafted file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and
Android, has a buffer overflow in the dev_map_read function in
btt/devmap.c because the device and devno arrays are too small, as
demonstrated by an invalid free when using the btt program with a
crafted file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
While investigating [1] one units failed due to missing kernel option
CONFIG_BINFMT_MISC needed by "proc-sys-fs-binfmt_misc.mount" service.
It's because the kernel support autofs4 but not MISC binaries.
Since the systemd test infra use the default defconfig (vexpress),
we need to provide a linux fragment to enable CONFIG_BINFMT_MISC.
[1] https://gitlab.com/buildroot.org/buildroot/-/jobs/454255917
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
[yann.morin.1998@free.fr:
- move the kernel config with the others in conf/
]
Tested-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read
has been detected in the pure_strcmp function in utils.c.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the
listdir function in ls.c.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through
2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a
different issue than CVE-2020-6851.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
OpenJPEG through 2.3.1 has a heap-based buffer overflow in
opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of
opj_j2k_update_image_dimensions validation.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In OpenJPEG 2.3.1, there is excessive iteration in the
opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could
leverage this vulnerability to cause a denial of service via a crafted
bmp file. This issue is similar to CVE-2018-6616.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in
the HTTP request parsing logic. By sending a crafted multipart/form-data
HTTP request, an attacker could exploit this to force shellinaboxd into
an infinite loop, exhausting available CPU resources and taking the
service down.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
An issue was discovered in Suricata 5.0.0. It is possible to
bypass/evade any tcp based signature by overlapping a TCP segment with a
fake FIN packet. The fake FIN packet is injected just before the PUSH
ACK packet we want to bypass. The PUSH ACK packet (containing the data)
will be ignored by Suricata because it overlaps the FIN packet (the
sequence and ack number are identical in the two packets). The client
will ignore the fake FIN packet because the ACK flag is not set. Both
linux and windows clients are ignoring the injected packet.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666
regardless of the configured umask, leading to disclosure of information
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input
file can result in an infinite loop and hang, with high CPU consumption.
Remote attackers could leverage this vulnerability to cause a denial of
service via a crafted file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add an upstream patch to fix CVE-2018-19876: cairo 1.16.0, in
cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a
free function incompatible with WebKit's fastMalloc, leading to an
application crash with a "free(): invalid pointer" error.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: extend commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in
types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory
in crwimage_int.cpp, because there is no validation of the relationship
of the total size to the offset and size.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Fix CVE-2019-15682: RDesktop version 1.8.4 contains multiple
out-of-bound access read vulnerabilities in its code, which results in
a denial of service (DoS) condition. This attack appear to be
exploitable via network connectivity. These issues have been fixed in
version 1.8.5
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
keymaps and save-keymaps require kbd_mode and dumpkeys, respectively, so
remove them if the kbd package is not selected (e.g. devices with serial
console, only).
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Tested-by: Adam Duskett <aduskett@gmail.com>
[yann.morin.1998@free.fr:
- expand to three commands to match the existing hook
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This CVE does not affect the boost package, but is misclassified by our
CVS tracker. As per the advisory:
Unspecified vulnerability in Boost before 6.x-1.03, a module for
Drupal, allows remote attackers to create new webroot directories
via unknown attack vectors.
Ignore the CVS, and expand a comment to explain it.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: expand the comment]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
openrc provides scripts that have been written for the big-gun kmod, and
so use options unknown to the busybox' provided applets:
- Busybox modprobe does not have a "--first-time" option,
- the "--verbose" option is just "-v",
- the "--use-blacklist" option is just "-b". Also blacklist support is
not selected in our default busybox configuration.
One of two options, is to "fix" or "adapt" openrc's scripts to busybox,
which means for the openrc package to go peek into files from the
busybox package, which is not nice, and can't work because that is not
available by the time we scan our Makefiles.
The other option, which this patch implements, is to just add a
dependency onto kmod and its tools.
Reported-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In all steps, we print the message indicating the start of the step
using the MESSAGE macro before running pre-hooks. Except in the image
installation step, where the message is printed after the pre-hooks.
Let's fix this inconsistency.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
modern versions of exim are installed into sbin not bin
Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2020-9308: archive_read_support_format_rar5.c in libarchive
before 3.4.2 attempts to unpack a RAR5 file with an invalid or
corrupted header (such as a header size of zero), leading to a SIGSEGV
or possibly unspecified other impact.
- use --with-nettle to enable nettle support, see
f96a71144b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- drop new optional dependency to mbedtsl, forced off for now
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in
packet.c has an integer overflow in a bounds check, enabling an attacker
to specify an arbitrary (out-of-bounds) offset for a subsequent memory
read. A crafted SSH server may be able to disclose sensitive information
or cause a denial of service condition on the client system when a user
connects to the server.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
A vulnerability was found in dnsmasq before version 2.81, where the
memory leak allows remote attackers to cause a denial of service
(memory consumption) via vectors involving DHCP response creation.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Fix CVE-2019-17543: LZ4 before 1.9.2 has a heap-based buffer overflow
in LZ4_write32 (related to LZ4_compress_destSize), affecting
applications that call LZ4_compress_fast with a large input. (This
issue can also lead to data corruption.) NOTE: the vendor states "only
a few specific / uncommon usages of the API are at risk."
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2019-20044: In Zsh before 5.8, attackers able to execute
commands can regain privileges dropped by the --no-PRIVILEGED option.
Zsh fails to overwrite the saved uid, so the original privileges can
be restored by executing MODULE_PATH=/dir/with/module zmodload with a
module that calls setuid().
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current solution used to collect the list of files installed by
packages does not work for top-level parallel build. Indeed, we rely
on a file created after the installation of the previous package to
build the list of files installed by the current package.
This works well when packages are built sequentially, but badly fails
when using top-level parallel build.
More specifically, top-level parallel build can fail with:
comm: /home/thomas/buildroot/output/build/.files-list-host.new: No such file or directory
Because that file has been removed concurrently by the build process
of another package.
This commit reworks the logic in a very straight-forward way. Before
the installation of each package, we store the list of files that are
already installed and store it in the package build directory. After
the installation of each package, we store again that list of files,
calculate the difference with the before file, and store that as the
list of files installed by that package, still in the package build
directory.
At the end of the build, in target-finalize we collect all the
collected information into the global package file lists, that
continue to be installed in the same location as before, with the same
name.
There are however some differences:
(1) The files are no longer ordered in build order, but by alphabetic
ordering of packages. Indeed, "build order" no longer makes any
sense in the context of top-level parallel build.
(2) Some files which were incorrectly tracked are no longer
tracked. For example, the toolchain package is a target package,
but it installs files in $(HOST_DIR). In the previous logic, the
files installed by the toolchain package in $(HOST_DIR) were
incorrectly affected to the next host package that was installed
after the toolchain package. With our new logic, those files are
no longer tracked at all. To fix this, we would have to change
the logic to scan HOST_DIR/TARGET_DIR/STAGING_DIR for all
installation steps, not just for the install-host, install-target
and install-staging steps respecitively. But the result was
already incorrect anyway, and therefore this should be fixed
separately.
Note that the check_bin_arch hook needs to be adjusted: it was using
the global package-file-list.txt file, but this file is now created
only at the very end of the build. So instead, we use the current
package .file-list.txt file to know which packages have been installed
by the current package in $(TARGET_DIR).
Fixes:
http://autobuild.buildroot.net/results/4e60fa31b1cd08bc7fdf9c5dd3a3f4941e029ba3/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use the same trick in step_pkg_size as the one used in check_bin_arch:
factorize the two $(filter ...) calls into one, checking in one step
the step and whether it's the beginning or end of the step.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release, fixing a number of issues. For details, see the
announcement:
https://docs.python.org/release/3.8.2/whatsnew/changelog.html#python-3-8-2-final
Adjust the spacing in the hash file and update the hash of the license file
for a change in copyright years:
-2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019 Python Software Foundation;
+2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Python Software Foundation;
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As pointed by Peter combined condition of the 2 gcc bugs is potentially
wrong, but as Thomas pointed in this case it's not harmful. Let's fix it
anyway since it's basically wrong even it doesn't cause harm.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The host-swig package installs the swig binary as 'swig' and adds a
swig<major> symlink (E.G. swig4.0). This causes issues for older software
which may not know about the 4.0 version of swig, E.G. CMake 3.10.x
contains the following swig detection logic:
find_program(SWIG_EXECUTABLE NAMES swig3.0 swig2.0 swig)
If the host has a 3.x or 2.x variant of swig installed, then that will be
used instead of our host-swig.
As a workaround, also add a swig3.0 symlink so our host-swig will be used.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[Peter: reworded]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2020-9273: In ProFTPD 1.3.7, it is possible to corrupt the memory pool
by interrupting the data transfer channel. This triggers a use-after-free
in alloc_pool in pool.c, and possible remote code execution.
And additionally, fixes a number of other issues. For details, see the
release notes:
https://github.com/proftpd/proftpd/blob/1.3.6/RELEASE_NOTES
This also bumps the bundled libcap, so
0001-fix-kernel-header-capability-version.patch can be dropped.
While we are at it, adjust the white space in the .hash function to match
the new agreements.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Similar to the fix for the base beaglebone defconfig in commit 38912a61be
(configs/beaglebone: kernel builds needs host-openssl), the qt5 variant uses
the same kernel, so also needs host-openssl.
Fixes:
914 scripts/extract-cert.c:21:25: fatal error: openssl/bio.h: No such file or directory
915 #include <openssl/bio.h>
https://gitlab.com/buildroot.org/buildroot/-/jobs/451176891
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The recent bump of python-pyyaml to version 5.3 causes a runtime
failure in docker-compose:
pkg_resources.ContextualVersionConflict: (PyYAML 5.3 (/usr/lib/python3.8/site-packages), Requirement.parse('PyYAML<5.2,>=3.10'), {'docker-compose'})
https://gitlab.com/buildroot.org/buildroot/-/jobs/442151461
Fix it by adjusting 0003-support-PyYAML-up-to-5.1-version.patch to
allow all pyyaml 5.x versions, similar to what upstream has done
post-1.24.1:
c818bfc62c
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When building host-util-linux, the systemdsystemunitdir is set to the
real host directory, so the install step fails with:
/usr/bin/install: cannot remove '/usr/lib/systemd/system/fstrim.service': Permission denied
/usr/bin/install: cannot remove '/usr/lib/systemd/system/fstrim.timer': Permission denied
Since we don't need systemd support in host-util-linux, unconditionally
disable it for the host build.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 3f8ace0028
("board/freescale/common/imx: add support for i.MX8") had its
conflicts incorrectly tweaked when applied to Buildroot. The
ahab-container.img is installed with this name (ahab-container.img) by
the imx-firmware package, and not mx8qm-ahab-container.img or
mx8qx-ahab-container.img.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Julien Olivain <juju@cotds.org>
Tested-by: Julien Olivain <juju@cotds.org>
Reported-by: Fabio Estevam <festevam@gmail.com>
Tested-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
brltty builds host tools which rely on the expat library, and
pkg-config is used to detect the expat library.
Since commit cd16e18584 ("pkgconf:
always keep system libs"), the wrapper script added
--keep-system-libs, which adds a -L$(STAGING_DIR)/usr/lib to the
pkg-config results instead of just -lexpat. So, previously, by chance,
the pkg-config result for the target expat was "good enough" for the
host expat as well. But now that -L$(STAGING_DIR)/usr/lib is added, it
breaks the build in all sort of ways as obviously building host
binaries with the library search path pointing to $(STAGING_DIR) is
not a good idea.
To fix that, this commit adjusts the brltty build system so that the
PKG_CONFIG_FOR_BUILD variable is used when using pkg-config to build
host binaries.
Fixes:
http://autobuild.buildroot.net/results/5a64dfb845389882c366b6c91aaf5868c090a802/
Many thanks to the initial work from Fabrice Fontaine at
http://patchwork.ozlabs.org/patch/1238163/ which provided an initial
starting point for this investigation.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
From 7d68fa68cd9f2987bd85339f3391913a8b0e58c7 Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Date: Tue, 24 Mar 2020 10:21:27 +0100
Subject: [PATCH] efi/main.c: include <efisetjmp.h>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Building syslinux against gnu-efi 3.0.10 currently fails with:
syslinux/efi/main.c:33:8: error: unknown type name ‘jmp_buf’
33 | static jmp_buf load_error_buf;
| ^~~~~~~
syslinux/efi/main.c: In function ‘local_boot’:
syslinux/efi/main.c:189:5: warning: implicit declaration of function ‘longjmp’ [-Wimplicit-function-declaration]
189 | longjmp(&load_error_buf, 1);
| ^~~~~~~
syslinux/efi/main.c: In function ‘build_gdt’:
syslinux/efi/main.c:907:75: warning: taking address of packed member of ‘struct dt_desc’ may result in an unaligned pointer value [-Waddress-of-packed-member]
907 | status = emalloc(gdt.limit, __SIZEOF_POINTER__ , (EFI_PHYSICAL_ADDRESS *)&gdt.base);
| ^~~~~~~~~
syslinux/efi/main.c: In function ‘efi_main’:
syslinux/efi/main.c:1390:7: warning: implicit declaration of function ‘setjmp’ [-Wimplicit-function-declaration]
/home/buildroot/autobuild/run/instance-0/output-1/host/lib/gcc/microblazeel-buildroot-linux-uclibc/8.3.0/../../../../microblazeel-buildroot-linux-uclibc/bin/ld: locale.o: in function `set_default_locale':
(.text+0x260): undefined reference to `mblen'
To fix this issue, don't use mblen if HANDLE_MULTIBYTE is not defined,
an other possibility would be to use MBLEN wrapper defined in shmbutil.h
# used to fix ../../../../libsanitizer/libbacktrace/../../libbacktrace/elf.c:772:21: error: ‘st.st_mode’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
ifeq($(BR2_ENABLE_DEBUG),y)
GCC_COMMON_TARGET_CFLAGS+= -Wno-error
endif
# Propagate options used for target software building to GCC target libs
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
