This commit extends pkg-stats to leverage the recently introduced
CPEDB class to verify that the CPEs provided by Buildroot packages are
indeed known in the official CPE dictionnary provided by NVD.
Co-Developed-by: Grégory Clement <gregory.clement@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Python class which consumes a NIST CPE XML and provides helper
functions to access and search the db's data.
- Defines the CPE as a object with operations / formats
- Processing of CPE dictionary
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Co-Developed-by: Grégory Clement <gregory.clement@bootlin.com>
Co-Developed-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When using the headers from the kernel to be built, with the kernel
set to a custom version, and overriding the kernel sources with
LINUX_OVERRIDE_SRCDIR, the linux-headers package is still trying to
download an archive, and fails to validate its hash.
What is going on under the hood is that, with _OVERRIDE_SRCDIR, the
_VERSION of a package is set to 'custom'. Furthermore, the variable
BR_NO_CHECK_HASH_FOR is recursively expanded, so its value is only
evaluated when it is needed.
For linux-headers, we inherit the values from the linux package, and
the LINUX_HEADERS_VERSION takes the value from the configuration.
Thus we end up with the following situation:
LINUX_VERSION=custom
LINUX_HEADERS_VERSION=5.10 # For example
BR_NO_CHECK_HASH_FOR=... linux-custom.tar.gz ...
And thus the archive downloaded by linux-headers will not match any
exclusion, and since there will most probably not be a hash for it,
the download will fail, as was noticed and reported by Jarkko.
But in this case, what we really want is to really use the headers
from the kernel that we build, we do not even want to attempt a
download at all.
So, when using the headers from the kernel to be built, we also
propagate the LINUX_OVERRIDE_SRCDIR to linux-headers, so that we
also use the headers from the overridden sources.
Furthermore, in that configuration, we explicitly disallow
overriding the linux-headers specifically, as it does not make sense
(even though, if they were overridden to the same location, that'd
be OK, but to simplify the condition, we do not even check for that).
Reported-by: Jarkko Sakkinen <jjs@kapsi.fi>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When cross-compiling grpc, a native tool 'grpc_cpp_plugin' is needed.
Patch '0001-target-build-using-host-plugin.patch' in Buildroot provides a
way to pass the path to this tool via a configure option
'gRPC_NATIVE_CPP_PLUGIN'.
In version 1.20.0, the upstream grpc project added better support for
cross-compiling via commit 0d7a0ded [1], searching for the native
grpc_cpp_plugin via PATH (rather than specifying it as configure option as
our patch was doing).
This change renders the mentioned Buildroot patch obsolete, so remove it.
[1] 0d7a0ded1c
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Reviewed-by: Michael Nosthoff <buildroot@heine.tech>
Tested-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The check for a default route is inverted, causing the script to wait
for the timeout even when a default IPv6 route is available. Fix this up
so that it exits early as expected.
Reported-by: Bhattiprolu RaviKumar <ravikumar.bhattiprolu@gmail.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2021-3281: Potential directory-traversal via archive.extract()
The django.utils.archive.extract() function, used by startapp --template and
startproject --template, allowed directory-traversal via an archive with
absolute paths or relative paths with dot segments.
For details, see the advisory:
https://www.djangoproject.com/weblog/2021/feb/01/security-releases/
Additionally, 3.0.11 fixed a regression:
https://docs.djangoproject.com/en/3.1/releases/3.0.11/
Update indentation in hash file (two spaces).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the announcement:
ChangeLog for Privoxy 3.0.31
--------------------------------------------------------------------
- Security/Reliability:
- Prevent an assertion from getting triggered by a crafted CGI request.
Commit 5bba5b89193fa. OVE-20210130-0001.
Reported by: Joshua Rogers (Opera)
- Fixed a memory leak when decompression fails "unexpectedly".
Commit f431d61740cc0. OVE-20210128-0001.
- Bug fixes:
- Fixed detection of insufficient data for decompression.
Previously Privoxy could try to decompress a partly
uninitialized buffer.
https://www.privoxy.org/announce.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is no need to get both the key and the value out of the dict if the
key is not used, so use dict.values() instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop 0003-rewrite-wcsnrtombs-to-fix-buffer-overflow-and-other-.patch
as it is a backport of upstream commit
3ab2a4e02682df1382955071919d8aa3c3ec40d4 which is part of the 1.2.2
release.
1.2.2 release notes
major changes:
- child restrictions lifted after fork of multithreaded parent
new features:
- _Fork function (POSIX-future)
- reallocarray function (extension from OpenBSD, now widespread)
- gettid function (kernel tid as supported concept)
- SIGEV_THREAD_ID sigevent API (Linux extension)
- tcgetwinsize and tcsetwinsize functions (POSIX-future)
performance:
- faster software sqrt on archs without native sqrt instruction
compatibility:
- realpath no longer depends on procfs availability & accuracy
- time zone parser now always prefers 64-bit tables if present
- crypt_blowfish now supports $2b$ prefix
- res_query now reports errors via h_errno
- set*id and setrlimit are now safe in vforked/cloned child
- setgroups now applies to all threads
- dlopen debugger notification is improved, should work with lldb
- setrlimit no longer needs __synccall broadcast on linux 2.6.36+
- faccessat with AT_EACCESS no longer needs child process on linux 5.8+
bugs fixed:
- buffer overflow and infinite loop errors in wcsnrtombs (CVE-2020-28928)
- sem_close unmapped still-referenced semaphores
- fork of process with active aio could deadlock or crash paren
- pthread_cond_wait was broken with priority-inheritance mutex
- getgrouplist wrongly failed when nscd reported an empty list
- abort could leak modified SIGABRT disposition to fork or posix_spawn child
- regression with mallocng: malloc_usable_size(0) crashed
- readlink wrongly gave EINVAL on zero length dest buffer
- sqrtl was severely inaccurate (not correctly rounded) on ldquad archs
- assert failure wrongly flushed stdio (possible deadlock)
- MUSL_LOCPATH search was broken with multiple components
- missing newline in herror output
- possible deadlock in pthread_exit with pshared mutex or barrier usage
- pthread_mutexattr_getprotocol didn't read back protocol
- v4l2 ioctl translation for pre-time64 kernels didn't work
arch-specific bugs fixed:
- x86_64 longjmp failed to handle 0 argument reliably
- i386 __set_thread_area fallback for pre-2.6 kernels didn't work
- missing O_LARGEFILE macro value on x86_64, x32, mips64
- unpredictable s390x breakage from failure to preserve call-saved registers
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that 2.36.x has been added, that 2.35.x is the default version,
drop support for 2.33.x.
Note that we keep binutils 2.32.x as it is the latest version that
works for FLAT binaries (used on noMMU platforms).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that 2.36 has been released, let's use 2.35.x as the default
binutils version.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When BR2_PACKAGE_XENOMAI_CUSTOM_TARBALL is selected, the xenomai package
declared an empty version, which among others means that the build directory
becomes output/build/xenomai without any version specification, and empty
version information in 'xenomai-show-info'.
Other packages that allow a custom tarball, like 'linux' and
'arm-trusted-firmware', specify 'custom' as version in this case.
Adapt the xenomai package accordingly.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Version 1.6.2 now builds against headers >= 4.8.x. (Previously 5.5 was
required). Functionality might still be limited depending on the kernel version.
* altered note on updating
* disable building of tests
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Major Behavior Changes
- As a reminder for those upgrading from older releases, as of FRR 7.4
and beyond:
RFC 8212 is now enabled by default. BGP will not advertise or use
routes unless explicitly configured to do so with an export or import
policy.
All daemons
Minimum libyang version is now 1.0.184
bfdd
Profile support
Minimum TTL support
bgpd
RPKI now has support for VRFs
Add wide option to route show commands
Add ability to count filtered prefixes when using maximum-prefix
with new force option
Add ability to show selected bestpath routes for a given neighbor
with bestpath-routes option to neighbor show command
Add ability to specify message when admin downing a session with bgp
shutdown message MSG... command
Add IPv6 support for Flowspec
Add ability to shut down neighbor if RTT is too high with neighbor
<neigh> shutdown rtt command
Allow update-delay to be applied globally
Graceful Restart fixes
Stability and performance fixes
EVPN
Beginning of MultiHoming support; stay tuned
isisd
Add VRF support
Add support for Anycast-SIDs
Fix adjacency timer display overflow
ospfd
Segment Routing support for ECMP
Prevent crash if transferring config amongst instances
Various LSA-related fixes
pbrd
Add JSON support to commands
Add ability to match on DSCP/ECN fields
pimd
Add more JSON support to commands
Add support for MSDP SA forwarding
(s,g,rpt) ifchannel is now cleared when (*, G) prune is received
Fix IGMP querier election and IP address mapping
Fix missing mesh-group commands
Fix crash when RP is removed
staticd
Add support for Northbound API
zebra
Nexthop group support for FPM
Netlink batching support
Northbound support for RIB model
Backup nexthop support
Allow upper level protocols to request ARP
Add json output for zebra ES, ES-EVI and access vlan dumps
vtysh
Speed up output across daemons
Fix build-time errors for some --enable flags
Northbound / YANG
Filter and route-map support
OSPF model definition
BGP model definition
RPM Packaging
Moved RPKI to subpackage
Added SNMP subpackage
Signed-off-by: Vadym Kochan <vadym.kochan@plvision.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update to use the official linux kernel v5.10 instead of an
out-of-tree kernel, and use the official U-Boot v2021.01 as the
bootloader. Provide two configuration files of genimage for different
boot flows:
- Boot from SD card (default)
- Boot from SPI flash
A boot script is generated to automatically boot the distro.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop dependency on gcc >= 4.8 for efl options as it is guaranted since
commit dbe2d2e686 which added a dependency
on gcc >= 4.9 for efl
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Both S40xorg and S90nodm tries to run an Xserver on vt1, causing the nodm
one to fail. If nodm is enabled, then that is likely what the user wants to
run, so skip installing S40xorg.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In commit 7a607dab33
("support/scripts/pkg-stats: support generating stats based on
configured packages"), we added a -c option to pkg-stats to generate a
report based on the list of packages enabled in the configuration,
rather than for all packages.
This is done based on the list of packages returned in JSON format by
"make show-info". However, we use the keys of the JSON dict returned
by "make show-info", which include the host- prefix of host
packages. Due to this, none of the host packages are currently
matching and therefore they are not reported in the pkg-stats -c
output.
This commit fixes that by using the recently introduced "name"
property in the "make show-info" JSON dict.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: use anonymous '_' for unused variable]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The keys of the JSON dict returned by "make show-info" is the package
name, including the "host-" prefix for host packages.
However, it is sometimes useful to get the actual name of the package,
without the "host-" prefix, so we add a "name" property that holds the
"raw name" of the package.
Suggested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
BUILD_ALONG_WITH_CMRTLIB has been dropped since version 18.2.0 and
c3e13c175d
RUN_TEST_SUITE is also unrecognized (only MEDIA_RUN_TEST_SUITE is
recognized)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
So the normal DHCP-on-eth0 logic works for the graphical defconfig where
eudev is used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Explicitly enable PCI support in the kernel after commit eb01d42a77785 (PCI:
consolidate PCI config entry in drivers/pci) and change to GPT partitions /
root=PARTLABEL to find the rootfs instead of hardcoding /dev/mmcblk2p2 as
the mmc probing order has changed since commit 21b2cec61c04bd1 (mmc: Set
PROBE_PREFER_ASYNCHRONOUS for drivers that existed in v4.4).
This has the additional advantage that the same image will work when written
to a USB drive instead of a microsd.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libgeos unconditionally uses wstring which raises the following build
failure:
In file included from /srv/storage/autobuild/run/instance-3/output-1/build/libgeos-3.9.0/tools/astyle/ASLocalizer.cpp:40:
/srv/storage/autobuild/run/instance-3/output-1/build/libgeos-3.9.0/tools/astyle/ASLocalizer.h:72:34: error: 'wstring' does not name a type; did you mean 'stdin'?
string convertToMultiByte(const wstring& wideStr) const;
^~~~~~~
stdin
Fixes:
- http://autobuild.buildroot.org/results/e97d03848d9bbf1845b994f391679a1dbf49f61e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump version and drop local patches already merged upstream. Add Linux
option needed by Linux version >= 4.20 package documentation and to .mk
file that automatically adds it to Linux config when building.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The --cpeid option was mistakenly introduced by commit
92e7089a8c ("support/script/pkg-stats:
show CPE ID in results") but is in fact not necessary.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit bd665d182c
("support/scripts/pkg-stats: improve rendering of CVE information"),
we have better reporting of CVE related information, based on
pkg.status['cve']. However, this commit broke pkg-stats when the
--nvd-path option is not passed, and therefore no CVE information is
available.
This commit fixes that, by making use of the is_status_ok(),
is_status_error() and is_status_na() methods recently introduced.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Make is_status_ok() work when the given status name is not even listed
in the status dict. This will be necessary for following commits.
Introduced similar methods for the error and na status, which will be
used in following commits.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Force Release build to remove -Werror and avoid the following build
failure:
/home/giuliobenetti/autobuild/run/instance-3/output-1/build/open62541-1.0/arch/network_tcp.c: At top level:
cc1: error: unrecognized command line option '-Wno-static-in-inline' [-Werror]
cc1: all warnings being treated as errors
Fixes:
- http://autobuild.buildroot.org/results/24b429ce0ae2b33e72bb6a0f523c3906e539a4fd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2021-3181: rfc822.c in Mutt through 2.0.4 allows remote attackers to
cause a denial of service (mailbox unavailability) by sending email
messages with sequences of semicolon characters in RFC822 address fields
(aka terminators of empty groups). A small email message from the
attacker can cause large memory consumption, and the victim may then be
unable to see email messages from other persons.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit a7b51ed301 forgot to update hash of
COPYING which now contains LGPL-2.1+
Here is an extract of
0a8882b1a1:
"The vast majority of GdkPixbuf is released under the terms of the GNU
Lesser General Public License, version 2.1 or later.
The following files are released under the terms of the GNU Library
General Public License, version 2 or later:
[...]
The aggregate license of the GdkPixbuf project is the Lesser GPL v2.1 or
later."
Fixes:
- http://autobuild.buildroot.org/results/292306061216471c258a89e61b54c0d05c757321
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Main reason is to fix the issue when secure_getenv() is missing
in older toolchain, but it was fixed in this version by using
getenv() as alternative.
Signed-off-by: Vadym Kochan <vadym.kochan@plvision.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump Linux to 5.10.10 and U-Boot to 2020.10. In the new kernel sunxi-mmc
driver has been switched to asynchronous probe. As a result, mmc indexes
can be shuffled breaking board boot. Add patch that pins mmc indexes to
their original ordered values.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump Linux to 5.10.10 and U-Boot to 2020.10.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump Linux to 5.10.10 and U-Boot to 2020.10.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The 'ubi' collectd plugin was added in 5.11.0.
Add options in Buildroot to enable it.
Based on code by Bart De Vos.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Switch to meson-package
- Drop GDK_PIXBUF_DISABLE_TESTS as it is not needed anymore (meson
doesn't build tests when cross-commpiling)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 4fea71ac78 (package/sudo: security bump to version 1.9.5p2)
removed the patch, but forgot to remove the now unneeded autoreconf. Fix
that.
Reported-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The host build of uboot-tools can occur early in the build process and may
require the creation of BINARIES_DIR before generation of an enabled envimage
and/or boot script binary. So to resolve this in proper way, separated the
build and installation part of uboot env/script in their respective commands.
Signed-off-by: Kalpesh Panchal <kalpesh.panchal@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Major changes between sudo 1.9.5p2 and 1.9.5p1
* Buildroot: dropped a patch that was included in the release.
* Fixed sudo's setprogname(3) emulation on systems that don't
provide it.
* Fixed a problem with the sudoers log server client where a partial
write to the server could result the sudo process consuming large
amounts of CPU time due to a cycle in the buffer queue. Bug #954.
* Added a missing dependency on libsudo_util in libsudo_eventlog.
Fixes a link error when building sudo statically.
* The user's KRB5CCNAME environment variable is now preserved when
performing PAM authentication. This fixes GSSAPI authentication
when the user has a non-default ccache.
* When invoked as sudoedit, the same set of command line options
are now accepted as for "sudo -e". The -H and -P options are
now rejected for sudoedit and "sudo -e" which matches the sudo
1.7 behavior. This is part of the fix for CVE-2021-3156.
* Fixed a potential buffer overflow when unescaping backslashes
in the command's arguments. Normally, sudo escapes special
characters when running a command via a shell (sudo -s or sudo
-i). However, it was also possible to run sudoedit with the -s
or -i flags in which case no escaping had actually been done,
making a buffer overflow possible. This fixes CVE-2021-3156.
https://www.sudo.ws/stable.html#1.9.5p2
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
opentracing-cpp fails to build if clang-tidy is installed:
...
-- clang-tidy found: /usr/lib/llvm/11/bin/clang-tidy
-- Configuring done
-- Generating done
...
[ 25%] Building CXX object CMakeFiles/opentracing.dir/src/propagation.cpp.o
.../buildroot/output/build/opentracing-cpp-1.5.1/include/opentracing/string_view.h:5:10: error: 'algorithm' file not found [clang-diagnostic-error]
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:3:11: warning: '__llvm_libc' needs to be the outermost namespace [llvmlibc-implementation-in-namespace]
namespace opentracing {
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:11:3: warning: use '= default' to define a trivial default constructor [hicpp-use-equals-default,modernize-use-equals-default]
PropagationErrorCategory() {}
^ ~~
= default;
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:13:15: warning: use a trailing return type for this function [modernize-use-trailing-return-type]
const char* name() const noexcept override {
~~~~~~~~~~~ ^
auto -> const char*
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:13:15: warning: method 'name' can be made static [readability-convert-member-functions-to-static]
const char* name() const noexcept override {
^ ~~~~~~
static
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:17:24: warning: use a trailing return type for this function [modernize-use-trailing-return-type]
std::error_condition default_error_condition(int code) const
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:37:15: warning: use a trailing return type for this function [modernize-use-trailing-return-type]
std::string message(int code) const override {
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:58:28: warning: use a trailing return type for this function [modernize-use-trailing-return-type]
const std::error_category& propagation_error_category() {
^
226 warnings and 1 error generated.
Error while processing .../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp.
Suppressed 218 warnings (218 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
Found compiler error(s).
make[3]: *** [CMakeFiles/opentracing.dir/build.make:83: CMakeFiles/opentracing.dir/src/propagation.cpp.o] Error 1
make[3]: *** Waiting for unfinished jobs....
.../buildroot/output/build/opentracing-cpp-1.5.1/include/opentracing/string_view.h:5:10: error: 'algorithm' file not found [clang-diagnostic-error]
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/dynamic_load.cpp:4:
Disable the 'ENABLE_LINTING' option to avoid this influence.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We have three conditions under which some tests may get removed:
uClibc, musl, static libraries. All three use the same mechanism
to exclude those test-cases: remove the files.
The first two use a common variable to list the affected files,
and share the same hook of their own to iterate over that list,
while the third has its own hook.
This is not very clean, so switch to using a single variable and
a single hook for all three conditions.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Petr Vorel <petr.vorel@gmail.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Compile getdents0{1,2}.c which has been fixed in upstream in commit
8a85a2d61 ("getdents: update to the new api, don't mix libc and kernel
types").
Fixes: 84968aa495 ("package/ltp-testsuite: bump version to 20210121")
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As suggested by Yann E. Morin, switch to an active fork with all our
patches as upstream seems pretty dead, and they even acknowledge that
status:
https://ushare.geexbox.org/
By lack of spare time, motivation and interest, uShare development
is currently discontinued (this may change though). Don't expect
release anytime soon :-(
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop libupnp18 as libupnp has been bumped to 1.14.x and 1.8.x will not
been fixed against CallStranger a.k.a. CVE-2020-12695
mpd and vlc are already compliant with libupnp 1.14.x (i.e those
packages use UpnpInit2 instead of the deprecated UpnpInit)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Move site to Orange-OpenSource
- Drop patch (already in version)
- This version is compatible with libupnp 1.14.x to fix
CallStranger a.k.a. CVE-2020-12695
- Add threadutil license (BSD-3-Clause)
- Update hash in license file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- This version is compatible with libupnp 1.14.x which fix
CallStranger a.k.a. CVE-2020-12695
- Drop all patches (already in version)
- expat is not needed since version 1.5.0 and
a4f0cccd6a
- fmt is a mandatory dependency since version 1.5.0 and
fe81e5fc88
- spdlog is a mandatory dependency since version 1.5.0 and
615d698fe4
- pugixml is a mandatory dependency since version 1.5.0 and
c244006aa0
- libnpupnp can be used instead of libupnp since version 1.6.2 and
e648763626
- Set CXX_FILESYSTEM_NO_LINK_NEEDED to ON to avoid a build failure
due to check_cxx_source_runs which has been added with
8ea0fce24c
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- libupnp and libnpupnp are mutually exclusive
- fix typo in npupnp package name
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Fix CallStranger a.k.a. CVE-2020-12695 as well as CVE-2020-13848
- Update indentation in hash file (two spaces)
- Backport all changes from libupnp18 to libupnp:
- Use COPYING instead of LICENSE (no license change)
- Add host-pkgconf dependency
- Add --enable-reuseaddr
- Add openssl optional dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
If Target u-boot is not available, the host build of uboot-tools
requires user to provide u-boot environment source file.
This change resolves a missing parentheses and updates the comment
for the same.
Signed-off-by: Kalpesh Panchal <kalpesh.panchal@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit adds support for Sinovoip's Banana Pi
M1+. It is mostly based on bananapro_defconfig
but with appropriate device tree and minor tweaks:
- apply bananapi-m1-plus device tree in linux
- apply bananapi_m1_plus defconfig for uboot
- apply patch for OOB IRQs on new device tree
- update device tree name in boot.cmd, genimage.cfg
- update symlink for BRCM driver in rootfs_overlay
- overall clean-up of the config
Tested on BPI-M1+ V1_1.
Signed-off-by: Filip Skoneczny <fskoneczny@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Postgresql includes some extra additional loadable modules.
We need just to pass "world/install-world" as make/install targets
to build this modules.
As a side effect documentation will also be built by "make world".
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some external packages call pg_config to determine the installed
PostgreSQL options. Add this output to Buildroots own pg_config,
so these packages correctly compile.
Added options:
--pkgincludedir
--pgxs
--cflags
--cc
--pkglibdir
--bindir
--sharedir
--localedir
--docdir
--mandir
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
GPT provides partition labels, which can be used to tell the kernel to find
the rootfs based on it (root=PARTLABEL=rootfs) as a nicer/more extensible
solution than the MBR disk signature / PARTUUID.
When using GPT, the name of the partition in genimage.cfg is used as the
label for that partition.
The default GPT partition table location unfortunately conflicts with the
SPL location, so move the 16KB GPT table after it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: add the comment about 'rootfs']
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The probing order of the two mmc controllers (sdcard and sdio wifi) has
changed in kernel 5.10 since commit 21b2cec61c04bd1 (mmc: Set
PROBE_PREFER_ASYNCHRONOUS for drivers that existed in v4.4), so change to
root=PARTUUID=.. instead of hardcoding /dev/mmcblkXp2.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: use feedc0de as magic]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Small (35k), and stand-alone, SSDP responder with built-in web server
(on port 1901) for serving description.xml when Windows scans for any
network devices on the LAN. Also includes ssdp-scan (31k), similar to
the mdns-scan tool, to probe for SSDP capable devices.
Although it does not use fork(), it still fails to build on noMMU: lots
of missing function declarations, and lots of multicast-related structs
definitions, causing warnings like:
ssdp-scan.c:57:12: warning: implicit declaration of function ‘strdup’; did you mean ‘strcmp’? [-Wimplicit-function-declaration]
ssdp-scan.c:57:10: warning: assignment to ‘char *’ from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
and errors like:
ssdp.c:357:17: error: storage size of ‘imr’ isn’t known
struct ip_mreq imr;
^~~
Finding the root cause why those get not defined in MMU on uClibc is
quite a head-scratching, so let's just disablessdp-responder for noMMU
architectures.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr: extend commit log to explain noMMU state]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Replace --exec-prefix, which applies to both sbin and bin, with the more
granular --bindir for logger and --sbindir for syslogd. This because
BusyBox installs its syslgod in /sbin and its logger in /usr/bin.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr: add comment, split one-option-per-line]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Installs to /usr/bin and thus replaces the BusyBox logger if enabled.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr: use usual ifeq-else-endif block]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As is done with the init script, parse the system-level customisation
file, if it exists, from the systemd service unit, to allow users to
provide extra arguments passed to the daemon.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr; offload to its own commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Prefer maintainer provided package, not GitHub generated archive
- Local backport of O_CLOEXEC patch not needed anymore, in v2.2.0
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr:
- keep the exec-prefix and without-logger option
- offload the systemd service changes to its own commit
- adapt commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Drop patches (already in version)
- gdlib-config has been dropped since
d62f608c7c
- Update license hash
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop gdlib-config as it won't be available after the bump to version
2.3.0. If gdlib-config is not available, perl-gd fallbacks on glibc.pc
since version 2.57:
069e6cfff6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
ply is a light-weight dynamic tracer for Linux. By means of using the
BPF it can attach probes to the linux kernel (e. g. kprobes).
It's a small alternative to LLVM based tracers for embedded systems.
Project page:
https://github.com/wkz/ply/releases
Documentation can be found here:
https://wkz.github.io/ply/
Tested with beaglebone_defconfig (uClibc-ng as well as glibc)
Signed-off-by: Andreas Klinger <ak@it-klinger.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
GEOS (Geometry Engine - Open Source) is a C++ port of the JTS Topology
Suite (JTS). It aims to contain the complete functionality of JTS in
C++. This includes all the OpenGIS Simple Features for SQL spatial
predicate functions and spatial operators, as well as specific JTS
enhanced functions.
https://trac.osgeo.org/geos
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
[yann.morin.1998@free.fr:
- wrap long lines in Config.in
- wrap long lines in commit log
- drop "invsible characters" <200b>
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop gdlib-config and use pkg-config to find gd.
Indeed, gdlib.pc is available since version 2.1.0 and
071a2a94ee
and gdlib-config has been dropped from version 2.3.0
gnuplot supports pkg-config to find gd since version 5.4.1 and
4a64124cf5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr:
- split long lines in help text
- use traditional ifeq-else-endif block
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The upstream mrouted package comes with its own systemd unit file, but
no SysV init script. This script is a modified copy of the sysklogd
init script, but set to start after networking.
Note: for mrouted to start it requires at least two MULTICAST capable
interfaces that are UP. This is why an added startup delay of 30
seconds (-w 30) was added, in case the system has DHCP enabled.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
IP_MULTICAST depends on CONFIG_NET and CONFIG_INET, but those are really
depp-core symbols, and anyone enabling mrouted will be expected to
already have networking and TCP/IP supports enabled already in their
kernel configuraiton.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
[yann.morin.1998@free.fr:
- add comment about NET and INET,
- update commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
See also commit 4ff6e52392 which describes the
problem in detail.
The same problem now arises again, because syslog-ng renamed the
--enable-snmp-dest option into --enable-afsnmp. See syslog-ng commit
4537938474771673ef5bd4a9cad7c9a7dc20b7c1, first part of 3.27.1.
Update the configure options passed from Buildroot accordingly.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
HDMI support is enabled by default in sunxi_defconfig since commit
c822a3ec17 (ARM: configs: sunxi: Add DRM output-related options), so drop
from fragment.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
arm64 / riscv supports building a gzip compressed 'Image' format kernel,
which is sometimes useful. From arch/arm64/Makefile:
all: Image.gz
Image: vmlinux
$(Q)$(MAKE) $(build)=$(boot) $(boot)/$@
Image.%: Image
$(Q)$(MAKE) $(build)=$(boot) $(boot)/$@
(and similar logic for riscv)
Future architectures may or may not copy this logic, so for robustness add
an explicit Image.gz format rather than copying both Image and Image.gz when
the Image format is used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 40bb37bd70 refactored get-developers, and now the 'os' module is
no longer needed, but still imported:
utils/get-developers:6:1: F401 'os' imported but unused
1 F401 'os' imported but unused
Drop it now.
Reported-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
websocket support is available since version 4.3.3 and
9be8334938
It is enabled if --enable-drafts is passed by the user.
websocket can use libnss or gnutls instead of its builtin SHA1 since
7296fb5b15
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libpcap requires c99 since version 1.10.0 and
68e5ca3f4c
However, this test will fail without wchar on:
configure:3609: /home/buildroot/autobuild/run/instance-2/output-1/host/bin/arm-linux-gcc -std=gnu99 -c -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 conftest.c >&5
conftest.c:52:9: error: unknown type name 'wchar_t'
const wchar_t *name;
^~~~~~~
So hardcode ac_cv_prog_cc_c99 as already done in numerous package such
as apparmor, wireshark, xz, etc.
Fixes:
- http://autobuild.buildroot.org/results/6e87c25a0dccccf5e7ad03742597a0613f554506
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add --disable-metadata configure option. Buildroot by default disable
packages' doc generation. Also generating LTP metadata documentation
would require have host package, which could be complicated since the
LTP build system is autoconf but not automake based.
Drop cacheflush01 patch (from this release) and rebase musl workaround
patch.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop upstream security patch.
Rename --with-system-libpcap to --disable-local-libpcap following
upstream change.
The configure scripts uses pkg-config to find libpcap, add host-pkgconf
dependency.
pkg-config handles static build for us. Remove explicit static build
handling.
Use https for SITE to save redirect.
Update license file hash due to whitespace changes.
Format hashes with two space delimiters.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
configure script now uses pkg-config. Add host-pkgconf dependency.
pkg-config should provide necessary info for libnl build/link. Don't
pass paths to configure.
Add --without-dpdk to make sure we don't link with host installed
libraries.
Format hashes with two space delimiters.
Use https for SITE to save redirect.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add patches needed for compatibility with Postgresql 13, which are
still under review upstream.
Debug builds (BR2_ENABLE_DEBUG=y) fails because of warnings, so
disable WARNINGS_AS_ERRORS.
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
boost is an optional dependency which is enabled by default since
version 0.80.0 and
355fd8d58c
There is no cmake option to enable or disable this dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The vuejs developers have changed the way this package is distributed.
The tarball containing the dist files does not contain anymore the
LICENSE file. The license remains MIT but until it is reintroduced in
the tarball, we have to skip the license file hash verification.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 6a91580c11 added the hash of
0001-Define-_GNU_SOURCE_required_for_O_CLOEXEC_on_uClibc.patch but this
is not needed as this file is included in buildroot and not downloaded
While at it, update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
meson will by default try to detect the presence of ccache, and if
found, will use it unconditionally.
However, using a system-wide ccache, which would be using our own cache
directory, may very well conflict with our own ccache.
But there is no option to disable that meson behaviour. The only
workaround that is even the official documented way to do so, is to
actually pass environment variables that point to the compiler:
https://mesonbuild.com/Feature-autodetection.html#ccache
For the host variants, we pass $(HOST_CONFIGURE_OPTS) in the environment,
and this contains correct settings for CC and CXX, so meson does not try
and detect ccache; it uses exactly what we tell it to use.
For the target variant, the settings for the cross-compiler are defined
in the cross-compilation file, and so meson just abides by our will. But
for the compiler-for-build, there is no way to specify the CC_FOR_BUILD
or CXX_FOR_BUILD via a cross-compilation file:
https://mesonbuild.com/Machine-files.htmlhttps://mesonbuild.com/Cross-compilation.html
We could pass the full TARGET_CONFIGURE_OPTS in the environment, like we
do for the host variant, but this contains a lot more variables that are
supposed to be covered by the cross-compilation file.
So, we stay safe and just provide the exact two variables that meson
will use to avoid detecting ccache.
If the current configuration defines the use of ccache, then these two
variables will be properly setup to use our own ccache.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Gleb Mazovetskiy <glex.spb@gmail.com>
Cc: James Hilliard <james.hilliard1@gmail.com>
Cc: Norbert Lange <nolange79@gmail.com>
As reported on IRC by sephthir, the qemu_sparc_ss10_defconfig doesn't
work as expected: the system generated when booted under Qemu produces
illegal instruction messages.
gcc 8.3, 9.2 are the latest working gcc version. git bisect between
gcc 8.3 and 8.4 allowed to identify the commit that introcuced the
regression.
Reverting this patch allowed to produce a working rootfs.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/786589934
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- cmd/go: packages using cgo can cause arbitrary code execution at build time
The go command may execute arbitrary code at build time when cgo is in use
on Windows. This may occur when running “go get”, or any other command
that builds code. Only users who build untrusted code (and don’t execute
it) are affected.
In addition to Windows users, this can also affect Unix users who have “.”
listed explicitly in their PATH and are running “go get” or build commands
outside of a module or with module mode disabled.
Thanks to RyotaK (https://twitter.com/ryotkak) for reporting this issue.
This issue is CVE-2021-3115 and Go issue golang.org/issue/43783.
- crypto/elliptic: incorrect operations on the P-224 curve
The P224() Curve implementation can in rare circumstances generate
incorrect outputs, including returning invalid points from ScalarMult.
The crypto/x509 and golang.org/x/crypto/ocsp (but not crypto/tls) packages
support P-224 ECDSA keys, but they are not supported by publicly trusted
certificate authorities. No other standard library or golang.org/x/crypto
package supports or uses the P-224 curve.
The incorrect output was found by the elliptic-curve-differential-fuzzer
project running on OSS-Fuzz and reported by Philippe Antoine (Catena cyber).
This issue is CVE-2021-3114 and Go issue golang.org/issue/43786.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add optional lttng-libust support and enable tracing support
in case.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- add new host-python3-jinja2 and host-python3-ply dependencies
- change android, documentation options from boolean to feature
- disable new tracing option (needs lttng-ust)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- fixes: sysklogd 1.6 klogd with newer glibcs: kernel messages are
logged to user facility
- sysklogd removed klogd, functionality has been moved to syslogd
- now supports config fragments in /etc/syslog.d
- disabled sysklogd logger to not interfere with other loggers
- license has changed from GPL-2.0+ to BSD-3-Clause
Signed-off-by: Andreas Hilse <andreas.hilse@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
https://sources.debian.org/data/main/u/unzip/6.0-25 is unreachable so
switch to the debian archive provided by snapshot.debian.org to retrieve
all debian patches at once.
While at it, also update indentation in hash file and add
UNZIP_IGNORE_CVES entries.
The Debian patch archive we refernce brings in a large set of patches,
some of them fixing CVEs. Since we only cary the Debian patch archive
as a single entity, just refer to it to identify all the CVEs the
individual patches there in are fixng.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- don't wrap _SITE line that is anyway too long even when wrapped
- don't enumerate Debian patches one by one, just refere to them
globally
- as a consequence, reorder CVEs
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Use github as a source site, to get a newer version than 4.5, which
was released in May 2011
- Add upstream link to patch
- Use the new COPYING file
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update chrony to version 4.0 and add/remove configuration of
features as necessary.
Remove support for readline. Add support for nettle and
gnutls (required for NTS support). Add pkg-config support (for
nss, nettle and gnutls).
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
CVE-2020-7746 (https://nvd.nist.gov/vuln/detail/CVE-2020-7746)
The options parameter is not properly sanitized when it is processed.
When the options are processed, the existing options (or the defaults
options) are deeply merged with provided options. However, during this
operation, the keys of the object being set are not checked, leading to
a prototype pollution.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
chartjs 2.9.3 has a security vulnerability (CVE-2020-7746) which is not
detected by the CVE scripts, presumably because our version variable starts
with a 'v'.
Move that 'v' prefix out of the version variable to fix that.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since 2.0.0, pyjwt has dropped Python 2.x support, so Python 3.x is
mandatory.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 5b95a5dc2 (support/download: change format of archives generated
from git) changed the way the archives generated from git repositories
are named, adding a "format-version" identifier right between the
package version and the file extension.
Commit c043ecb20 (support/download: change format of archives generated
from svn) did so for archives generated from a subversion checkout.
However, for a few packages, we manually force the _SOURCE variable,
because we want to share the archive with another package, to avoid
downloading and storing those archives twice. This is the case for:
- linux-headers and linux
- barebox-aux and barebox
When the generated tarballs were renamed with the aforementioned
commits, those packages were not updated accordingly.
Fix that by manually propagating the per-site-method format-version.
Reported-by: "Stephane Viau (OSS)" <stephane.viau@oss.nxp.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: "Stephane Viau (OSS)" <stephane.viau@oss.nxp.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit dfcc18f84b cmake-package
_INSTALL_STAGING_OPTS/_INSTALL_TARGET_OPTS use 'install/fast'
instead of 'install', adjust documentation accordingly.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Due to libabseil dependencies the host gcc is at least 4.9.
So the fix for host gcc 4.8 is no longer needed.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Under the assumption that all Buildroot build hosts nowadays are
multithreaded, we can boost performance of host-zstd by enabling
multithreaded operation.
See also commit 52154e5206.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following linking error with uClibc-ng:
/nvme/rc-buildroot-test/scripts/instance-1/output-1/host/bin/arc-buildroot-linux-uclibc-gcc -o/nvme/rc-buildroot-test/scripts/instance-1/output-1/build/coremark-pro-1.1.2743/builds/linux/gcc/bin/cjpeg-rose7-preset cjpeg-rose7-preset.o /nvme/rc-buildroot-test/scripts/instance-1/output-1/build/coremark-pro-1.1.2743/builds/linux/gcc/obj/bench/consumer_v2/cjpeg/*.o /nvme/rc-buildroot-test/scripts/instance-1/output-1/build/coremark-pro-1.1.2743/builds/linux/gcc/obj/mith.a -lm -lpthread -lrt
/nvme/rc-buildroot-test/scripts/instance-1/output-1/host/lib/gcc/arc-buildroot-linux-uclibc/10.2.0/../../../../arc-buildroot-linux-uclibc/bin/ld: /nvme/rc-buildroot-test/scripts/instance-1/output-1/host/lib/gcc/arc-buildroot-linux-uclibc/10.2.0/libgcc.a(unwind-dw2-fde-dip.o): in function `_Unwind_Find_FDE':
/nvme/rc-buildroot-test/scripts/instance-1/output-1/build/host-gcc-final-arc-2020.09-release/build/arc-buildroot-linux-uclibc/libgcc/../../../libgcc/unwind-dw2-fde-dip.c:469: undefined reference to `dl_iterate_phdr'
/nvme/rc-buildroot-test/scripts/instance-1/output-1/host/lib/gcc/arc-buildroot-linux-uclibc/10.2.0/../../../../arc-buildroot-linux-uclibc/bin/ld: /nvme/rc-buildroot-test/scripts/instance-1/output-1/build/host-gcc-final-arc-2020.09-release/build/arc-buildroot-linux-uclibc/libgcc/../../../libgcc/unwind-dw2-fde-dip.c:469: undefined reference to `dl_iterate_phdr'
/nvme/rc-buildroot-test/scripts/instance-1/output-1/host/lib/gcc/arc-buildroot-linux-uclibc/10.2.0/../../../../arc-buildroot-linux-uclibc/bin/ld: GOT and PLT relocations cannot be fixed with a non dynamic linker
/nvme/rc-buildroot-test/scripts/instance-1/output-1/host/lib/gcc/arc-buildroot-linux-uclibc/10.2.0/../../../../arc-buildroot-linux-uclibc/bin/ld: final link failed: bad value
collect2: error: ld returned 1 exit status
/nvme/rc-buildroot-test/scripts/instance-1/output-1/build/coremark-pro-1.1.2743/workloads/cjpeg-rose7-preset//Makefile:65: recipe for target '/nvme/rc-buildroot-test/scripts/instance-1/output-1/build/coremark-pro-1.1.2743/builds/linux/gcc/bin/cjpeg-rose7-preset' failed
Since uClibc-ng 1.0.18 a circular dependency between libc and libgcc
exist, when static linking is used. It can be resolved by the compiler
when -static is correctly passed in the linking step.
So use TARGET_LDFLAGS to pass LDFLAGS
Fixes:
- http://autobuild.buildroot.org/results/ca86624b09fed961d2b9086fee8b2029845746ea
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fixes CVE-2021-23239, a potential information leak in sudoedit that
could be used to test for the existence of directories not normally
accessible to the user in certain circumstances. When creating a new
file, sudoedit checks to make sure the parent directory of the new
file exists before running the editor. However, a race condition
exists if the invoking user can replace (or create) the parent
directory. If a symbolic link is created in place of the parent
directory, sudoedit will run the editor as long as the target of the
link exists. If the target of the link does not exist, an error
message will be displayed. The race condition can be used to test for
the existence of an arbitrary directory. However, it cannot be used to
write to an arbitrary location.
- Fixes CVE-2021-23240, a flaw in the temporary file handling of
sudoedit's SELinux RBAC support. On systems where SELinux is enabled,
a user with sudoedit permissions may be able to set the owner of an
arbitrary file to the user-ID of the target user. On Linux kernels
that support protected symlinks setting
/proc/sys/fs/protected_symlinks to 1 will prevent the bug from being
exploited. For more information, see Symbolic link attack in
SELinux-enabled sudoedit.
- Update license hash:
- copyright of python bindings added with
6c1b155fed
- a few other files (ISC licenced) added with
d4b2db9078
- year updated with
9e111eae57
- Update indentation in hash file (two spaces)
https://www.sudo.ws/stable.html#1.9.5p1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
First patch is not needed since commit
7b3ac6d24d which adds a dependency on
headers >= 4.12
It should also be noted that upstream didn't merge it either
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Using absolute paths within getdeveloperlib isn't very sensible, it
makes a lot more sense to handle everything as relative paths from the
top-level Buildroot source directory.
parse_developers() is changed to no longer take the base path as
argument: it is automatically calculated based on the location of
utils/getdeveloperlib.py. Then, the rest of the logic is adjusted to
use relative paths, and prepend them with the base "brpath" when
needed.
This commit allows pkg-stats to report correct developers information
even when executed from an out of tree directory.
Before this patch:
$ ~/buildroot/support/scripts/pkg-stats -p ipmitool --json out.json
$ cat out.json | jq '.packages.ipmitool.developers'
[]
$ cat out.json | jq '.defconfigs.stm32f469_disco'
{
"name": "stm32f469_disco",
"path": "configs/stm32f469_disco_defconfig",
"developers": []
}
After this patch:
$ ~/buildroot/support/scripts/pkg-stats -p ipmitool --json out.json
$ cat out.json | jq '.packages.ipmitool.developers'
[
"Floris Bos <bos@je-eigen-domein.nl>",
"Heiko Thiery <heiko.thiery@gmail.com>"
]
$ cat out.json | jq '.defconfigs.stm32f469_disco'
{
"name": "stm32f469_disco",
"path": "configs/stm32f469_disco_defconfig",
"developers": [
"Christophe Priouzeau <christophe.priouzeau@st.com>"
]
}
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With Python 3.8, the following deprecation warnings are emitted:
/home/thomas/projets/buildroot/./support/scripts/pkg-stats:418: DeprecationWarning: The explicit passing of coroutine objects to asyncio.wait() is deprecated since Python 3.8, and scheduled for removal in Python 3.11.
/home/thomas/projets/buildroot/./support/scripts/pkg-stats:536: DeprecationWarning: The explicit passing of coroutine objects to asyncio.wait() is deprecated since Python 3.8, and scheduled for removal in Python 3.11.
The correct way to pass coroutines is to use asyncio.create_task(),
but this is rather new method (Python 3.7), and using it breaks
compatibility with older Python versions. As suggested at
https://docs.python.org/3/library/asyncio-task.html#asyncio.create_task,
use the more cryptic, but also more compatible asyncio.ensure_future()
method.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The cve module needs ijson, which may not be installed. Since cve
matching is only enabled when --nvd-path is passed, it is a bit silly
to error out about ijson being missing if it's not used.
So instead of unconditionally importing the cve module, only do it
conditionally.
However, instead of doing it right at the point where it is used, we
do it at the beginning of the main() function. Indeed, if the cve
module is needed but cannot be imported, we want to error out
immediately rather than doing a whole bunch of things, and failing on
the user later on in the middle of the pkg-stats execution.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libzstd.so is built without multi-threading support by default.
The 'HAVE_THREAD' flag is not respected by lib/Makefile, only by
programs/Makefile.
Use the %-mt recipe in lib/Makefile to enable multithreading.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As reported on the mailing list [1], the imx sdma firmwares for
imx[6,7,8] are provided by two packages: firmware-imx and
linux-firmware
$ sha256sum ./firmware-imx-8.10/firmware/sdma/sdma-imx6q.bin
7790c161b7e013a9dbcbffb17cc5d4cb63d952949a505647e4679f02d04c4784
./firmware-imx-8.10/firmware/sdma/sdma-imx6q.bin
$ sha256sum ./linux-firmware-20201022/imx/sdma/sdma-imx6q.bin
7790c161b7e013a9dbcbffb17cc5d4cb63d952949a505647e4679f02d04c4784
./linux-firmware-20201022/imx/sdma/sdma-imx6q.bin
firmware-imx also has firmwares for older variants as well, so this is
what we keep as the only imx sdma firmware provider.
[1] http://lists.busybox.net/pipermail/buildroot/2021-January/300938.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Stephane Viau <stephane.viau@oss.nxp.com>
Cc: Gary Bisson <gary.bisson@boundarydevices.com>
[yann.morin.1998@free.fr: explain why we keep firmware-imx]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Christian Stewart <christian@paral.in>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: rename package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Until now the bootlin-x86-64-glibc was using a Bootlin toolchain as a
custom external toolchain. However, now that we have the
toolchain-external-bootlin package explicitly supporting Bootlin
toolchains as known toolchain profiles, it makes sense to use
that. Indeed, this will ensure that this autobuilder configuration
will use the latest available version of the Buildroot toolchain for
x86-64 glibc.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Adding these patches brings our ffmpeg package to the same level as the
kodi-provided ffmpeg package allowing us to switch the kodi build to
use the system-provided ffmpeg instead of its internal build when kodi
is bumped to version 19.0-Matrix.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes:
http://autobuild.buildroot.net/results/e41/e41f0a779d46565d448a1d20cf5e17060d9a70b8/
Quoted from build/config.log
err: ../test.c:1:23: fatal error: stdatomic.h: No such file or directory
This header was added with gcc-4.9:
https://gcc.gnu.org/gcc-4.9/changes.html
"ISO C11 atomics (the _Atomic type specifier and qualifier and the
<stdatomic.h> header) are now supported."
According to
06718da79c
"In theory, a user can still use --disable-stdatomic to enable the
emulation code, but that's sort of hidden. Actual support will be
removed after the next release or so."
Although adding --disable-stdatomic could fix the current issue we
require gcc >= 4.9 now to follow the recommendation from upstream.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bump ATF, U-Boot and Linux kernel to the NXP BSP 5.4.70_2.3.0 versions.
Note for configs/freescale_imx8mmevk:
On 5.4.70_2.3.0 the default "i.MX8MM LPDDR4 EVK RevB board" support is
removed and replaced by "i.MX8MM LPDDR4 EVK with QCA WIFI revB board".
In case an older revB board is used, then the following step in U-Boot is
needed:
=> setenv fdt_file imx8mm-evk-revb-qca-wifi.dtb
=> saveenv
=> reset
Build- and run-tested on:
o i.MX8MN DDR4 EVK
o i.MX8MQ EVK
Build-tested only for other configs.
Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Tested-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
I do not have access to MacchiatoBin hardware anymore.
So remove its BSP components from my watch list.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix U-Boot config snippet in TestATFAllwinner. Bump U-Boot
version to fix DTC build on hosts with gcc 10 and add
pylibfdt dependency.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There were only two users of Marvell ATF: SolidRun MacchiatoBin board
and ClearFrog GT 8k board. After mv-ddr-marvell package update both
boards switched to upstream ATF. Remove tests for now unused
Marvell ATF.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump U-Boot and Linux kernel versions. Fix recent build failures caused
by mv-ddr-marvell package update. Marvell ATF does not provide a version
compatible with up-to-date mv-ddr-marvell. According to commit log,
Marvell developers are now contributing directly to upstream ATF. So
switch to upstream ATF instead of using older Marvell ATF versions.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/938922500
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
mesa3d should only need expat for a limited set of drivers. However,
the condition in their meson.build is borked:
required: not with_platform_android or with_any_broadcom or with_any_intel
So, as soon as the platform is not android, expat is required. If it
is not already present in the configuraiotn, then meson will try to be
helpful and will try to download its own copy under the table:
Run-time dependency expat found: NO (tried pkgconfig and cmake)
Looking for a fallback subproject for the dependency expat
Downloading expat source from https://github.com/libexpat/libexpat/releases/download/R_2_2_5/expat-2.2.5.tar.bz2
<urlopen error unknown url type: https>
A fallback URL could be specified using source_fallback_url key in the wrap file
../O/build/mesa3d-20.3.3/meson.build:1366:2: ERROR: could not get https://github.com/libexpat/libexpat/releases/download/R_2_2_5/expat-2.2.5.tar.bz2 is the internet available?
Ideally, we would like to fix the condition in the meson.build, to drop
the spurious and dubious condition on the android platform. However it
is not totally obvious what the prupose was, and expat compiles quikly,
so we just add expat as an unconditional mandatory dependency.
Fixes:
http://autobuild.buildroot.org/results/f71865771482b1d71d12e77767d236ca693785d5/http://autobuild.buildroot.org/results/98290b9681a38b3be820017823a4a4196d474476/
....
Reported-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
[yann.morin.1998@free.fr:
- make it a generic fix, not tied to freedreno, reported by Fabio
- rewrite commit log to explain the root cause
- also reported about virgl, by Titouan
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Hard-float support is pretty stable, so make that default for HSDK
boards.
The hard-float setting is a bit convulated since current ARC gcc lacks
--with-fpu - so this is done with BR2_TARGET_OPTIMIZATION
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
[yann.morin.1998@free.fr: split off into its own commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We are no longer actively working on uClibc, so make that default
for HSDK boards.
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
[yann.morin.1998@free.fr: drop enabling hard float]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
No config changes done
| make snps_archs38_hsdk_defconfig
| make savedefconfig
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
For the HS48 processor, BR currently builds with -mcpu=hs4x_rel31 which
generates suboptimal code as it inhibits delay slot and back-back ST and so on.
Enable a new variant to build with -mcpu=hs4x for normal codegen.
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
[yann.morin.1998@free.fr:
- simplify dependencies on MMU page size
- wrap long lines
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This definition is useless, because it is equal to the default value
of <pkg>_CPE_ID_NAME as calculated by generic-package.
Before and after this patch, the CPE ID calculated for the linux-pam
package is exactly the same, according to "make linux-pam-show-info".
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As we discussed on the mailing list, using $(<pkg>_NAME) when defining
CPE ID variables feels a bit odd and needlessly complicated. Just use
the package name directly.
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cpe:2.3🅰️ntp:ntp is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Antp%3Antp
The specification of the version needs to be reworked a little
bit. Indeed, versions look like 4.2.8p15. For the download, we need to
extract 4.2 as the folder is named ntp-4.2. However, for the CPE ID we
need to extract 4.2.8 and p15 into two separate fields.
So, we set:
NTP_VERSION_MAJOR = 4.8
NTP_VERSION_MINOR = 2
NTP_VERSION_POINT = 15
and construct the version:
NTP_VERSION = $(NTP_VERSION_MAJOR).$(NTP_VERSION_MINOR)p$(NTP_VERSION_POINT)
Note that the choice of "point" comes from
http://support.ntp.org/bin/view/Main/ReleaseNumberingScheme, which
states "The letter p followed by an increasing number indicates a
Point (i.e. incremental) Release.".
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- minor maintainence release mainly to address exist build issues;
- remove the following patches since all have been upstreamed:
0001-erofs-utils-fix-multiple-definition-of-sbi.patch;
0002-erofs-utils-fuse-fix-linking-when-using-with-selinux.patch;
0003-erofs-utils-fuse-disable-backtrace-if-unsupported.patch.
Signed-off-by: Gao Xiang <hsiangkao@aol.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop upstream patch which is included in the new version.
Add additional config option `--enable-a2dpconf` to build small (13 kB)
utility `a2dpconf` which does not depend on any external dependencies.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Integrate the RCW into the storage device image, so the image can also
be used a boot source. The SoC expects the RCW at offset 4096 of the SD
card or eMMC.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* add option for new library Boost.JSON
* drop patch 0001 as it's applied upstream
* host: disable options that were added over time but never disabled for the host-build
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There is only one commit between version 3.2.1 and current commit
7c74fa1aece6bc6db351763dc012193d5d634b7e which updates the release file:
6a9efb7dd2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When a package has both a target and a host variant, and uses git
submodules, and the host variant is downloaded before the target one, we
end up with the generated archive missing the submodules.
This happens in exactly one package in our tree: c-capnproto.
This issue was not caught before because after a few days, the full
sources are added to sources.buildroot.net. So when the hash check
fails, the full tarball is simply downloaded from there.
Propagate the git submodule setting from the target variant to the host
variant, unless the host variant explicitly opted-out.
Fixes:
http://autobuild.buildroot.org/results/2de9c6c8ce83569d18cc7140ebc60d6fe1aadcbf/
Reported-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Commit 37a909cacf (package/tar: drop specific version for host variant)
updated the host variant from 1.29 to 1.32.
However, because there is no longer any upper-limit to the version of
tar accepted from the system, and because tests were conducted on a
recent distribution, there was no need to build the host variant of tar.
As a consequence, updating the hash file was missed.
Do so now.
Also switch to using the new two-space separators.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Use the COREMARK_PRO_MARKS definition from the build recipe to
generate the coremark-pro.sh
- Use %x:%X as the date stamp in the results file.
Suggested-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
nvidia-modprobe package adds a utility and headers for probing the NVIDIA
hardware at runtime.
https://github.com/NVIDIA/nvidia-modprobe
Signed-off-by: Christian Stewart <christian@paral.in>
[Arnout:
- use upstream Makefile instead of building directly;
- don't install to staging;
- remove dependency on host-pkgconf;
- correct license to GPL-2.0;
- remove dependency on threads and glibc;
- add dependency on MMU.]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop 5.9 stable (EOL).
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
[Peter: add Config.in.legacy handling for 5.9]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that we can generate reproducible archives, with all known tar
versions starting with 1.27, we don't need to clamp the host-tar
version to the old 1.29, and can now bump to any later version.
Drop the host-tar version, and use the same as the target variant.
Note that we still need the _SOURCE trick, to avoid depending on tar
to extract the tar tarball...
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
So far, we checked that the tar present on the host was at most tar
1.29, because tar 1.30 changed the way it generates archives.
Having a maximum tar version requirement meant that we would eventually
always have to build our own host-tar, as distributions are updating
the version they use.
But now, we have found a way to generate reproducible archives starting
with tar 1.27 onward, so we no longer need the check for a maximum tar
version, so we can drop that requirement.
Note: this is semantically a revert of b8fa273d50 (check-host-tar.sh:
blacklist tar 1.30+), but keeping the new, mostly-linear code-path.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
Like we recently did for git, switch the archives generated from
subversion to be reproducible whatever the tar version.
We have no in-tree users of the svn backend which also has hashes,
so no hash to update.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Heiko Thiery <heiko.thiery@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
Commit 89f5e9893 (support/download/svn: generate reproducible svn
archives) did what it said, but can be siplified a bit.
Indeed, we are doing an svn export, so we won't have any of the .svn
directories, neither at the root of the extract, nor in any of the
sub-directories.
As such, we do not need to filter them out when we generate the list
of files to include in the archive.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Heiko Thiery <heiko.thiery@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
Switch to using the tarball helper, that can generate reproducible
archives whatever the tar version >= 1.27.
However, those archives are not identical to the previous ones generated
in the (now-broken) gnu format.
To avoid any clashing between old and new archives, and new and old
Buildroot versions, we need to name the new generated archives
differently from the existing ones.
So, we bump the git-specific format-version to -br1.
The %ci date has been supported by git back to 1.6.0, released August
2008); it is not strictly ISO8601, but is still accepted as a PAX date
header. The strict ISO8601 placeholder, %cI, was only introduced with
2.2.0, release in November 2014, so too recent to be widely available.
As the format and the names of the archives changes, we need to update
all the hash files with the new names and hashes.
Of all the bootloaders that have a git download method, vexpress-firmware
is the only one to have a hash. Others have no hash files, or they have
explicitly set BR_NO_CHECK_HASH_FOR.
For the packages, linux-headers is the special snowflake, as the git
download is only for custom git tree, so it is excluded from the hash
verification with BR_NO_CHECK_HASH_FOR.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
---8<------8<------8<------8<---
#!/bin/sh
# Find and download all packages using git as backend.
# Manually fix hashes for affected packages.
# Packages that only have a host variant
HOST_ONLY='imx-mkimage|mxsldr|netsurf-buildsystem|opkg-utils|prelink-cross|qoriq-rcw|vboot-utils'
# Packages that have a non-git main _SOURCE, and/or which
# have BR_NO_CHECK_HASH_FOR for the git _SOURCE
NOT_GIT='aufs|aufs-util|xenomai|linux-headers'
export BR2_DL_DIR=$(pwd)/temp-dl-dir
make defconfig
make $( git grep -l -E 'SITE_METHOD[[:space:]]*:?=[[:space:]]*git\>|_SITE[[:space:]]*:?=[[:space:]]*git:' \
boot/vexpress-firmware/ package/ \
|sed -r -e 's,.*/([^/]+)\.mk,\1,' \
|sed -r -e '/^('"${NOT_GIT}"')$/d;' \
-e 's/^('"${HOST_ONLY}"')/host-\1/;' \
-e 's/$/-legal-info/;'
)
---8<------8<------8<------8<---
We currently need to generate reproducible archives in at least two
locations: the git and svn download backends. We also know of some
future potential use (e.g. the other download backends, like cvs, or
in the upcoming download post-processors for vendoring, like cargo
and go).
However, we are currently limited to a narrow range of tar versions
that we support, to create reproducible archives, because the gnu
format we use has changed with tar 1.30.
As a consequence, and as time advances, more and more distros are,
or will eventually start, shipping with tar 1.30 or later, and thus
we need to always build our on host-tar.
Now, thanks to some grunt work by Vincent, we have a set of options
that we can pass tar, to generate reproducible archives back from
tar-1.27 and up through tar-1.32, the latest released version.
However, those options are non-trivial, so we do not want to have
to repeat those (and maintain them) in multiple locations.
Introduce a helper that can generate a reproducible archive from
an input directory.
The --pax-option, to set specific PAX headers, does not accept
RFC2822 timestamps which value are too away from some fixed point
(set atcompile-time?):
tar: Time stamp is out of allowed range
However, the same timestamps passed as strict compliant ISO 8601 are
accepted, so that's what we expect as a date format.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
---8<------8<------8<------8<---
# Here is a Makefile used to test all the versions of tar, with
# different output formats and different sets of options:
# Versions prior to 1.27 do not build on recent machines, because
# 'gets()' got removed (rightfully so), so don't count them as
# candidates.
VERSIONS = 1.27 1.27.1 1.28 1.29 1.30 1.31 1.32
DATE = Thu 21 May 2020 06:44:11 PM CEST
TARS = \
$(patsubst %,test_gnu_%.tar,$(VERSIONS)) \
$(patsubst %,test_posix_%.tar,$(VERSIONS)) \
$(patsubst %,test_posix_paxoption_%.tar,$(VERSIONS))
all: $(TARS)
sha1sum $(^)
.INTERMEDIATE: test_%.tar
test_gnu_%.tar: tar.% list
./$(<) cf - -C test \
--transform="s#^\./#test-version/#" \
--numeric-owner --owner=0 --group=0 \
--mtime="$(DATE)" \
--format=gnu \
-T list \
>$(@)
test_posix_%.tar: tar.% list
./$(<) cf - -C test \
--transform="s#^\./#test-version/#" \
--numeric-owner --owner=0 --group=0 \
--mtime="$(DATE)" \
--format=posix \
-T list \
>$(@)
test_posix_paxoption_%.tar: tar.% list
./$(<) cf - -C test \
--transform="s#^\./#test-version/#" \
--numeric-owner --owner=0 --group=0 \
--mtime="$(DATE)" \
--format=posix \
--pax-option='delete=atime,delete=ctime,delete=mtime' \
--pax-option='exthdr.name=%d/PaxHeaders/%f,exthdr.mtime={$(DATE)}' \
-T list \
>$(@)
list: .FORCE
list: test
(cd test && find . -not -type d ) |LC_ALL=C sort >$(@)
LONG = L$$(for i in $$(seq 1 200); do printf 'o'; done)ng
test: .FORCE
test:
rm -rf test
mkdir -p test/bar
echo foo >test/Foo
echo bar >test/bar/Bar
ln -s bar/Bar test/buz
echo long >test/Very-$(LONG)-filename
ln test/Very-$(LONG)-filename \
test/short
.PRECIOUS: tar.%
tar.%: tar-%
cd $(<) && ./configure
$(MAKE) -C $(<)
install -m 0755 $(<)/src/tar $(@)
.PRECIOUS: tar-%
tar-%: tar-%.tar.gz
tar xzf $(<)
.PRECIOUS: tar-%.tar.gz
tar-%.tar.gz:
wget "https://ftp.gnu.org/gnu/tar/$(@)"
.FORCE:
clean:
rm -rf tar-* tar.* test_* test list
---8<------8<------8<------8<---
When we want to change the format of an archive we generate (e.g. those
we generate from git trees), the hashes of those archives will change.
To avoid any issue (e.g. an older Buildroot using newer archives, or the
other way around) that would conclude that the hashes do not match, we
want to change the filenames of the generated archives whenever we
change their format.
Introduce a new internal variable, specific to each site method, that we
can set to include a "format version" for the archives generated from
that site method.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
The .tar.gz default extension is historical, and we initially used
to only fetch tarballs from remote sites.
When we introduced downloads from VCS repositories, we kept that
extension, and kept compressing with gz, by lack of good reason to
switch to some other compression scheme.
However, nowadays, we will want to change the way we construct the
tarballs we generate from VCS. This will de facto change the hashes
of those tarballs.
So we will want that the archives we generate do not clash with the
existing ones, so we need another filename. Thus, we need a way to
be able to use a different extension when we generate archives from
VCS.
Use a macro as suggested by Arnout.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
The LLVM project has switched to using a monorepo to host all their
components. The separate, individual repositories have been closed
late 2020 / early 2021. The libclc repository is no longer.
Switch to using the libclc source from the llvm legacy and frozen
mirror.
Even though we could switch over to using the github helper, we just
keep using the git download method: it is a small repository, and it
will not impact people that were already using it.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Valentin Korenblit <valentinkorenblit@gmail.com>
Cc: Michael Opdenacker <michael.opdenacker@bootlin.com>
Acked-by: Romain Naour <romain.naour@gmail.com>
---
Changes v1 -> v2:
- keep everything as-is, just switch to the frozen mirror
The following commits:
- 7868289fd5 package/zic: bump version to 2020f
- c99374ecbb package/tzdata: bump version to 2020f
bumped the tzdata from version 2020a to 2020f. However, in 2020b, the
zic option '-y' was removed, and so was the yearistype.sh script [0].
This now spews annoying warnings:
warning: -y ignored
Fortunately, it still consumes its argument, so the missing yearistype.sh
is simply ignored.
Drop that option.
[0] https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
As stated in README.md, multipath-tools is covered by several licenses
and LGPL-2.0 is "just" the default license:
- GPL-2.0+ (e.g. libmultipath/alias.c)
- GPL-3.0+ (e.g. libdmmp/libdmmp.c)
- LGPL-2.1+ (e.g. libmpathcmd/mpath_cmd.c)
So replace COPYING (which is a symlink to LICENSES/LGPL-2.0) by the
approriate license files in LICENSES directory
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: further split long lines]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yair Ben-Avraham <yairba@protonmail.com>
[yann.morin.1998@free.fr:
- correctly fix build without lzma in an upstreamable fashion
- actually fix the build without udev
- depend on udev, not libudev (which does not exist)
- don't use += for the first variable assignment to _CONF_OPTS
- explicitly disable unsupported fuzz options
- add explicit optiopnal support for bash-completion
- drop useless comments about "features" and "booleans"
- fix alphabetical order in DEVELOPERS
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions
are vulnerable to a use-after-free bug in its TLS implementation. When
writing to a TLS enabled socket, node::StreamBase::Write calls
node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first
argument. If the DoWrite method does not return an error, this object is
passed back to the caller as part of a StreamWriteResult structure. This
may be exploited to corrupt memory leading to a Denial of Service or
potentially other exploits
- CVE-2020-8287: HTTP Request Smuggling in nodejs Affected versions of
Node.js allow two copies of a header field in a http request. For
example, two Transfer-Encoding header fields. In this case Node.js
identifies the first header field and ignores the second. This can lead
to HTTP Request Smuggling
- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js.
You can read more about it in
https://www.openssl.org/news/secadv/20201208.txt
Update the license hash for the addition of the (MIT licensed)
cjs-module-lexer module:
9eb1fa1924
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In libIEC61850 before version 1.4.3, when a message with COTP message
length field with value < 4 is received an integer underflow will happen
leading to heap buffer overflow. This can cause an application crash or
on some platforms even the execution of remote code. If your application
is used in open networks or there are untrusted nodes in the network it
is highly recommend to apply the patch. This was patched with commit
033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when
available. As a workaround changes of commit 033ab5b can be applied to
older versions.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Frotz is an interpreter for old Infocom adventures and other Z-code
games.
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes build error
output/host/opt/ext-toolchain/bin/../lib/gcc/aarch64-amd-linux-gnu/4.9.1/../../../../aarch64-amd-linux-gnu/bin/ld:
cannot find -latomic
using this defconfig
BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_AARCH64=y
BR2_PACKAGE_OPENSSL=y
libopenssl is only used here as an example: all packages adding -latomic
if BR2_TOOLCHAIN_HAS_LIBATOMIC=y are broken, like dav1d, ffmpeg, gnutls,
kodi and vlc.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
XorCurses is a remake of the 8-bit game 'Xor' by Astral Software.
Your task is to roam around a series of mazes where you have to
collect all blue masks before finding the exit. You have two 'shields'
(players) and you can use either one at any time and switch between
them. While the first level is simply a matter of navigation, the
following levels introduce further objects like bombs and teleports,
which have to be used right to solve the puzzles.
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Switch to upstream ATF of recent version to fix build with recently
updated mv-ddr. The vendor does not provide public access to newer ATF
versions anymore.
Bump U-Boot and kernel to fix dtc build on hosts with gcc 10.
Increase rootfs size. The default 60MB is not enough.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/948622614
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Don't add mbedtls support since it require a bundled and specific
version.
Keep experimental Python binding support disabled for now.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit switches the luasyslog package to use a fork of the
project that has good Lua 5.3 support.
This fork has a public repository on Github
(https://github.com/ntd/luasyslog/), and is available as a Lua Rock
(https://luarocks.org/modules/ntd/luasyslog), but unfortunately the
rockspec uses a build method that is not supported by the Buildroot
luarocks infrastructure. Therefore, we used the autotools build system
provided by this fork.
Because this fork has good support for Lua 5.3, the "Lua 5.3
compatibility" patch becomes useless and can be dropped.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The manual incorrectly refers to the script file as `setup-environment';
it is actually called `environment-setup'.
Signed-off-by: Konrad Schwarz <konrad.schwarz@siemens.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
linux-*/arch/arm/boot/dts/imx6ul.dtsi
requires the install of the sdma-imx6q.bin as stated in
line 727: fsl,sdma-ram-script-name = "imx/sdma/sdma-imx6q.bin";
without the BR2_PACKAGE_FIRMWARE_IMX_SDMA_FW_NAME being set to "imx6q"
line 102 of firmware-imx.mk does not install the firmware to to target
Signed-off-by: Rob Mellor <Rob.Mellor@ultra-pals.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Changes:
* Add JAS_VERSION_MAJOR, JAS_VERSION_MINOR, JAS_VERSION_PATCH for
easier access to the JasPer version.
* Fixes stack overflow bug on Windows, where variable-length
arrays are not available. (#256)
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
support/scripts/pkg-stats:81:22: E211 whitespace before '('
support/scripts/pkg-stats:404:1: E305 expected 2 blank lines after class or function definition, found 1
support/scripts/pkg-stats:561:12: E713 test for membership should be 'not in'
support/scripts/pkg-stats:567:1: E302 expected 2 blank lines, found 1
support/scripts/pkg-stats:595:1: E302 expected 2 blank lines, found 1
support/scripts/pkg-stats:1051:1: E302 expected 2 blank lines, found 1
support/scripts/pkg-stats:1057:1: E302 expected 2 blank lines, found 1
Also fix:
support/scripts/pkg-stats:1054:5: E722 do not use bare 'except'
found by a more recent flake8 version. The exception may be either
IndexError or AttributeError, so use Exception to catch either.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
move
http-client-body-temp-path
http-proxy-temp-path
http-fastcgi-temp-path
http-scgi-temp-path
http-uwsgi-temp-path
from /var/tmp/nginx to /var/cache/nginx
this allows the use of systemd constructs
LogsDirectory=nginx
CacheDirectory=nginx
to replace
ExecStartPre=/usr/bin/mkdir -p /var/log/nginx /var/tmp/nginx
as there isn't a similar construct for /var/tmp.
Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit improves pkg-stats to fill in pkg.status['cve'] depending
on the situation for CVEs affecting this package. They are then used
in the HTML rendering.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Virtual packages (with in pkg-stats speak have "no valid
infrastructure") and packages that have no version specified cannot be
used for CVE checking. They trigger a bunch of warnings from the CVE
checking code, as it cannot parse their version: they don't have any
version. So instead, we simply skip those packages.
A follow-up commit will improve the reporting to be able to
distinguish those packages from packages that have seen their CVEs
checked and don't have any reported.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit modifies cve.py, as well as its users cve-checker and
pkg-stats to support CPE ID based matching, for packages that have CPE
ID information.
One of the non-trivial thing is that we can't simply iterate over all
CVEs, and then iterate over all our packages to see which packages
have CPE ID information that match the CPEs affected by the
CVE. Indeed, this is an O(n^2) operation.
So instead, we do a pre-filtering of packages potentially affected. In
check_package_cves(), we build a cpe_product_pkgs dict that associates
a CPE product name to the packages that have this CPE product
name. The CPE product name is either derived from the CPE information
provided by the package if available, and otherwise we use the package
name, which is what was used prior to this patch.
And then, when we look at CVEs, we only consider the packages that
have a CPE product name matching the CPE products affected by the
CVEs. This is done in check_package_cve_affects().
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit improves the pkg-stats script to show the CPE ID of
packages, if available. For now, it doesn't use CPE IDs to match CVEs.
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Libarchive 3.5.1 is a bugfix release.
Update COPYRIGHT hash due to clarification about 'archive_entry.c' source
file:
- fde4660d7b
Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Link with libatomic if available.
Fixes:
- http://autobuild.buildroot.net/results/e0766eef95a2559d51e58d1a81a9c40df84ae509
.../build/quickjs-2020-11-08/quickjs.c:12229: undefined reference to `__atomic_fetch_xor_1'
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
- make it a generic variable, not tied to -latomic
- pass it in all step, like CROSS_PREFIX
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Set CMAKE_BUILD_TYPE to Release to avoid the following build failure
with glibc < 2.12:
/home/buildroot/autobuild/run/instance-1/output-1/build/libmdbx-0.9.2/mdbx.c:487:5: error: #warning "libmdbx was only tested with GLIBC >= 2.12." [-Werror=cpp]
# warning "libmdbx was only tested with GLIBC >= 2.12."
^~~~~~~
cc1: all warnings being treated as errors
Fixes:
- http://autobuild.buildroot.org/results/1a60b2c3d2f276f99a22da48e8e16fcf5744eba0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Leonid Yuriev <leo@yuriev.ru>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since its introduction in Buildroot in 2013 with commit 07203d78c2
(trace-cmd: new package), trace-cmd has declared installing in staging.
But trace-cmd is a generic-package, and has never, ever provided any
commands for staging installation.
Drop this declaration.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
rpcbind is only used by nfsd to export nfs share supporting older
v2, v3 protocols.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
- move the select to the corresponding symbol
- tweak the commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The layout of the pacakge direcotry has changed, as upstream has added
more than just trace-cmd in the repository (e.g. kernel-shark).
However, the buildsystem for trace-cmd is... unconventional:
- the top-level Makefile will recurse into the trace-cmd/
sub-directory, but does not pass any variable on the $(MAKE) command
line; instead, it exports them in the environment, e.g.:
export CFLAGS
- the top-level Makefile appends some definitions to CFLAGS et al.,
sometimes with a simple append-assignment, sometimes with an
overriden append-assignment, e.g.:
CFLAGS += -DVSOCK
override CFLAGS += -DNO_PTRACE
- the top-level Makefile does not export all the variables. For
example, LDFLAGS is not exported;
- the Makefile in the trace-cmd/ sub-directory expects some variables
to be set, which is done by the top-level Makefile.
As a consequence, we can no longer pass our variable definitions as make
variable defintions on the command line; we must pass them in the
environment. Note that for some, like CFLAGS, that would still work, but
it would not for others, like LDFLAGS; for consistency, we put all in
the environment.
We can however use the provided 'make install', that behaves as
expected. But we must repeat most environment variables; especially, we
duplicate TARGET_CONFIGURE_OPTS as it has PATH et al. which are needed
by the top-level Makefile to properly detect tools (e.g. swig), which it
uses to decide what it should install.
Drop upstreamed patch.
Update the licensing information: new license files have been added in a
sub-directory, and the top-level COPYING now only references those two
(rather than being the actual text of the GPL-2).
Use two spaces in hash file.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
[yann.morin.1998@free.fr:
- keep using a git clone
- unbreak the build:
- use the default make target rule, or the plugins and python
bindings be built at install time, with the host compiler
- use the default install target rule
- expand commit log:
- detail buildsystem issues
- add new license files and their hashes
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add -p argument that ignore that specified directory already exists.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr:
- split to its own patch
- rewrite commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add -p argument that ignore that specified directory already exists.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr:
- split to its own patch
- rewrite commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr:
- use $(INSTALL), not "mkdir -p + cp"
- split to its own patch
- rewrite commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add the new SAM9X60 Evaluation Kit with linux4sam_2020.04
components. Update README file with new defconfigs.
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since 2008 pcre is a hard-dependency of php:
aa64c6727c
Instead of optionally depending on the pcre2 package and building the
bundled pcre2 code of php in case BR2_PACKAGE_PCRE2 was not selected
we let php depend on pcre2.
While being at it rename the pcre-related configure option due to
upstream commit:
c1a22f3d4e
Fixes:
http://autobuild.buildroot.net/results/4a5/4a582af6b66c59a61b75a7047d8530202972ebdd/
because the pcre2 package already contains the fix for mips r6.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr: keep the JIT option]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Set GIT_EXECUTABLE to OFF to avoid the following build failure:
CMake Error at /home/fabrice/br-test-pkg/br-arm-cortex-a9-glibc/host/arm-buildroot-linux-gnueabihf/sysroot/usr/share/bctoolbox/cmake/bctoolboxCMakeUtils.cmake:162 (message):
invalid git describe version: ''
Call Stack (most recent call first):
CMakeLists.txt:125 (bc_compute_lib_version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 7d17ae2acf (.flake8: fix check for 80/132 columns) introduced a
difference in how flake8 behaves between the automatic checks done in
the CI, where the maximum line length is 132, and the local checks,
where the maximum line length is 80.
The rationale at the time was that we recommend 80 char lines, but that
we accept 132 when it makes sense for readability.
However, this is very annoying when running flake8 locally, because of
two reasons:
1. human reviews on python scripts have not been as thorough as we did
expect; indeed, we've let a lot of long lines slip through; this
causes a lot of spurious failures that hide away the actual errors;
2. when hacking on a python script, the issues reported will not be
caused by the current changes, so the many reported failures
actually hide away the newly introduced issues.
Additionally, our 'make check-flake8' rule already enforces the 132-char
limit, and the issues reported are different than when manually running
flake8 on individual files.
Furthermore, the readability rationale for the 80-char limit is
definitely shattered by the mere rationale of allowing 132-char limit
for... readability...
We've arrived to a point where this separation is causing our checks
around flake8 to become mostly unusable and useless, as they do not
report meaningful issues, and people are no longer paying attention, and
this has caused actual issues to be introduced.
Finally, terminal emulators of today have long lifted the 80-char limit,
and are more than capable of displaying 132-char wide lines.
Switch back to using a 132-char limit.
This reverts commit 7d17ae2acf.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
An 'else' or 'elif' clause inside a make conditional should not be indented
in the same way as the if/endif clause. check-package did not recognize the
else statement and expected an indentation.
For example:
ifdef FOOBAR
interesting
else
more interesting
endif
would, according to check-package, need to become:
ifdef FOOBAR
interesting
else
more interesting
endif
Treat 'else' and 'elif' the same as if-like keywords in the Indent test, but
take into account that 'else' is also valid shell, so we need to correctly
handle line continuation to prevent complaining about the 'else' in:
ifdef FOOBAR
if true; \
... \
else \
... \
fi
endif
We don't add the 'else' and 'elif' statements to start_conditional, because
it would cause incorrect nesting counting in class OverriddenVariable.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a menu entry to enable/disable jitterentropy library. Make it
enabled by default to preserve the old behavior.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Upstream ported the package to support python >= 3.6:
568ccbe6e1
Remove dependency to python-futures package because it was only needed
for python2.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 7105e65cd6 ("package/openvpn:
adds target install of systemd unit files") added the installation of
systemd unit files. But in fact, they can be installed by openvpn's
build system. It was simply not working due to the custom install step
implemented in openvpn.mk.
So instead, let's have the autotools-package infra call "make
install", which properly installs everything that's needed for
openvpn, including systemd units, but also plugins, etc.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
While bumping:
* removing upstreamed patches
* adding a dependency on libatomic_ops required by the newer version
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
François Perrad already has package/lua* associated to him in the
DEVELOPERS file, so it makes sense to have him as well associated to
all Lua test cases.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch adds libmdbx v0.9.2:
- libmdbx is one of the fastest compact embeddable key-value ACID database.
- libmdbx has a specific set of properties and capabilities,
focused on creating unique lightweight solutions.
- libmdbx surpasses the legendary LMDB (Lightning Memory-Mapped Database)
in terms of reliability, features and performance.
- https://github.com/erthink/libmdbx
Signed-off-by: Leonid Yuriev <leo@yuriev.ru>
[yann.morin.1998@free.fr: split long lines]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
gdb python support now uses Python3 if python3 is selected, otherwise
uses python(2) as before.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
[yann.morin.1998@free.fr: drop the gdb-python-config duplication]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The gdb-python-config simulates a python-2.7, with a hard-coded 2.7
version.
gdb also supports running with python3 nowadays, so prepare the wrapper
to return appropriate values.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
XML bomb protection for Python stdlib modules.
Signed-off-by: Simon Rowe <simon.rowe@citrix.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Dependency on threads comes from libllcp itself not from libusb (which
is not even selected)
While at it, also add a comment about this dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
[yann.morin.1998@free.fr: two spaces for license files in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit d82da39d55 forgot to move
BR2_PACKAGE_CA_CERTIFICATES condition under BR2_PACKAGE_LIBTASN1 to
avoid the following build failure:
checking if trust module is enabled... configure: WARNING: --with-libtasn1 is needed in order to build the trust module, disabling
no
checking for trust module paths... configure: error: need --enable-trust-module in order to specify trust module paths.
Fixes:
- http://autobuild.buildroot.org/results/e7f68205e1b776f9af34e6017f6eb17f46aa2f19
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Rebase on the mv-ddr-devel branch as the release branches are no longer
maintained.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Required in order to build properly with the latest stable release of
EDK2 UEFI firmware.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Additionally, fix the ldflags specification of the package version.
The "autogen" script does not actually configure anything anymore, and
instead exports a LDFLAGS environment variable which we can't
use. Instead, specify the version information via LDFLAGS directly in
the Buildroot makefile, similar to containerd and other packages.
While at it, fix the formatting of the hash file for the LICENSE file
hash.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
While at it, fix the formatting of the hash file for the LICENSE file
hash.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adds build targets for runc shims.
Removes the outdated and now unnecessary symlinks to docker-runc
docker-containerd etc as well.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In barebox v2020.09.0, kconfig has been updated to a newer version
based on Linux 5.9-rc2. As in linux, kconfig can call the compiler
to test its capabilities.
We have no way to know if a custom version would require it or not,
so we just unconditionally depend on the toolchain
Signed-off-by: Jules Maselbas <jmaselbas@kalray.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We're now using 2.32 as the default glibc version, so we no longer
need to use a special version for the ARC architecture.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for obsolete RPC was dropped in glibc 2.14 (2011-05-31), then
reinstated and marked obsolete in glibc 2.16 (2012-06-30), and finally
dropped for good in 2.32 (2020-08-04), which we are about to start
using.
In preparation for that, drop the usage of obsolete RPC support in
glibc.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: add a bit of history]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Same version as NXP release 5.4.70-2.3.0
- No changelog provided by NXP
- Tested on Nitrogen8M device with Weston (DRM backend) as follows:
# cd /usr/share/examples/viv_samples/vdk/
# ./tutorial7
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Same version as NXP release 5.4.70-2.3.0
- EULA/COPYING: update to LA_OPT_NXP_Software_License v17
- No changelog provided by NXP
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Same version as NXP release 5.4.70-2.3.0
- EULA/COPYING: update to LA_OPT_NXP_Software_License v17
- backend libraries have moved to separated folders
- can now be simply copied, no more symlink or -fb/wl/x11.so
- wayland backend was renamed from 'wl' to 'wayland'
- sed on headers for LINUX removed as packages now expected to use
pkgconfig files properly (just like fb fixup was removed)
Key Improvements (from NXP changelog):
- GLES CTS 3.2.6.1
- Vulkan 1.1.6
- OpenVX 1.2
- GPU & NPU accelerated ML support
- OpenCV 4.2
- Chromium v74
- Support for renderdoc 1.7
- Support for TFlite 2.2
- NNCTS 1.2
- Vulkan backend support for Unity
Fixes: afbeed5d17 ("package/freescale-imx/imx-gpu-viv: bump version to
6.4.3.p0.0")
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With the introduction of gdb 10.1, we now have four versions of gdb
supported, so let's drop support for the oldest.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Now that we have added gdb 10.1, let's switch to using gdb 9.2 as the
default version.
Noe that there previously was a discrepancy between the default when a
host gdb was enabled, and when it was not: in the ofrmer case, the
default was 8.3.x, while for the latter it was 8.2.x. Now both are
aligned to 9.2.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: add blurb about previous version discrepancy]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
All patches from gdb 9.2 are kept, except
0006-sim-ppc-Fix-linker-error-with-fno-common.patch which is
upstream. The other patches are rebased to accommodate some code
re-organization in gdb 10.x, especially the move of the gdbserver code
from gdb/gdbserver/ to gdbserver/.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Starting with glibc-2.32, the RPC code has been removed from
glibc [0], and it is not possible anymore to enable it, even
with the --enable-obsolete-rpc configure option (which was
also removed).
riscv32 and arc both use a glibc 2.32+ so do not forcefully
enable native RPC for them.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The logic in gen-bootlin-toolchains was assuming all glibc toolchains
have RPC support, which is no longer true since glibc 2.32 has dropped
RPC support.
It turns out that gen-bootlin-toolchains already had some proper logic
that selects BR2_TOOLCHAIN_HAS_NATIVE_RPC depending on the presence of
BR2_TOOLCHAIN_EXTERNAL_INET_RPC in the toolchain fragment. As such
toolchain fragments have been fixed in https://toolchains.bootlin.com,
we can now rely on this to properly decide if the toolchain has RPC
support or not.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
[yann.morin.1998@free.fr:
- fix filename for sha256 entry
- two spaces in hash file
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
It was originally added in 6dc861f2a2 ("libtirpc: new package")
for libtirpc 0.2.2 (8 years ago). It might have been fixed in
5f00f8c ("Remove dependency to nis.h"), released in 1.0.2.
Testing with test-pkg shows the only failure for br-riscv32:
RPC support not available in C library, please disable
BR2_TOOLCHAIN_EXTERNAL_INET_RPC
But test fails with the same error even when this patch is kept.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Use a more generic template for SysV init script, similar to packages
like syslog-ng. This includes adding support for both reload and
restart. Add support for sourcing /etc/default/connmand file, so that
new commandline arguments can be added more easily.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The upstream git tree has disappeared, but a ZIP file is still hosted
somewhere at NXP. The content of that zip file has been verified to be
100% identical to the tarball we hosted on s.b.o.
As this is a zip file, we can't use the generic extract commands, and
must come up with our own. As such, it no longer makes sense to fix the
CRLF as a post-extract hook; this is moved to the extract command.
Add a hash file while at it.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
With 1.10, building without libnuma is no longer supported (upstream
commit 240938737e: rt-tests: cyclictest: Remove support for compiling
without NUMA)
So, revert 7e90744e6 (package/rt-tests: make numactl an optional
dependency) while bumping to rt-test 1.10.
Signed-off-by: Florian La Roche <Florian.LaRoche@gmail.com>
[yann.morin.1998@free.fr: reintroduce dependency on numactl]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This variable can be used by package to pass extra environment
variables to the download logic. It will be used for the Go/Cargo
vendoring.
The <pkg>_DL_ENV variable is intentionally not documented: at this
point, it is not meant to be used by packages directly, but only by
package infrastructures.
Suggested-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: move the two _ENV variables to the same line]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for the jitterentropy lib is added by the services/entropyd
module in the SELinux refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for the iputils is added by the admin/netutils module in the
SELinux refpolicy for the following tools :
- arping
- ping
- tracepath
- traceroute6
Support for rdisc is added by services/rdisc.
Support for tftpd is added by services/tftp.
Note: listing the same SELinux module multiple times is OK, as the list
of modules is eventually $(sort)ed anyway.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
[yann.morin.1998@free.fr: simplifications to only use positive logic]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for wpa_supplicant is added by the services/networkmanager
module in the SELinux refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for NetworkManager is added by the services/networkmanager
module in the SELinux refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Support for iwd and its configuration files is added by the
services/networkmanager module in the SELinux refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
typing_extensions package is needed starting from aiohttp v3.7.1.
While at it sort all dependencies alphabetically.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As of meson 0.56.0, `<lang>_args` and `<lang>_link_args` in the
`[properties]` section are deprecated and should be placed in the
`[built-in options]` section instead.
Source: https://mesonbuild.com/Machine-files.html#properties
Fixes the following deprecation warnings:
> DEPRECATION: c_args in the [properties] section of the machine file is deprecated, use the [built-in options] section.
> DEPRECATION: c_link_args in the [properties] section of the machine file is deprecated, use the [built-in options] section.
> DEPRECATION: cpp_args in the [properties] section of the machine file is deprecated, use the [built-in options] section.
> DEPRECATION: cpp_link_args in the [properties] section of the machine file is deprecated, use the [built-in options] section.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, rt-tests don't show up in menuconfig and cannot be built if
BR2_PACKAGE_NUMACTL_ARCH_SUPPORTS is not available for the target
architecture. In such a case numactl is also not available what
applies for most small embedded targets.
This dependency was introduced with commit 7f50cbfb80
("package/rt-tests: bump to version 1.8")
But rt-tests can also be build without numactl when passing NUMA=0 to make.
This possibility is documented on
https://wiki.linuxfoundation.org/realtime/documentation/howto/tools/rt-tests
So this commit changes rt-tests to handle numactl as an optional
dependency.
Signed-off-by: Andreas Klinger <ak@it-klinger.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This adds generic firmware for USB TI 3410/5052 devices and a couple of
device specific firmwares.
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the folloing build failure with protobuf (enabled since commit
31c68a449e) and gcc 5.3.0:
[ 53%] Building CXX object modules/dnn/CMakeFiles/opencv_dnn.dir/opencv-caffe.pb.cc.o
In file included from /home/peko/autobuild/instance-1/output-1/per-package/opencv3/host/opt/ext-toolchain/mips64el-buildroot-linux-uclibc/include/c++/5.5.0/atomic:38:0,
from /home/peko/autobuild/instance-1/output-1/per-package/opencv3/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/google/protobuf/io/coded_stream.h:115,
from /home/peko/autobuild/instance-1/output-1/build/opencv3-3.4.12/buildroot-build/modules/dnn/opencv-caffe.pb.h:23,
from /home/peko/autobuild/instance-1/output-1/build/opencv3-3.4.12/buildroot-build/modules/dnn/opencv-caffe.pb.cc:4:
/home/peko/autobuild/instance-1/output-1/per-package/opencv3/host/opt/ext-toolchain/mips64el-buildroot-linux-uclibc/include/c++/5.5.0/bits/c++0x_warning.h:32:2: error: #error This file requires compiler and library support for the ISO C++ 2011 standard. This support must be enabled with the -std=c++11 or -std=gnu++11 compiler options.
#error This file requires compiler and library support \
^
Fixes:
- http://autobuild.buildroot.org/results/7caf175af039054a032b8f63b458b3940d9ec0f3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenCV-3's buildsystem will try to detect ccache and use it if
available. This may yield a system-installed ccache.
However, in Buildroot, ccache is entirely hidden away and handled in the
toolchain wrapper.
Forcibly disable detection of ccache.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The imx-gpu-viv install libOpenCL.so.1.2 library and cl.h header,
so declare it as a libopencl provider.
With this support we can select the clinfo package provided by
Buildroot instead of the one provided by imx-gpu-viv package.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add all configure options through DHCP_CONFIG_OPTS and avoid splitting
lines when they are less than 80 characters
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With BR2_RELRO_PARTIAL or BR2_RELRO_FULL, our toolchain wrapper will
forcibly add -Wl,-z,relro to any call to the actual compiler. This
usually works OK, because gcc will only use those options it needs for
the compile step it has to carry: pre-processing, compiling, assembling,
or linking, and ignore those options it does not need.
Excpt in one case: when -v is passed standalone, with no input file,
then gcc will falsely believe it has to do a link stage;
$ gcc -Wl,-z,relro -v
[...]
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/9/../../../x86_64-linux-gnu/Scrt1.o: in function `_start':
(.text+0x24): undefined reference to `main'
collect2: error: ld returned 1 exit status
Fixing that in our wrapper will not be easy, because we'd have to detect
there is no input file. Doing so would probably require we support
almost all gcc options to differentiate between the parameter of an
option (e.g. -I /some/path) from an actual inpout file. This would not
be very robust, and would have a high risk od breaking when we introduce
the next gcc version.
Since it seems that only rhash is affected, due to its inventive,
custom, hand-written configure script, we just patch it to be a bit more
robust in the face of a compiler that could not accept -v, and fallback
to --version.
Fixes:
- http://autobuild.buildroot.org/results/8605c16cc28316954ce8b9dcc266974390c5da20
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- retain "$CC -v" as default, fallback to "$CC --version", in the hope
that it stands better chance with upstream
- write a commit log to explain the actual root-cause of the build
failure
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Multi format codec (MFC) is the IP present in Samsung Exynos series SoCs
for video encoding/decoding operations.
Signed-off-by: Stefan Agner <stefan@agner.ch>
[yann.morin.1998@free.fr: add all FW versions]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In buildroot, stripping for the target is configured and implemented
with the global `BR2_STRIP_strip` option that drive the stripping in
the target-finalize step.
So, we explicitly disable stripping at build time for the target
variants.
For the host variants, however, we don't much care about symbols and
stuff, but smaller executables will hopefully load faster than bigger
ones (disputable, given that sections in ELF files are paged-in
on-demand), so we explictly enable stripping.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[yann.morin.1998@free.fr:
- add burb about the target-finalize step
- enable stripping for host variants
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
quazip requires cmake 3.15 since version 1.0 and
89e7c201f0818adc8224
The rationale for this requirement is that "default locations for the
install(TARGETS command based on the GNUInstallDirs package were only
added in 3.14" and "3.15 is not that much of a difference from 3.14 and
it introduced a lot of useful UI improvements.":
https://github.com/stachenov/quazip/issues/82
Fixes:
- http://autobuild.buildroot.org/results/5d848a46109aef448ea1d1b857a500d9461dc2d9
Note: we also have some patches to allow some packages to build with
cmake-3.10, and this will not be tenable over the long run.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: add the "note"]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes:
- http://autobuild.buildroot.net/results/966a3de94aa97fa8e9895eede29c9cbfb4bd7301
.../host/lib/gcc/arm-buildroot-linux-musleabihf/9.3.0/../../../../arm-buildroot-linux-musleabihf/bin/ld: warning: libisccfg.so.163, needed by ../../lib/bind9/.libs/libbind9.so, not found (try using -rpath or -rpath-link)
.../host/lib/gcc/arm-buildroot-linux-musleabihf/9.3.0/../../../../arm-buildroot-linux-musleabihf/bin/ld: ../../lib/bind9/.libs/libbind9.so: undefined reference to `cfg_obj_line'
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Peter: replace by upstream patches]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2020-25692: A NULL pointer dereference was found in OpenLDAP server
and was fixed in openldap 2.4.55, during a request for renaming RDNs. An
unauthenticated attacker could remotely crash the slapd process by sending
a specially crafted request, causing a Denial of Service.
- CVE-2020-25709: Assertion failure in CSN normalization with invalid input
- CVE-2020-25710: Assertion failure in CSN normalization with invalid input
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Peter: add CVE info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Includes security fixes up to XSA-359:
XSA-345: x86: Race condition in Xen mapping code
XSA-346: undue deferral of IOMMU TLB flushes
XSA-347: unsafe AMD IOMMU page table updates
XSA-348: undue recursion in x86 HVM context switch code (CVE-2020-29566)
XSA-351: Information leak via power sidechannel (CVE-2020-28368)
XSA-352: oxenstored: node ownership can be changed by unprivileged clients
(CVE-2020-29486)
XSA-353: oxenstored: permissions not checked on root node (CVE-2020-29479)
XSA-355: stack corruption from XSA-346 change
XSA-356: infinite loop when cleaning up IRQ vectors (CVE-2020-29567)
XSA-358: FIFO event channels control block related ordering (CVE-2020-29570)
XSA-359: FIFO event channels control structure ordering (CVE-2020-29571)
And drop now upstreamed security patches.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2020-8277: Denial of Service through DNS request (High). A Node.js
application that allows an attacker to trigger a DNS request for a host of
their choice could trigger a Denial of Service by getting the application
to resolve a DNS record with a larger number of responses.
https://nodejs.org/en/blog/release/v12.19.1/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The commit [1] added this option a second time.
Remove the first occurence.
Fixes:
configs/nitrogen6x_defconfig:31:warning: override: reassigning to symbol BR2_PACKAGE_HOST_UBOOT_TOOLS
[1] 6ea9f662a0
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This will avoid the following build failure with xtensa:
[ 62%] Linking CXX executable ../../guids_test
[ 62%] Building CXX object retrace/CMakeFiles/retrace_common.dir/retrace.cpp.o
CMakeFiles/guids_test.dir/guids_test.cpp.o:(.debug_line+0xf7b): dangerous relocation: overflow after relaxation
collect2: error: ld returned 1 exit status
lib/guids/CMakeFiles/guids_test.dir/build.make:85: recipe for target 'guids_test' failed
Fixes:
- http://autobuild.buildroot.org/results/8fea93a88bb34e98e391a048c3b996b45ebac803
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In a Linux system without IPv6 support (or booted with "ipv6.disable=1")
file /proc/net/snmp6 is not present. If such file is not present an allocated
memory is not freed. Memory leak occurs even without snmp queries.
Problem seen at least since netsnmp 5.7.3 (probably even v5.6.1).
Patch backported from netsnmp 5.9, where the problem does not appear any more.
Signed-off-by: Adam Wujek <dev_public@wujek.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add xf86drm.c as the license file and while at it, update the indentation
in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that
$ssl_force_tls was processed if an IMAP server's initial server response
was invalid. The connection was not properly closed, and the code could
continue attempting to authenticate. This could result in authentication
credentials being exposed on an unencrypted connection, or to a
machine-in-the-middle.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_PACKAGE_QT5BASE_OPENSSL was dropped by commit 4be1f9b9873
(package/qt5enginio: drop qt 5.6 support), but python-pyqt5 not updated to
match. Fix that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2020-29599: ImageMagick before 6.9.11-40 and 7.x before
7.0.10-40 mishandles the -authenticate option, which allows setting a
password for password-protected PDF files. The user-controlled password
was not properly escaped/sanitized and it was therefore possible to
inject additional shell commands via coders/pdf.c.
- Update license hash (correct wording to match Apache 2 license:
45e5d2493c)
https://github.com/ImageMagick/ImageMagick/blob/7.0.10-51/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2019-14318: Crypto++ 8.2.0 and earlier contains a timing side
channel in ECDSA signature generation. This allows a local or remote
attacker, able to measure the duration of hundreds to thousands of
signing operations, to compute the private key used. The issue occurs
because scalar multiplication in ecp.cpp (prime field curves, small
leakage) and algebra.cpp (binary field curves, large leakage) is not
constant time and leaks the bit length of the scalar among other
information. For details, see:
https://github.com/weidai11/cryptopp/issues/869
- Update license hash due to the addition of ARM SHA1 and SHA256 asm
implementation from Cryptogams
1a63112faf4c9ca6b723https://www.cryptopp.com/release830.html
[Peter: adjust CVE info, issue is fixes in 8.3.0]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This allows to build against newer kernels (up to 5.10).
Added support for new HW (Edimax EW-7811Un V2, RTL8188FU, MERCUSYS
MW150US v2, various RTL8188CE)
Tested on kernel v5.9.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The host-ncurses install step attempts to run ldconfig, causing a permission
failure:
cd /buildroot/output/host/lib && (ln -s -f libncurses.so.6.0 libncurses.so.6; ln -s -f libncurses.so.6 libncurses.so; )
test -z "" && /sbin/ldconfig
/sbin/ldconfig: Can't create temporary cache file /etc/ld.so.cache~: Permission denied
make[3]: [/buildroot/output/host/lib/libncurses.so.6.0] Error 1 (ignored)
The error is non-fatal and ignored, but confusing.
The ncurses makefiles already avoid calling ldconfig when DESTDIR is set
(target case) but for host-ncurses DESTDIR is empty and the output/host path
is passed via --prefix.
Pass an empty ac_cv_path_LDCONFIG to the configure step, so than ldconfig is
not called.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The 'opkg.py' script installed by host-opkg-utils has as shebang:
#!/usr/bin/env python3
which may not be available on all host machines.
Add a potential dependency on host-python3 via BR2_PYTHON3_HOST_DEPENDENCY,
which will only add the host-python3 dependency if no python3 is already
available on the host.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
His e-mail has been bouncing for quite a while:
<sunsetbrew@sunsetbrew.com>: connect to
sunsetbrew.com[2a05:d014:9da:8c10:306e:3e07:a16f:a552]:25: Network is
unreachable
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
His e-mail has been bouncing for quite a while:
<owen@walpole.dev>: connect to mail.walpole.dev[99.91.194.115]:25: Connection
timed out
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When BR2_PER_PACKAGE_DIRECTORIES=y, $(TARGET_DIR) is evaluated as
$(BASE_DIR)/target, but $$(TARGET_DIR) is evaluated as
$(BASE_DIR)/per-package/$(PKG)_NAME/target.
Signed-off-by: Tian Yuanhao <tianyuanhao@aliyun.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When building for an ARMv8 in 32-bit, Go does not yet support ARMv8
optimizations (see issue: https://github.com/golang/go/issues/29373)
but can still benefit from ARMv7 optimizations.
Signed-off-by: Michael Baudino <michael@baudi.no>
[yann.morin.1998@free.fr:
- move the comment to its own line, expand and reword it a bit
- reword the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit fixes a typo in variable names that caused CC and CXX
environment variables to be empty.
Signed-off-by: Michael Baudino <michael@baudi.no>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Starting with CMake 3.4 CMake supports setting a compiler launcher
like ccache. The feature is described in
https://cmake.org/cmake/help/latest/variable/CMAKE_LANG_COMPILER_LAUNCHER.html
This should be safe since everything is built for the host using make or ninja.
The use of *_ARG1 is discouraged by the cmake developers
https://cmake-developers.cmake.narkive.com/OTa9EKfj/cmake-c-compiler-arg-not-documented .
Without this patch I get the following error message with CMake 3.19.1 on Arch Linux.
Disabling BR2_CCACHE also resolves the issue.
/usr/bin/cmake [~]/buildroot/build/host-lzo-2.10/ -DCMAKE_INSTALL_SO_NO_EXE=0 -DCMAKE_FIND_ROOT_PATH="[...]" -DCMAKE_FIND_ROOT_PATH_MODE_PROGRAM="BOTH" -DCMAKE_FIND_ROOT_P
ATH_MODE_LIBRARY="BOTH" -DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE="BOTH" -DCMAKE_INSTALL_PREFIX="[...]" -DCMAKE_C_FLAGS="-O2 -I[...]/include" -DCMAKE_CXX_FLAGS="-O2 -I[...]/include" -DCMAKE_EXE_LINKER_FLAGS="-L[...]/lib -Wl,-rpath,[...]/lib" -DCMAKE_SHARED_LINKER_FLAGS="-L[...]/l
ib -Wl,-rpath,[...]/lib" -DCMAKE_ASM_COMPILER="/usr/bin/as" -DCMAKE_C_COMPILER="[...]/bin/ccache" -DCMAKE_CXX_COMPILER="[...]/bin/ccache"
-DCMAKE_C_COMPILER_ARG1="/usr/bin/gcc" -DCMAKE_CXX_COMPILER_ARG1="/usr/bin/g++" -DCMAKE_COLOR_MAKEFILE=OFF -DBUILD_DOC=OFF -DBUILD_DOCS=OFF -DBUILD_EXAMPLE=OFF -DBUILD_EXAMPLES=OFF -DBUILD_TEST=OFF -DBUILD_TESTS=OFF -DBUILD_TESTING=O
FF -DENABLE_SHARED=ON -DENABLE_STATIC=OFF )
-- The C compiler identification is unknown
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - failed
-- Check for working C compiler: [...]/bin/ccache
-- Check for working C compiler: [...]/bin/ccache - broken
CMake Error at /usr/share/cmake-3.19/Modules/CMakeTestCCompiler.cmake:66 (message):
The C compiler
Signed-off-by: Bernd Amend <bernd.amend@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Tested-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This is really only for QoriQ SoCs. Also the upstream package - despite
its base name of the git repository - is "qoriq-components/rcw". Thus
rename it to a more specify package name.
Note that there are other rcw implementations for other platforms, and
each implementation only applies to that specific platform; it hus does
not make sense that there are more than one rcw enabled at the same
time; so we keep using /usr/share/rcw as the install location; this also
help backward compatibility with existing post-build scripts.
Signed-off-by: Changming Huang <jerry.huang@nxp.com>
Cc: Michael Walle <michael@walle.cc>
[yann.morin.1998@free.fr:
- rebase on master
- incorporate changes by Michael
- don't move to an 'nxp' sub-directory
- reword the legacy entry; select the new package
- expand commit log to explain why we keep installing in
host/usr/share/rcw/ (thanks to Michael for prompting that)
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Remove the note about non-working network. This was actually fixed with
linux kernel 5.9. This board is now on 5.10.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release. Drop the now upstreamed patches and add 3 new post-2.0.2
patches from the fixes branch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.15.6 (released 2020/12/03) includes fixes to the compiler, linker, runtime,
the go command, and the io package.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
TF-A supports stack smashing protection (-fstack-protector-*).
However, that feature is currently silently disabled because
ENABLE_STACK_PROTECTOR is not set during build time.
As documented in the TF-A user guide, the flag ENABLE_STACK_PROTECTOR
is required to enable stack protection support. When enabled the symbols
for the stack protector (e.g. __stack_chk_guard) are built.
This needs to be done because TF-A does not link against an external
library that provides that symbols (e.g. libc).
So in case we see that BR2_SSP_* is enabled, let's enable the corresponding
ENABLE_STACK_PROTECTOR build flag for TF-A as documented in the TF-A user guide.
This patch also fixes a the following linker errors with older TF-A versions
if BR2_SSP_* is enabled (i.e. -fstack-protector-* is used as compiler flag)
and ENABLE_STACK_PROTECTOR is not set, which are caused by the missing
stack protector symbols:
[...]
params_setup.c:(.text.params_early_setup+0xc): undefined reference to `__stack_chk_guard'
aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x14): undefined reference to `__stack_chk_guard'
aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x104): undefined reference to `__stack_chk_guard'
aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x118): undefined reference to `__stack_chk_fail'
aarch64-none-linux-gnu-ld: ./build/px30/release/bl31/pmu.o: in function `rockchip_soc_sys_pwr_dm_suspend':
pmu.c:(.text.rockchip_soc_sys_pwr_dm_suspend+0xc): undefined reference to `__stack_chk_guard'
[...]
TF-A releases after Nov 2019, that include 7af195e29a4, will circumvent
these issue by explicitliy and silently disabling the stack protector
by appending '-fno-stack-protector' to the compiler flags in case
ENABLE_STACK_PROTECTOR is not set.
Tested on a Rockchip PX30 based system (TF-A v2.2 and upstream/master).
Signed-off-by: Christoph Müllner <christoph.muellner@theobroma-systems.com>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Commit 78dc1f185b forgot to update the
license file from COPYING to LICENSE.
Here is an extract of the ChangeLog for Nmap 7.90 [2020-10-03]:
Upgraded the Nmap license form a sort of hacked-up version of GPLv2 to a
cleaner and better organized version (still based on GPLv2) now called
the Nmap Public Source License to avoid confusion. See
https://nmap.org/npsl/ for more details and annotated license text. This
NPSL project was started in 2006 (community discussion here:
https://seclists.org/nmap-dev/2006/q4/126) and then it lost momentum for
7 years until it was restarted in 2013
(https://seclists.org/nmap-dev/2013/q1/399) and then we got distracted
by development again. We still have some ideas for improving the NPSL,
but it's already much better than the current license, so we're applying
NPSL Version 0.92 to the code now and can make improvements later if
needed. This does not change the license of previous Nmap releases.
Fixes:
- http://autobuild.buildroot.org/results/8cef6a5e99ae341cced405a389346e2faccf6eec
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patch '0001-fix-compile-time-atomic-detection.patch' claims to be Merged but
this is not true. The linked issue is closed with 'Needs information', and
the code itself is effectively not merged.
Clarify the 'Upstream-status' line to make this more clear.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
* 4.6.2: A vulnerability (CVE-2020-27783) was discovered in the HTML Cleaner
by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner now
removes more sneaky "style" content.
* 4.6.1: A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry,
which allowed JavaScript to pass through. The cleaner now removes more
sneaky "style" content.
For more details, see the changes file:
https://github.com/lxml/lxml/blob/lxml-4.6.2/CHANGES.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A new major version, see the announcement for details:
https://mosquitto.org/blog/2020/12/version-2-0-0-released/
License has now changed to v2.0 of the Eclipse Public License, so update the
license info and hashes to match.
There is now optional cJSON support, so handle that.
Add upstream post-2.0.0 patches fixing build with cJSON and without TLS
support.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2020-27207: Zetetic SQLCipher 4.x before 4.4.1 has a
use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in
sqlite3.c. A remote denial of service attack can be performed. For
example, a SQL injection can be used to execute the crafted SQL command
sequence. After that, some unexpected RAM data is read.
https://www.zetetic.net/blog/2020/11/25/sqlcipher-442-release
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Propagate the fmt dependency on wchar.
Fixes:
- http://autobuild.buildroot.net/results/814b0f9c3df0076791ca73579b844ef4d56f13c3
[ 66%] Building CXX object CMakeFiles/fmt.dir/src/os.cc.o
In file included from .../build/fmt-7.1.3/include/fmt/os.h:26,
from .../build/fmt-7.1.3/src/os.cc:13:
.../build/fmt-7.1.3/include/fmt/format.h:1139:8: error: 'wstring' in namespace 'std' does not name a type
std::wstring str() const { return {&buffer_[0], size()}; }
^~~~~~~
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Currently, the ti-sgx packages and the beaglebone_qt5_defconfig do
not work with KMS nor Weston. What's worse, is the latest SDK version
06.03.00.106 (as of this commit) of these packages is broken and does
not correctly support KMS, and attempting to run KMS applications
results in eglfs initialization failures. As such, bumping these
packages to the version before 06.03.00.106 is the best option.
Because of the above problems, several packages must change at the
same time to ensure this patch does not break any other packages:
- ti-sgx-libgbm
- dropped, merged into ti-sgx-um, see below
- ti-sgx-um:
- bump the version that matches TI SDK 06.01.00.08.
- demove select BR2_PACKAGE_TI_SGX_LIBGBM in Config.in, as the libgbm
package merges ti-sgx-libgbm with this package.
- ti-sgx-km:
- bump the version that matches TI SDK 06.01.00.08.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Tested-by: Markus <zehnder@live.com>
[yann.morin.1998@free.fr:
- actually switch qt5base to use ti-sgx-um
- split the beaglebone config changes to their own patch
- split the ti-sgx-demos changes to their own patch
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Weston does not work with the ti-sgx SDK, so switch to using the
KMS-based demos.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr: split off into its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
weston does not work on the ti-sgx SDK, so switch to using KMS directly,
and drop the wayland-related config options.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr: split into its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Chnage hash file license marker to the more usual 'Hashes for
license files' text.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The hash of the license file is changed due to:
-Copyright (c) 2008-2019 Andrey Petrov and contributors (see CONTRIBUTORS.txt)
+Copyright (c) 2008-2020 Andrey Petrov and contributors (see CONTRIBUTORS.txt)
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changes:
* Fix CVE-2020-27828, heap-overflow in cp_create() in jpc_enc.c
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The configure script now runs 'make ready'. Drop it from BUILD_CMDS.
Refresh the musl support path.
Upstream now provides sha256 hashes. Format hashes with two spaces.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The Qt KNX module implements the client side of a connection between a
client and a KNXnet/IP server.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The Qt MQTT module provides a standard compliant implementation of the
MQTT protocol specification.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some qmake based packages need to call the syncqt.pl script before
building to have a properly populated "include" directory inside the
package build tree.
This script is normally automatically executed by qmake when a source
tree is from a git clone: buildroot purges the .git directory hence
the script never runs, and we need to call it explicitly. Setting
<pkg>_SYNC_QT_HEADERS = YES will force calling this script.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When tags was added by commit 011206b2bf
to detect the qemu command line, the qemu_arm_vexpress_tz_defconfig
was ignored due to a build issue.
This build issue has been fixed by previous patches, so we can
enable the runtime testing by adding the tag in the readme.txt
and the post-image script in the defconfig.
Since Qemu from HOST_DIR is now executed directly from BINARIES_DIR,
we can remove all the string before "qemu-system-*".
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Usually the qemu command line start directly with "qemu-system-<arch> ...".
But the command line for qemu_arm_vexpress_tz_defconfig start by doing
"cd output/images && ../host/bin/qemu-system-arm". This is necessary
since boot binaries, except BL1, are primarily loaded via semi-hosting
so all binaries has to reside in the same directory as QEMU is started
from [1].
To order to handle this case correctly, update the post-image.sh used
by all qemu defconfigs to execute qemu from BINARIES_DIR.
Since we have to change the current directory use a subshell to
restore the current directory after Qemu execution.
[1] 4ebbea9592/docs/plat/qemu.rst
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When boot-qemu-image.py script was added, we wanted to run
each qemu defconfig in gitlab, so we expect that all qemu
defconfig generate the script start-qemu.sh in images
directory.
Don't make it a hard requirement even if we prefer to be
able to do a runtime test for each qemu defconfig.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which
allows access by actors other than the current user.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fix CVE-2020-25412: com_line() in command.c in gnuplot 5.4 leads to an
out-of-bounds-write from strncpy() that may lead to arbitrary code
execution.
- Drop second patch (already in version)
- Update indentation in hash file (two spaces)
http://gnuplot.info/ReleaseNotes_5_4_1.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2020-15257: Access controls for the shim’s API socket verified that
the connecting process had an effective UID of 0, but did not otherwise
restrict access to the abstract Unix domain socket. This would allow
malicious containers running in the same network namespace as the shim,
with an effective UID of 0 but otherwise reduced privileges, to cause new
processes to be run with elevated privileges.
For more details, see the advisory:
https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Bump to the latest kernel v5.9.11 and require openssl.
- Switch to PSCI for bringing up the secondary CPUs.
- Switch to GICv3.
- Update the instruction in the readme.txt to use the latest FVP v8
Foundation Platform 11.12 build 38, and to start 4 cores in SMP.
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fix the download url to reflect upstream website changes.
- Fix line numbers in patch 0001.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
upstream is finally using include_lib to include libraries. Adapt the patch
accordingly.
The hash of the license file has changed, due to:
-Copyright 2002-2019 ProcessOne SARL
+Copyright 2002-2020 ProcessOne SARL
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The rebar.config.script file adds a dependency to base64url package. Since we remove
all rebar dependencies, add a patch to remove such dependency. Otherwise rebar would
try to download it during the build.
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The license file hash has changed due to:
-Copyright 2002-2019 ProcessOne SARL
+Copyright 2002-2020 ProcessOne SARL
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The license file hash has changed due to:
-Copyright 2002-2019 ProcessOne SARL
+Copyright 2002-2020 ProcessOne SARL
Signed-off-by: Johan Oudinet <johan.oudinet@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libcap builds an incorrect libcap.pc because libdir is pulled from the
host os:
ifndef lib
lib=$(shell ldd /usr/bin/ld|egrep "ld-linux|ld.so"|cut -d/ -f2)
endif
Fix this error by passing lib=lib and prefix in
{HOST_LIBCAP,LIBCAP}_BUILD_CMDS
Fixes:
- https://bugs.buildroot.org/show_bug.cgi?id=13276
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
* CVE-2020-14360 / ZDI CAN 11572 XkbSetMap Out-Of-Bounds Access
Insufficient checks on the lengths of the XkbSetMap request can lead to
out of bounds memory accesses in the X server.
* CVE-2020-25712 / ZDI-CAN-11839 XkbSetDeviceInfo Heap-based Buffer Overflow
Insufficient checks on input of the XkbSetDeviceInfo request can lead to a
buffer overflow on the head in the X server.
For more details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/12/01/3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- remove 0001-fix-compiler-errors-with-gcc-10.patch
(upstream)
- remove 0002-added-include-string-to-card.h-to-follow-gcc10-porti.patch
(upstream)
- convert to meson
- add patch to use system fmt instead of git submodule (fixes
configure 'ERROR: Include dir ext/fmt/include does not exist.')
- add patch to use system pybind11 instead of git submodule (fixes
configure 'ERROR: Include dir ext/pybind11/include does not exist.')
- add patch to use python only if pykms is enabled (fixes
configure 'ERROR: Dependency "pybind11" not found, tried pkgconfig')
- add optional libevdev dependency (needed for utils/kmstouch)
- update LICENSE file hash (replaced short copyright notice and
link to http://mozilla.org/MPL/2.0/ with complete license text)
- lift toolchain headers requirement to at least 4.11 (include
linux/dma-buf.h)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
While bumping, removing upstreamed patches. Removing also autoreconf
step cause we are not patching it anymore.
License hash is changed due to remove of notice for file
filter/sys5ippprinter.c.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
linux-firmware version 20201022 introduced a new sdio firmware for
QCA9377 sdio devices. Install it when support is selected.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
For readability, this reformatting is done in a separate commit, as this
package contains many license files.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Exporting ARCH and KERNELDIR makes easier to compile an external kernel
or out of tree kernel modules.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
From the release notes:
- Security/Reliability:
- Fixed memory leaks when a response is buffered and the buffer
limit is reached or Privoxy is running out of memory.
Commits bbd53f1010b and 4490d451f9b. OVE-20201118-0001.
Sponsored by: Robert Klemme
- Fixed a memory leak in the show-status CGI handler when
no action files are configured. Commit c62254a686.
OVE-20201118-0002.
Sponsored by: Robert Klemme
- Fixed a memory leak in the show-status CGI handler when
no filter files are configured. Commit 1b1370f7a8a.
OVE-20201118-0003.
Sponsored by: Robert Klemme
- Fixes a memory leak when client tags are active.
Commit 245e1cf32. OVE-20201118-0004.
Sponsored by: Robert Klemme
- Fixed a memory leak if multiple filters are executed
and the last one is skipped due to a pcre error.
Commit 5cfb7bc8fe. OVE-20201118-0005.
- Prevent an unlikely dereference of a NULL-pointer that
could result in a crash if accept-intercepted-requests
was enabled, Privoxy failed to get the request destination
from the Host header and a memory allocation failed.
Commit 7530132349. CID 267165. OVE-20201118-0006.
- Fixed memory leaks in the client-tags CGI handler when
client tags are configured and memory allocations fail.
Commit cf5640eb2a. CID 267168. OVE-20201118-0007.
- Fixed memory leaks in the show-status CGI handler when memory
allocations fail. Commit 064eac5fd0 and commit fdee85c0bf3.
CID 305233. OVE-20201118-0008.
For more details, see the announcement:
https://www.openwall.com/lists/oss-security/2020/11/29/1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Backport upstream commit ([1]) adding missing string include.
Fixes:
- http://autobuild.buildroot.net/results/53a5f023ae40db18f45ebe7578962914c2d22a44
In file included from .../build/kmsxx-cb0786049f960f2bd383617151b01318e02e9ff9/kms++/inc/kms++/omap/omapcard.h:3,
from .../build/kmsxx-cb0786049f960f2bd383617151b01318e02e9ff9/kms++/src/omap/omapcard.cpp:2:
.../build/kmsxx-cb0786049f960f2bd383617151b01318e02e9ff9/kms++/inc/kms++/card.h:17:18: error: 'string' in namespace 'std' does not name a type
17 | Card(const std::string& device);
| ^~~~~~
[1] b53f9d383c.patch
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2020-15180: during SST a joiner sends an sst method name to the donor.
Donor then appends it to the "wsrep_sst_" string to get the name of the
sst script to use, e.g. wsrep_sst_rsync. There is no validation or
filtering here, so if the malicious joiner sends, for example, "rsync `rm
-rf /`" the donor will execute that too.
- CVE-2020-14812: Vulnerability in the MySQL Server product of Oracle MySQL
(component: Server: Locking). Supported versions that are affected are
5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily
exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause
a hang or frequently repeatable crash (complete DOS) of MySQL Server.
- CVE-2020-14765: Vulnerability in the MySQL Server product of Oracle MySQL
(component: Server: FTS). Supported versions that are affected are 5.6.49
and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
- CVE-2020-14776: Vulnerability in the MySQL Server product of Oracle MySQL
(component: InnoDB). Supported versions that are affected are 5.7.31 and
prior and 8.0.21 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.
- CVE-2020-14789: Vulnerability in the MySQL Server product of Oracle MySQL
(component: Server: FTS). Supported versions that are affected are 5.7.31
and prior and 8.0.21 and prior. Easily exploitable vulnerability allows
high privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.
- CVE-2020-28912:
https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-bui.pdf
describes a named pipe privilege vulnerability, specifically for MySQL,
where an unprivileged user, located on the same machine as the server, can
act as man-in-the-middle between server and client.
Additionally, 10.3.27 fixes a regression added in 10.3.26.
Drop weak md5/sha1 checksums.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
1.3.6e
---------
+ Fixed null pointer deference in mod_sftp when using SCP incorrectly
(Issue #1043).
1.3.6d
---------
+ Fixed issue with FTPS uploads of large files using TLSv1.3 (Issue #959).
1.3.6c
---------
+ Fixed regression in directory listing latency (Issue #863).
+ Detect OpenSSH-specific formatted SFTPHostKeys, and log hint for
converting them to supported format.
+ Fixed use-after-free vulnerability during data transfers (Issue #903)
[CVE-2020-9273]
+ Fixed out-of-bounds read in mod_cap by updating the bundled libcap
(Issue #902) [CVE-2020-9272]
http://proftpd.org/docs/RELEASE_NOTES-1.3.6e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: mark as security bump, add CVEs]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
While processing ARP/NCSI packets in 'arp_input' or 'ncsi_input'
routines, ensure that pkt_len is large enough to accommodate the
respective protocol headers, lest it should do an OOB access.
Add check to avoid it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes#13341
The -x / --exec start-stop-daemon option expects the path to the executable,
not just the name, leading to errors when running the init script:
Starting vsftpd: start-stop-daemon: unable to stat //vsftpd (No such file or directory)
Reported-by: tochansky@tochlab.net
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit adds a number of test cases to verify that the CPE_ID_*
variables are properly handled by the generic package infrastructure
and that the "make show-info" JSON output matches what we expect.
A total of 5 different example packages are used to exercise different
scenarios of CPE_ID_* variables usage.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, the match between Buildroot packages and CVEs is solely
based on the package names. Unfortunately, as one can imagine, there
isn't necessarily a strict mapping between Buildroot package names,
and how software projects are referenced in the National Vulnerability
Database (NVD) which we use.
The NVD has defined the concept of CPE (Common Platform Enumeration)
identifiers, which uniquely identifies software components based on
string looking like this:
cpe:2.3🅰️netsurf-browser:libnsbmp:0.1.2:*:*:*:*:*:*:*
In particular, this CPE identifier contains a vendor name (here
"netsurf-browser"), a product name (here "libnsbmp") and a version
(here "0.1.2").
This patch series introduces the concept of CPE ID in Buildroot, where
each package can be associated to a CPE ID. A package can define one
or several of:
- <pkg>_CPE_ID_VENDOR
- <pkg>_CPE_ID_PRODUCT
- <pkg>_CPE_ID_VERSION
- <pkg>_CPE_ID_VERSION_MINOR
- <pkg>_CPE_ID_PREFIX
If one or several of those variables are defined, then the
<pkg>_CPE_ID will be defined by the generic package infrastructure as
follows:
$(2)_CPE_ID = $$($(2)_CPE_ID_PREFIX):$$($(2)_CPE_ID_VENDOR):$$($(2)_CPE_ID_NAME):$$($(2)_CPE_ID_VERSION):$$($(2)_CPE_ID_VERSION_MINOR):*:*:*:*:*:*
<pkg>_CPE_ID_* variables that are not explicitly specified by the
package will carry a default value defined by the generic package
infrastructure.
If a package is happy with the default <pkg>_CPE_ID, and therefore
does not need to define any of <pkg>_CPE_ID_{VENDOR,PRODUCT,...}, it
can set <pkg>_CPE_ID_VALID = YES.
If any of the <pkg>_CPE_ID_{VENDOR,PRODUCT,...} variables are defined
by the package, then <pkg>_CPE_ID_VALID = YES will be set by the
generic package infrastructure.
Then, it's only if <pkg>_CPE_ID_VALID = YES that a <pkg>_CPE_ID will
be defined. Indeed, we want to be able to distinguish packages for
which the CPE ID information has been checked and is considered valid,
from packages for which the CPE ID information has never been
verified. For this reason, we cannot simply define a default value
for <pkg>_CPE_ID.
The <pkg>_CPE_ID_* values for the host package are inherited from the
same variables of the corresponding target package, as we normally do
for most package variables.
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Reviewed-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, when the version encoded in a CPE is '-', we assume all
versions are affected, but when it's '*' with no further range
information, we assume no version is affected.
This doesn't make sense, so instead, we handle '*' and '-' in the same
way. If there's no version information available in the CVE CPE ID, we
assume all versions are affected.
This increases quite a bit the number of CVEs and package affected:
- "total-cves": 302,
- "pkg-cves": 100,
+ "total-cves": 597,
+ "pkg-cves": 135,
For example, CVE-2007-4476 has a CPE ID of:
cpe:2.3🅰️gnu:tar:*:*:*:*:*:*:*:*
So it should be taken into account. In this specific case, it is
combined with an AND with CPE ID
cpe:2.3⭕suse:suse_linux:10:*:enterprise_server:*:*:*:*:* but since
we don't support this kind of matching, we'd better be on the safe
side, and report this CVE as affecting tar, do an analysis of the CVE
impact, and document it in TAR_IGNORE_CVES.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add upstream patch [1] to fix (musl) time_t related compile failure.
Fixes:
- https://bugs.busybox.net/show_bug.cgi?id=13336
src/thd_trip_point.cpp: In member function ‘bool cthd_trip_point::thd_trip_point_check(int, unsigned int, int, bool*)’:
src/thd_trip_point.cpp:250:19: error: format ‘%ld’ expects argument of type ‘long int’, but argument 6 has type ‘time_t’ {aka ‘long long int’} [-Werror=format=]
250 | thd_log_info("Too early to act zone:%d index %d tm %ld\n",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
251 | zone_id, cdev->thd_cdev_get_index(),
252 | tm - cdevs[i].last_op_time);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~
| |
| time_t {aka long long int}
src/thermald.h:82:57: note: in definition of macro ‘thd_log_info’
82 | #define thd_log_info(...) g_log(NULL, G_LOG_LEVEL_INFO, __VA_ARGS__)
| ^~~~~~~~~~~
src/thd_trip_point.cpp:250:59: note: format string is defined here
250 | thd_log_info("Too early to act zone:%d index %d tm %ld\n",
| ~~^
| |
| long int
| %lld
[1] a7136682b9.patch
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop dependency on BR2_ENABLE_LOCALE, which was marked as a dependency
of wlroots, but wlroots does not depend on it anymore.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop dependency on BR2_ENABLE_LOCALE, which was marked as a dependency of
libinput which is selected by wlroots. However, libinput does not depend on
BR2_ENABLE_LOCALE since commit bef6b92b67 (package/libinput: remove
dependency on BR2_ENABLE_LOCALE).
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
xinetd does not enforce the user and group configuration directives for
TCPMUX services, which causes these services to be run as root and makes it
easier for remote attackers to gain privileges by leveraging another
vulnerability in a service.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Without hashlib module pip returns the following errors:
# pip
ValueError: unsupported hash type sha224
ERROR:root:code for hash sha256 was not found.
Traceback (most recent call last):
File "/usr/lib/python2.7/hashlib.py", line 147, in <module>
File "/usr/lib/python2.7/hashlib.py", line 97, in __get_builtin_constructor
ValueError: unsupported hash type sha256
ERROR:root:code for hash sha384 was not found.
Traceback (most recent call last):
File "/usr/lib/python2.7/hashlib.py", line 147, in <module>
File "/usr/lib/python2.7/hashlib.py", line 97, in __get_builtin_constructor
ValueError: unsupported hash type sha384
ERROR:root:code for hash sha512 was not found.
Traceback (most recent call last):
File "/usr/lib/python2.7/hashlib.py", line 147, in <module>
File "/usr/lib/python2.7/hashlib.py", line 97, in __get_builtin_constructor
ValueError: unsupported hash type sha512
Traceback (most recent call last):
File "/usr/bin/pip", line 11, in <module>
load_entry_point('pip==20.0.2', 'console_scripts', 'pip')()
File "/usr/lib/python2.7/site-packages/pip/_internal/cli/main.py", line 73, in main
File "/usr/lib/python2.7/site-packages/pip/_internal/commands/__init__.py", line 96, in create_command
File "/usr/lib/python2.7/importlib/__init__.py", line 37, in import_module
File "/usr/lib/python2.7/site-packages/pip/_internal/commands/install.py", line 24, in <module>
File "/usr/lib/python2.7/site-packages/pip/_internal/cli/req_command.py", line 15, in <module>
File "/usr/lib/python2.7/site-packages/pip/_internal/index/package_finder.py", line 21, in <module>
File "/usr/lib/python2.7/site-packages/pip/_internal/index/collector.py", line 12, in <module>
File "/usr/lib/python2.7/site-packages/pip/_vendor/requests/__init__.py", line 43, in <module>
File "/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/__init__.py", line 7, in <module>
File "/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/connectionpool.py", line 29, in <module>
File "/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/connection.py", line 40, in <module>
File "/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/util/__init__.py", line 7, in <module>
File "/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/util/ssl_.py", line 8, in <module>
ImportError: cannot import name md5
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2020-28196: MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before
1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message
because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite
lengths lacks a recursion limit.
Also fix .hash file indentation.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF
Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the
XML writer, leading to heap-based buffer overflows (sometimes seen in
raptor_qname_format_as_xml).
For more details, see the oss-security discussion:
https://www.openwall.com/lists/oss-security/2020/11/13/1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libmagic is an optional dependency of gensoimage that can raise the
following build failure:
/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: /home/buildroot/autobuild/instance-0/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libmagic.a(compress.o): in function `uncompressbuf':
compress.c:(.text+0x7bc): undefined reference to `lzma_auto_decoder'
/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: compress.c:(.text+0x828): undefined reference to `lzma_code'
/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: compress.c:(.text+0x848): undefined reference to `lzma_end'
collect2: error: ld returned 1 exit status
genisoimage/CMakeFiles/genisoimage.dir/build.make:628: recipe for target 'genisoimage/genisoimage' failed
Fixes:
- http://autobuild.buildroot.org/results/7e06edc363817c9c9a1687ec89e9984a90a2012d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The wcsnrtombs function has been found to have multiple bugs in handling of
destination buffer size when limiting the input character count, which can
lead to infinite loop with no forward progress (no overflow) or writing past
the end of the destination buffer.
For more details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/11/20/4
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a minor release which solved a build issues and fixes a number
of rendering issues. Release notes:
https://wpewebkit.org/release/wpewebkit-2.30.3.html
Patch "0002-WebProcess-InjectedBundle-fix-compile-without-video-.patch"
can be removed because a similar fix is included in this release.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2020-25032: An issue was discovered in Flask-CORS (aka CORS Middleware
for Flask) before 3.0.9. It allows ../ directory traversal to access
private resources because resource matching does not ensure that pathnames
are in a canonical format.
Also drop outdated md5 checksum and fix .hash indentation.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Enabling package host build for abootimg so that boot images can be
created for boards which boot from this format.
Signed-off-by: Mike Frampton <mikeframpo@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Installs the required Wifi/BT firmware blobs for the Qualcomm
Dragonboard 410c SBC.
Signed-off-by: Mike Frampton <mikeframpo@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 4266c9f54f (package/gvfs: needs dynamic library) updated the
dependency of gvfs, but inverted the comment dependency, causing it to only
be shown if !static - Fix that.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Reviewed-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Replace ENABLE_DPKD by ENABLE_DPDK to fix the following error:
Manually-specified variables were not used by the project:
BUILD_DOC
BUILD_DOCS
BUILD_EXAMPLE
BUILD_EXAMPLES
BUILD_TEST
BUILD_TESTING
BUILD_TESTS
ENABLE_DPKD
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pkg-stats is not able anymore to set the developers for defconfigs and
packages. This issue is introduced with
ae86067a15. The hasfile() method from
Developer object tries to check an absolute path against a relative path.
Convert the filepath to be checked also into an absolute path.
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Update the hash accordingly.
- Remove a patch, as its fix is in this new version of pixz.
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Attempting to compile this package with newer Kernel version (e.g. v5.4)
fails with message:
Generating local configuration database from kernel ...Kernel version parse failed!
Upgrading the package to 5.8 fixes this issue. Anyways, v4.4 is now
rather old and beat the very purpose of having newer drivers in older
kernels.
Since backports tag v4.14-rc4-1, the requirement on minimal kernel
version changed from 3.0 to 3.10. See commit [1]. The minimal kernel
version check is changed accordingly.
License files are also updated: the linux backports package copies the
license files from the kernel version used for its generation. v5.8 is
now "GPL-2.0 WITH Linux-syscall-note". However, there is no such SPDX
identifier (contrary to what is said in the COPYING file), so we keep it
as GPL-2.0 (which also keeps it aligned to what we have in linux.mk).
[1] https://git.kernel.org/pub/scm/linux/kernel/git/backports/backports.git/commit/?id=a0d05f9f9ca50ea8b1d60726fac6b54167257e76
Signed-off-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Tested-by: Petr Vorel <petr.vorel@gmail.com>
[yann.morin.1998@free.fr: keep license as GPL-2.0, like for linux]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* master: (125 commits)
package/jpeg-turbo: security bump to version 2.0.5
package/modem-manager: bump to version 1.14.8
package/c-ares: security bump to version 1.17.0
docs/website: update for 2020.02.8
Update for 2020.02.8
docs/website: update for 2020.08.2
Update for 2020.08.2
package/qemu: fix build with 64 bits time_t
package/harfbuzz: fix build without threads
boot/uboot: fix custom repo error message
package/numactl: needs -fPIC
package/dovecot-pigeonhole: fix build with per-package directories
package/libpam-tacplus: remove duplicate LIBPAM_TACPLUS_AUTORECONF
package/openntpd: needs host-bison
package/xorriso: fix host option
DEVELOPERS: drop Trent Piepho
package/postgresql: security bump to version 12.5
package/redis: security bump to version 6.0.9
Revert "package/linux-backports: bump version to 5.8"
package/linux-backports: bump version to 5.8
...
python-protobuf: drop patch 0001 as it is applied upstream
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
GIT_EXECUTABLE is not needed since version 4.3.0 and
a92ea8672f6c2e02ffb1
CMake Warning:
Manually-specified variables were not used by the project:
BUILD_DOC
BUILD_DOCS
BUILD_EXAMPLE
BUILD_EXAMPLES
BUILD_TEST
BUILD_TESTING
BUILD_TESTS
GIT_EXECUTABLE
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- avoid read-heap-buffer-overflow in ares_parse_soa_reply found during
fuzzing
- Avoid theoretical buffer overflow in RC4 loop comparison
- Empty hquery->name could lead to invalid memory access
- ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was
passed in
https://c-ares.haxx.se/changelog.html#1_17_0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When using a custom git or mercurial repository for u-boot the error message
indicating a version had not been provided incorrectly stated that the URL was
missing. Update the error message to indicate that it's the version that's
missing.
Signed-off-by: Garret Kelly <garret.kelly@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This will avoid the following build failure with qemu 5.0.0 and above:
/srv/storage/autobuild/run/instance-2/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-uclibc/8.3.0/../../../../x86_64-buildroot-linux-uclibc/bin/ld: /srv/storage/autobuild/run/instance-2/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/lib/../lib64/libnuma.a(libnuma.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a PIE object; recompile with -fPIC
Fixes:
- http://autobuild.buildroot.org/results/616dff216a215dc0494c846d337e03e0795b2fb2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
--disable-bzip2 is not a recognized option so replace it by
--disable-libbz2 to match the target logic.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We change Trent's e-mail address in commit
1c20802d4b, but it turns out the new one
also doesn't work:
<trent.piepho@synapse.com>: host
synapse-com.mail.protection.outlook.com[104.47.57.138] said: 550 5.4.1
Recipient address rejected: Access denied. AS(201806281)
[DM6NAM11FT063.eop-nam11.prod.protection.outlook.com] (in reply to RCPT TO
command)
So let's drop Trent entirely, which orphans the libp11 package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Attempting to compile this package with newer Kernel version (e.g. v5.4)
fails with message:
Generating local configuration database from kernel ...Kernel version parse failed!
Upgrading the package to 5.8 fixes this issue. Anyways, v4.4 is now
rather old and beat the very purpose of having newer drivers in older
kernels.
Since backports tag v4.14-rc4-1, the requirement on minimal kernel
version changed from 3.0 to 3.10. See commit [1]. The minimal kernel
version check is changed accordingly.
License files are also updated: the linux backports package copies the
license files from the kernel version used for its generation. v5.8 is
now "GPL-2.0 WITH Linux-syscall-note". However, there is no such SPDX
identifier (contrary to what is said in the COPYING file), so we keep it
as GPL-2.0 (which also keeps it aligned to what we have in linux.mk).
[1] https://git.kernel.org/pub/scm/linux/kernel/git/backports/backports.git/commit/?id=a0d05f9f9ca50ea8b1d60726fac6b54167257e76
Signed-off-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Tested-by: Petr Vorel <petr.vorel@gmail.com>
[yann.morin.1998@free.fr: keep license as GPL-2.0, like for linux]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since there is not necessary to have support of systemd within the host
variant let's disable it unconditionally to solve the following errors:
/usr/bin/install -c -m 644 data/rauc.service '/usr/lib/systemd/system'
/usr/bin/install: cannot create regular file '/usr/lib/systemd/system/rauc.service': Permission denied
/usr/bin/install -c -m 644 data/de.pengutronix.rauc.conf 'no'
make[4]: *** [Makefile:1700: install-nodist_systemdunitDATA] Error 1
make[4]: *** Waiting for unfinished jobs....
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
While testing Buildroot on a Cortex-A5 that doesn't provide NEON, we
found out that a system generated with the ARM toolchain from Arm
didn't boot. It turns out that this ARM toolchain is built with:
--with-arch=armv7-a --with-fpu=neon --with-float=hard --with-mode=thumb
So, it uses NEON as its FPU, which means it can only work on CPU cores
that have NEON support. This commit adds the appropriate dependency to
the toolchain-external-arm-arm package, and adjusts the Config.in help
text accordingly.
While at it, it also drops the part of the Config.in help text that
says the code is tuned for Cortex-A9, as it is not the case: it was
the case for the Linaro toolchain (built with --with-tune=cortex-a9),
but not for the ARM toolchain, for which no specific --with-tune is
passed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Alexandre Belloni <alexandre.belloni@bootlin.com>
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a
large amount of memory.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The commit 05fea6e4a6 "infra/pkg-kconfig:
do not rely on package's .config as a timestamp" broke the kernel
version check of this linux-backports package (it was no longer
executed). Since linux-4.19, the kernel's build system internally
touches its .config file, so it can no longer be used as a stamp file.
The stamp file defined in KCONFIG_STAMP_DOTCONFIG variable of
pkg-kconfig infra need to be used instead.
This commit fixes the kernel version check.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Tested-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Static build of luajit is disabled since commit b2e8f28efa
("package/luajit: disable for static build"). Remove the related
BUILDMODE handling as well.
Cc: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- math/big: panic during recursive division of very large numbers
A number of math/big.Int methods (Div, Exp, DivMod, Quo, Rem, QuoRem, Mod,
ModInverse, ModSqrt, Jacobi, and GCD) can panic when provided crafted
large inputs. For the panic to happen, the divisor or modulo argument
must be larger than 3168 bits (on 32-bit architectures) or 6336 bits (on
64-bit architectures). Multiple math/big.Rat methods are similarly affected.
crypto/rsa.VerifyPSS, crypto/rsa.VerifyPKCS1v15, and crypto/dsa.Verify may
panic when provided crafted public keys and signatures. crypto/ecdsa and
crypto/elliptic operations may only be affected if custom CurveParams with
unusually large field sizes (several times larger than the largest
supported curve, P-521) are in use. Using crypto/x509.Verify on a crafted
X.509 certificate chain can lead to a panic, even if the certificates
don’t chain to a trusted root. The chain can be delivered via a
crypto/tls connection to a client, or to a server that accepts and
verifies client certificates. net/http clients can be made to crash by an
HTTPS server, while net/http servers that accept client certificates will
recover the panic and are unaffected.
Moreover, an application might crash invoking
crypto/x509.(*CertificateRequest).CheckSignature on an X.509 certificate
request or during a golang.org/x/crypto/otr conversation. Parsing a
golang.org/x/crypto/openpgp Entity or verifying a signature may crash.
Finally, a golang.org/x/crypto/ssh client can panic due to a malformed
host key, while a server could panic if either PublicKeyCallback accepts a
malformed public key, or if IsUserAuthority accepts a certificate with a
malformed public key.
Thanks to the Go Ethereum team and the OSS-Fuzz project for reporting
this. Thanks to Rémy Oudompheng and Robert Griesemer for their help
developing and validating the fix.
This issue is CVE-2020-28362 and Go issue golang.org/issue/42552.
- cmd/go: arbitrary code execution at build time through cgo
The go command may execute arbitrary code at build time when cgo is in
use. This may occur when running go get on a malicious package, or any
other command that builds untrusted code.
This can be caused by malicious gcc flags specified via a #cgo directive,
or by a malicious symbol name in a linked object file.
Thanks to Imre Rad and to Chris Brown and Tempus Ex respectively for
reporting these issues.
These issues are CVE-2020-28367 and CVE-2020-28366, and Go issues
golang.org/issue/42556 and golang.org/issue/42559 respectively.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
- https://bugs.busybox.net/show_bug.cgi?id=13306
.../wpewebkit-2.30.2/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp:242:30: error: ‘class WebCore::Settings’ has no member named ‘setGenericCueAPIEnabled’; did you mean ‘setBeaconAPIEnabled’?
page->settings().setGenericCueAPIEnabled(enabled);
^~~~~~~~~~~~~~~~~~~~~~~
setBeaconAPIEnabled
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream backports package does not define the LEX/YACC Makefile
variables, contrary to the Kernel which is defining those in [1]. The
default "lex" and "yacc" are then used. On some systems, "yacc" is
Berkeley Yacc. Kconfig parser files are using non-Posix Bison
constructs.
Attempting to generate the parser with byacc fails with error:
yacc: e - line 97 of "zconf.y", syntax error
%destructor {
^
This patch defines the LEX and YACC Makefile variable to use flex and
bison, to fix this issue. The host-bison and host-flex dependencies are
added only if the host does not have them, following the same logic of
the Kernel.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=73a4f6dbe70a1b93c11e2d1d6ca68f3522daf434
Signed-off-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- AST-2020-001: Remote crash in res_pjsip_session
Upon receiving a new SIP Invite, Asterisk did not return the created
dialog locked or referenced.
- AST-2020-002: Outbound INVITE loop on challenge with different nonce
If Asterisk is challenged on an outbound INVITE and the nonce is changed
in each response, Asterisk will continually send INVITEs in a loop. This
causes Asterisk to consume more and more memory since the transaction will
never terminate (even if the call is hung up), ultimately leading to a
restart or shutdown of Asterisk. Outbound authentication must be
configured on the endpoint for this to occur.
For details, see the announcement:
https://www.asterisk.org/asterisk-news/asterisk-13-37-1-16-14-1-17-8-1-18-0-1-and-16-8-cert5-now-available-security/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Avoid setting executable bits for apparmor.service. This gets rid of a
corresponding warning during installation:
Configuration file ../target/usr/lib/systemd/system/apparmor.service
is marked executable. Please remove executable permission bits.
Proceeding anyway.
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use fbset.c as the license file and, while at it, also update
indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use argp.h as the license file and, while at it, update indentation in
hash file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that pkg-stats is not just a maintainer-oriented tool, but a tool
generally useful to users, introduce a make target to run
pkg-stats. Of course, it is run with the newly introduced -c option,
which produces a pkg-stats output for just the selection of packages
of the currently defined configuration.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that pkg-stats is able to generate its output based on the list of
packages enabled in the current configuration, cve-checker doesn't
serve any purpose.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pkg-stats was initially a Buildroot maintenance oriented tool: it was
designed to examine all Buildroot packages and provide
statistics/details about them.
However, it turns out that a number of details provided by pkg-stats,
especially CVEs, are relevant also for Buildroot users, who would like
to check regularly if their specific Buildroot configuration is
affected by CVEs or not, and possibly check if all packages have
license information, license files, etc.
The cve-checker script was recently introduced to provide an output
relatively similar to pkg-stats, but focused on CVEs only.
But in fact, its main difference is on the set of packages that we
consider: pkg-stats considers all packages, while cve-checker uses
"make show-info" to only consider packages enabled in the current
configuration.
So, this commit introduces a -c option to pkg-stats, to tell pkg-stats
to generate its output based on the list of configured packages. -c is
mutually exclusive with the -p option (explicit list of packages) and
-n option (a number of packages, picked randomly).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, pkg-stats expects being executed from Buildroot's top-level
source directory. As we are going to extend pkg-stats to cover only
the packages available in the current configuration, it makes sense to
be able to run it from the output directory, which can be anywhere
compared to Buildroot's top-level directory.
This commit adjusts pkg-stats to this, by inferring all Buildroot
paths based on the location of the pkg-stats script itself.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
"loader_dr3_helper.c uses xcb_xfixes_create_region() that requires dep_xcb_xfixes to link.
This is dependent on with_platform_x11 and with_dri3.
But the source meson file does not set this up dependent on with_dri3."
i686-buildroot-linux-gnu/bin/ld: src/loader/libloader_dri3_helper.a(loader_dri3_helper.c.o): in function `loader_dri3_swap_buffers_msc':
loader_dri3_helper.c:(.text.loader_dri3_swap_buffers_msc+0x33e): undefined reference to `xcb_xfixes_create_region'
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981830
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Set BITCOIN_GENBUILD_NO_GIT to not include (Buildroot) git version info in
build, which is available since version 0.15.0 and
e98e3dde6a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
WPE WebKit 2.30.0 added an USE_SYSTEMD buil option, which needs to
be set to avoid CMake from trying to use systemd unconditionally.
Based on a similar patch for package/webkitgtk by Peter Seiderer.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix a typo in service location, the right location is indeed /usr/sbin.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- systemd support/USE_SYSTEMD option was added since 2.30.0,
so add an optional dependency
Fixes:
-- Could NOT find Systemd (missing: Systemd_LIBRARY Systemd_INCLUDE_DIR)
CMake Error at Source/cmake/OptionsGTK.cmake:425 (message):
libsystemd is needed for USE_SYSTEMD
Reported-by: C Larbi <pkl2000us@gmail.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- option was renamed from ENABLE_OPENGL to ENABLE_GRAPHICS_CONTEXT_GL
since 2.30.0
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since Qemu 5.1, this defconfig doesn't boot due to the to small SD card image size (60MB).
qemu-system-arm: sd_init failed: Invalid SD card size: 60 MiB
SD card size has to be a power of 2, e.g. 64 MiB.
You can resize disk images with 'qemu-img resize <imagefile> <new-size>'
(note that this will lose data if you make the image smaller than it currently is).
qemu-system-arm: sd_init failed
From [1]:
"While the possibility to use small SD card images has been seen as
a feature, it became a bug with CVE-2020-13253, where the guest is
able to do OOB read/write accesses past the image size end."
The qemu_arm_vexpress_tz_defconfig doesn't trigger such issue since
it doesn't use the same filesystem support (i.e doesn't use
-drive file=output/images/rootfs.ext2,if=sd,format=raw).
Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/766482935
[1] https://git.qemu.org/?p=qemu.git;a=commitdiff;h=a9bcedd15a5834ca9ae6c3a97933e85ac7edbd36
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
qemu_arm_versatile doesn't use SD card interface but SCSI, so there is no
need to increase the image size.
The change was for qemu_arm_vexpress_defconfig instead (notice the
name of the defconfig used in gitlab).
This reverts commit cb62a8e0a2.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bumping the package requires two fixes:
* pillow looks for header files in paths returned by pkg-config.
On buildroot, pkg-config returns nothing if PKG_CONFIG_ALLOW_SYSTEM_CFLAGS
is disabled.
* png is the default pillow image format and png format is working only
if python zlib module is available.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Tested-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build of xen tools fails if slirp is built before xen because xen is not
compatible with spice slirp which does not provide libslirp.h:
/home/buildroot/autobuild/instance-2/output-1/build/xen-4.13.0/tools/qemu-xen/net/slirp.c:40:10: fatal error: libslirp.h: No such file or directory
#include <libslirp.h>
^~~~~~~~~~~~
Indeed, xen prefers a system-provided slirp over its internal one
So add slirp as a mandatory dependency (now that we switched to the up
to date https://gitlab.freedesktop.org/slirp/libslirp)
This build failure is raised since, at least, version 4.13.0
Fixes:
- http://autobuild.buildroot.org/results/b80b33ed558518f7bbb0a3c8586bf2d0b8acc36f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Use an up to date fork (spice slirp is archived and has not been
updated since 2012)
- Add COPYRIGHT as the license file
- BSD-4-Clause has been replaced by BSD-3-Clause since
3bac39137af9f6e69c4e
- Add hash file
- Switch to meson-package
- Fix multiple security vulnerabilities: CVE-2014-3640, CVE-2017-11434,
CVE-2019-6778, CVE-2019-9824, CVE-2019-14378 and CVE-2020-10756
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
festival fails to built with glibc 2.18 due to fopen and the h_addr field in
struct hostent:
../gst/festival/gstfestival.c: In function 'gst_festival_chain':
../gst/festival/gstfestival.c:273:3: warning: implicit declaration of function 'fdopen' [-Wimplicit-function-declaration]
fd = fdopen (f, "wb");
^
../gst/festival/gstfestival.c:273:6: warning: assignment makes pointer from integer without a cast [enabled by default]
fd = fdopen (f, "wb");
^
../gst/festival/gstfestival.c: In function 'festival_socket_open':
../gst/festival/gstfestival.c:367:45: error: 'struct hostent' has no member named 'h_addr'
memmove (&serv_addr.sin_addr, serverhost->h_addr, serverhost->h_length);
^
Both of which are hidden behind _GNU_SOURCE in glibc 2.18, so enable that to
fix this build issue.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
dvbsubenc fails to build with gcc 4.8 due to restrict keyword and for
loop declarations:
../gst/dvbsubenc/libimagequant/blur.c:10:46: error: expected ';', ',' or ')' before 'src'
transposing_1d_blur (unsigned char *restrict src, unsigned char *restrict dst,
^
../gst/dvbsubenc/libimagequant/blur.c: In function 'liq_min3':
../gst/dvbsubenc/libimagequant/blur.c:101:5: error: 'for' loop initial declarations are only allowed in C99 mode
for (unsigned int i = 0; i < width - 1; i++) {
^
../gst/dvbsubenc/libimagequant/blur.c:101:5: note: use option -std=c99 or -std=gnu99 to compile your code
Fixes:
- http://autobuild.buildroot.org/results/183e876d63340b5c204f47a4653cbfebb0523277
Both of which are C99 features, so explicitly enable C99 support to fix
that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add license file and, while at it, update indentation to two spaces
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit b737c6b351. This was not
supposed to be committed, as the patch did not update linux.hash.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pgac_cv_snprintf_long_long_int_modifier has been dropped since version
11.0 and
b929614f5e
pgac_cv_snprintf_size_t_support has been dropped since version 12.0 and
96bf88d527
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
I haven't looked at that package and touched it for 6 years now, and
clearly others have taken care of it when looking at the Git history.
Signed-off-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release. From the release notes:
go1.15.4 (released 2020/11/05) includes fixes to cgo, the compiler, linker,
runtime, and the compress/flate, net/http, reflect, and time packages.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Various bfd section macros and functions like bfd_section_size() have been
modified starting with binutils >= 2.34.
Add a patch to handle this API change.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following check-package warning added by commit
a2b98a6add:
package/davfs2/davfs2.mk:22: expected indent with tabs
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Disable unit-tests which are enabled by default if cmocka is found:
222e691739
- Drop --enable-iproute2 to enable netlink(3) support (and so drop
IFCONFIG, IPROUTE and ROUTE environment variables and keep NETSTAT
even if it is only used by tests/t_client.sh.in).
netlink is much faster than calling ifconfig or route and also enables
OpenVPN to run with less privileges.
- Update indentation in hash file (two spaces)
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
QT can default to outputting the logs to syslog instead of to the
console with this compile time switch. That behavior can still be
overridden by setting the environment variable QT_LOGGING_TO_CONSOLE to
1.
Signed-off-by: Jeff Zignego <jzignego@hedcontrols.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
mount.davfs expects the availability of the user and group davfs2.
Signed-off-by: Sven Klomp <mail@klomp.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Project switched license to BSD Zero Clause License:
007a303dac
Add RHASH_CONFIGURE_CMDS after upstream added a configure script:
cdaf438622
Make target install-headers was renamed to install-lib-headers:
5184f57ed8
Make target install-shared was removed, use build-install-binary
instead:
cdaf438622
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch is needed to fix the build with freetype >= 2.10.3.
https://www.freetype.org/index.html#news
"A warning for distribution maintainers: Version 2.10.3 and later may
break the build of ghostscript, due to ghostscript's use of a with-
drawn macro that wasn't intended for external usage."
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Although BR2_DL_DIR is indeed a site-local setting, which does not
actually define the target system, we've had it in the tree for a
long time now, and people have been depending on it for a variety
of use-cases.
Furthermore, BR2_DL_DIR is far from the only such site-local setting,
BR2_CCACHE_DIR springs to mind, and in the less-obvious category, we
can also find BR2_JLEVEL, but also BR2_WGET, BR2_SVN, BR2_GIT et al.
as they may be tweaked to set the timeout, number of retries or so on
to work around stupid proxies. But of course, the most local site-local
setting is probably BR2_PACKAGE_OVERRIDE_FILE, with its default value
being explicitly just 'local.mk'.
Ideally, we would like to have a clear separation between the
configuration that actually defines the target system on one hand,
and the site-local settings that drive and control how the build is
performed, on the other hand. This is by far a much bigger endeavour
than just dropping BR2_DL_DIR from the saved defconfig.
This reverts commit 36edacce9c (adapted
to keep the fix from 1a7873ec98).
Closes: #13291
Note: thanks to Thomas; some phrasing above was borrowed from a
discussion with him.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Lance Fredrickson <lancethepants@gmail.com>
Cc: Sven Oliver Moll <buildroot@svol.li>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Adam Duskett <aduskett@gmail.com>
This will fix the following build failure with python 3.9 and
sigrok-cli:
/srv/storage/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/mips64el-buildroot-linux-uclibc/5.5.0/../../../../mips64el-buildroot-linux-uclibc/bin/ld: /srv/storage/autobuild/run/instance-1/output-1/host/bin/../mips64el-buildroot-linux-uclibc/sysroot/usr/lib/libsigrokdecode.so: undefined reference to `PyList_Insert'
Fixes:
- http://autobuild.buildroot.org/results/cc6447b926f8223c68d0086428d29a037b18252d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following flake8 warnings:
support/testing/tests/core/test_selinux.py:21:1: E302 expected 2 blank lines, found 1
support/testing/tests/core/test_selinux.py:38:1: E302 expected 2 blank lines, found 1
support/testing/tests/core/test_selinux.py:51:1: E302 expected 2 blank lines, found 1
support/testing/tests/core/test_selinux.py:62:1: E302 expected 2 blank lines, found 1
support/testing/tests/core/test_selinux.py:65:14: E127 continuation line over-indented for visual indent
support/testing/tests/init/test_systemd_selinux.py:53:1: E302 expected 2 blank lines, found 1
support/testing/tests/init/test_systemd_selinux.py:64:1: E302 expected 2 blank lines, found 1
Interestingly, the "continuation line over-indented for visual indent"
shows up only once, while the same pattern is there at multiple places
in the file. We fix all places with that over-indentation pattern.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 8efb52c1a1 added a libxslt
dependency presumably to manage
bbd39a457c
However, this is wrong and build will fail on:
checking for xsltproc... no
configure: error: Please install xsltproc before configuring.
xsltproc is used to generate ModemManager-names.h since, at least,
version 0.7.990 and
365b906a3e
However, this file is already available in the official tarball so drop
this unneeded dependency and set ac_cv_prog_XSLTPROC_CHECK to yes
Fixes:
- http://autobuild.buildroot.org/results/edc755b874ea43d1c009ad76c28f05e18519138e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
NOTE: this version requires mbim: >= 1.24.0, qmi: >= 1.26.0.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since
481ee7ca3d
remi use setuptools-scm to obtain version, but .git directory is dropped when
the archive is fetched. The result is a build failure like:
Traceback (most recent call last):
File "setup.py", line 22, in <module>
include_package_data=True,
File "/tmp/instance-0/output-1/host/lib/python2.7/site-packages/setuptools/__init__.py", line 145, in setup
return distutils.core.setup(**attrs)
File "/tmp/instance-0/output-1/host/lib/python2.7/distutils/core.py", line 111, in setup
_setup_distribution = dist = klass(attrs)
File "/tmp/instance-0/output-1/host/lib/python2.7/site-packages/setuptools/dist.py", line 448, in __init__
k: v for k, v in attrs.items()
File "/tmp/instance-0/output-1/host/lib/python2.7/distutils/dist.py", line 287, in __init__
self.finalize_options()
File "/tmp/instance-0/output-1/host/lib/python2.7/site-packages/setuptools/dist.py", line 740, in finalize_options
ep.load()(self)
File "/tmp/instance-0/output-1/host/lib/python2.7/site-packages/setuptools/dist.py", line 747, in _finalize_setup_keywords
ep.load()(self, ep.name, value)
File "/tmp/instance-0/output-1/host/lib/python2.7/site-packages/setuptools_scm/integration.py", line 17, in version_keyword
dist.metadata.version = _get_version(config)
File "/tmp/instance-0/output-1/host/lib/python2.7/site-packages/setuptools_scm/__init__.py", line 147, in _get_version
parsed_version = _do_parse(config)
File "/tmp/instance-0/output-1/host/lib/python2.7/site-packages/setuptools_scm/__init__.py", line 118, in _do_parse
"use git+https://github.com/user/proj.git#egg=proj" % config.absolute_root
LookupError: setuptools-scm was unable to detect version for u'/tmp/instance-0/output-1/build/python-remi-2020.10.30'.
Make sure you're either building from a fully intact git repository or PyPI tarballs. Most other sources (such as GitHub's tarballs, a git checkout without the .git folder) don't contain the necessary metadata and will not work.
For example, if you're using pip, instead of https://github.com/user/proj/archive/master.zip use git+https://github.com/user/proj.git#egg=proj
make: *** [package/pkg-generic.mk:250: /tmp/instance-0/output-1/build/python-remi-2020.10.30/.stamp_built] Error 1
make: Leaving directory '/tmp/instance-0/buildroot'
Fix:
- http://autobuild.buildroot.net/results/3a6/3a62359d0e183d45e50e999fc2c58f7805bda142/
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
[Peter: drop _LICENSE_FILES, tarball does not include LICENSE file]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add initial support for Orangepi Zero Plus board:
- U-Boot 2020.10
- Linux 5.7.19
- Default packages from buildroot
This patch is based on Orangepi Zero Plus2 board support, so genimage
configuration and description is copy pasted. One difference is that
newer Linux and U-Boot are selected. Another difference is Ethernet
support (Plus) instead of WiFi (Plus2).
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
opencv3 does not install anything in $(TARGET_DIR)/usr/share/OpenCV/doc
so drop OPENCV3_CLEAN_INSTALL_DOC
However it installs its licence files in
$(TARGET_DIR)/usr/share/licenses/opencv3 so add
OPENCV3_CLEAN_INSTALL_LICENSE
Moreover, the cmake hook does not catch all cmake files and missed the
valgrind files so update OPENCV3_CLEAN_INSTALL_CMAKE and add
OPENCV3_CLEAN_INSTALL_VALGRIND to delete those files:
OpenCVConfig.cmake OpenCVConfig-version.cmake OpenCVModules.cmake OpenCVModules-release.cmake valgrind_3rdparty.supp valgrind.supp
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This reverts commit d01b0bbad0.
Original commit made restriction for Linux headers < 3.4 which was
related to keepalived version 1.3.5, but it compiles fine now at least
with a toolchain based on 3.2 headers and keepalived 2.0.15 together
with ipset enabled.
Probably it was fixed by this commit:
5a7f895bb7
Signed-off-by: Vadym Kochan <vadym.kochan@plvision.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
mbedtls (former polarssl) support was dropped with commit
3380da69c5
Put it back as openvpn supports mbedtls 2.x since version 2.4.0 and
86d8cd6860
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 23a79ddb45 updated md5 and sha1 for
imlib2_loaders-1.6.1.tar.bz2 instead of imlib2-1.6.1.tar.bz2
Fix this mistake and, while at it, update indentation to two spaces
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Busybox is mainly licensed under the GPL-2.0, but the bzip2 part is a
modified copy of the bzip2/libbzip2 project, which comes with its own
license.
Update the licensing information accordingly.
Add the hash for the new license file, and fixup indentation (2 spaces).
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For grub-efi we can align the rootfs to start at exactly 16MB from the
beginning of the disk. This can be done by reducing the vfat partition to
be 32 KB smaller than its 16MB size, just like the offset of the vfat
partition.
Signed-off-by: Florian La Roche <Florian.LaRoche@gmail.com>
[Peter: drop redundant offset/size settings, add comment]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In order to simplify the usage of a buildroot toolchain within
the buildroot shell, a "cmake" alias is provided to call cmake
with the correct toolchain file and options.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In order to simplify the usage of a buildroot toolchain within
the buildroot shell, a "configure" alias is provided to call
./configure with the correct flags.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The meson options were in some semi-sorted order with no logic in it.
Sort them alphabetically instead.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since we don't enable sysv any support, it makes no sense to set the
path to telinit either.
The path we were setting was anyway wrong: we set a path into
TARGET_DIR, but this path is only used at runtime, on the target, where
TARGET_DIR doesn't exist (it should have been /usr/sbin/telinit).
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
If paths are not set, then meson will search the host system for the
binaries (or the target, where those binaries are not yet installed).
So add the missing paths.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Reviewed-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
As we many times by now discussed that - some ARC cores might
not have atomic instructions implemented. Namely that's ARC700
w/o explicitly added atomics during design creation/configuration.
Because of that when GCC gets configured for ARC700, i.e. via
"--with-cpu=arc700" atomic ops are assumed disabled.
Usually it's not a problem as we add "-matomics" in the wraper for
building all packages if targets CPU has atomis (BR2_ARC_ATOMIC_EXT).
But when bulding target's binaries which are essential parts of
the GCC itself we don't use the wrapper. Instead xgcc is being used.
That way we lose that important part of system's configuration about
atomics and:
1. Atomic ops won't be used where otherwise they could have been used.
2. Some configuration checks might end-up thinking there're no atomics
In particular (2) leads to pretty obscure failure on bulding of some
packages which use C++, for example:
log4cplus: http://autobuild.buildroot.net/results/a7732fdb2ba526a114d9fb759814236c5332f8d7
------------------------>8--------------------
./.libs/liblog4cplus.so: undefined reference to `std::__atomic_futex_unsigned_base::_M_futex_notify_all(unsigned int*)'
collect2: error: ld returned 1 exit status
------------------------>8--------------------
bitcoin: http://autobuild.buildroot.net/results/f73/f73d4c77e5fd6223abdbc83e344addcfc93227b8
------------------------>8--------------------
(.text+0x110c): undefined reference to `std::__atomic_futex_unsigned_base::_M_futex_wait_until(unsigned int*, unsigned int, bool, std::chrono::duration<long long, std::ratio<1ll, 1ll> >, std::chrono::duration<long long, std::ratio<1ll, 1000000000ll> >)'
collect2: error: ld returned 1 exit status
------------------------>8--------------------
apcupsd: http://autobuild.buildroot.net/results/7a2/7a2cc7a4ac2237c185817f75e55e05d144efd100
------------------------>8--------------------
/tmp/instance-0/output-1/host/lib/gcc/arc-buildroot-linux-uclibc/9.3.1/../../../../arc-buildroot-linux-uclibc/bin/ld: eh_throw.cc:(.text._ZL23__gxx_exception_cleanup19_Unwind_Reason_CodeP17_Unwind_Exception+0x24): undefined reference to `__gnu_cxx::__exchange_and_add(int volatile*, int)'
collect2: error: ld returned 1 exit status
------------------------>8--------------------
...and many more.
Interesting enough that was not seen earlier because "-matomic"
used to be added in TARGET_{C|CXX}FLAGS via TARGET_ABI,
but later "-matomic" was moved to ARCH_TOOLCHAIN_WRAPPER_OPTS, see
https://git.buildroot.org/buildroot/commit/?id=c568b4f37fa6d7f51e6d14d33d7eb75dfe26d7bf
and since then we started to see that new breakage which we now
attempt to fix right where it hapens on GCC configuration.
In contrast ARC HS family has atomic ops enabled by default thus
we never spotted that kind of problem for it.
More datails with analysis of what really happens under the hodd and
how do error messages above are related to libs of GCC configuration could
be found here: http://lists.busybox.net/pipermail/buildroot/2020-October/293614.html
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Romain Naour <romain.naour@gmail.com>
[Peter: simplify conditional]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with optee-client 3.11.0 and gcc 4.8:
/home/giuliobenetti/autobuild/run/instance-2/output-1/build/optee-client-3.11.0/libckteec/src/pkcs11_processing.c: In function 'ck_create_object':
/home/giuliobenetti/autobuild/run/instance-2/output-1/build/optee-client-3.11.0/libckteec/src/pkcs11_processing.c:22:9: error: missing initializer for field 'buffer' of 'struct serializer' [-Werror=missing-field-initializers]
struct serializer obj = { };
^
Build failure is raised since version 3.10.0 and
c3279f4243e88c264ba385a7ea7861
Fixes:
- http://autobuild.buildroot.org/results/a3d663adb943aee814180f01d6e153b3309be962
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* add a comment about the kernel header dependencies when bumping
versions
* set url to kernel.org as github is unmaintained and outdated
* use two spaces in hash-file
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit bumps ARC toolchain to arc-2020.09-release.
ARC GNU tools of version arc-2020.09-release bring some quite significant
changes like:
* Binutils 2.34.50 with additional ARC patches
* GCC 10.0.2 with additional ARC patches
* GDB 10.0.50 with additional ARC patches
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- harfbuzz is mandatory since
f3e2c97e18
- Fix CVE-2020-26682 (In libass 0.14.0, the `ass_outline_construct`'s
call to `outline_stroke` causes a signed integer overflow.) through
676f9dc5b5
which does not apply cleanly over version 0.14.
It should be noted that version 0.15 also fixes other integer
overflows (which have no CVE assigned)
- Update indentation in hash file (two spaces)
https://github.com/libass/libass/releases/tag/0.15.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 2acaa86ce6 replaced util-linux by
util-linux-libs but this raises the following build failure:
Makefile:585: *** util-linux-libs is in the dependency chain of libglib2 that has added it to its _DEPENDENCIES variable without selecting it or depending on it from Config.in. Stop.
To fix this build failure, use util-linux or util-linux-libs depending
on BR2_PACKAGE_UTIL_LINUX_LIBS
Fixes:
- http://autobuild.buildroot.org/results/8bf6360a343edd10c73a756ab86cdba727f9ea43
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
opencv 2.x has seen no release since July 2018 and all buildroot
packages are already compatible with opencv3 so drop it to ease the
addition of opencv4 which is not fully backward compatible with opencv3
as "a lot of C API from OpenCV 1.x has been removed.":
https://opencv.org/opencv-4-0.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The GCC-7.x compiler series was the last to officially support PowerPC
SPE CPUs. Now that GCC-8.x is the default compiler used by Buildroot,
some defconfigs, notably the arcturus_ucp1020_defconfig and
freescale_p1025twr_defconfig ones started to fail building, as they
are PowerPC SPE platforms.
In fact, the GCC-8.x compiler series continues to support PowerPC SPE
CPU cores, but only as an --enable-obsoleted instruction set. This
patch enables the use of GCC-8.x and asserts the required option to
enable the PowerPC SPE instruction set.
This patch passes compilation and run tests with the
arcturus/ppc-ucp1020 board.
This patch should address a noted job failure on GitLab CI
https://gitlab.com/buildroot.org/buildroot/-/jobs/805461732
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/805461732
Signed-off-by: Michael Durrant <mdurrant@ArcturusNetworks.com>
Signed-off-by: Oleksandr G Zhadan <Oleks@ArcturusNetworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Last commit fixed eglfs_kms support for i.MX8 platforms that required to
declare imx-gpu-viv as the gbm provider.
However, this broke the eglfs "fbdev" imx6 support as gbm isn't provided
in this case. So limit the gbm option to imx-gpu-viv when wayland
backend is used only.
Fixes: 82fb51d3b5 ("package/qt5/qt5base: allow to use imx-gpu-viv as GBM
provider")
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump OP-TEE Test package version to OP-TEE release 3.11.0.
Add dependency on BR2_INSTALL_LIBSTDCPP since C++ support is needed
to build some OP-TEE test trusted applications.
Remove local patch files since issues addressed since.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump OP-TEE Client package version to OP-TEE release 3.11.0.
Remove local patch file since issue addressed since.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump OP-TEE OS package version to OP-TEE release 3.11.0.
Remove patches since merged in OP-TEE OS 3.11.0
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As we are about to bump the optee-test package to 3.11.0, which
requires C++ support, let's enable C++ support in the
qemu_arm_vexpress_tz_defconfig, which uses optee-test.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
receive.c in fastd before v21 allows denial of service (assertion
failure) when receiving packets with an invalid type code.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
pax-utils uses asprintf() since version 1.2.4 (commit
9c0ec154d782795daa3b7d2ae273bbda2b36ae83), and recent versions of
gnulib make use of wctomb() in their implementation of asprintf(),
causing a build failure.
While it seems to be an issue in gnulib, let's for now mark pax-utils
as being not available with !wchar toolchains.
Fixes:
http://autobuild.buildroot.org/results/613840edba8ea161bb900f3b56d8d3605961c78f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
wine was bumped to 5.12 in commit
6daf15db41, but a few changes in
optional dependencies were not taken into account:
- A new optional dependency on libusb exists
- The option name to use libv4l has been changed
Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libtac in pam_tacplus through 1.5.1 lacks a check for a failure of
RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a
non-random/predictable session_id.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As it doesn't seem to be needed any longer. Also it was agreed to fix
packages not using pkgconfig properly instead of doing this sed.
Tested on i.MX6 platform with Qt5, no more issues.
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The commit 7e6f4e5 introduces a new bug when building the gst-omx package
for the raspberry.
GST_OMX_VARIANT variable in gst-omx.mk was shadowed to 'generic' after being
set well for raspberry. It results having the gstomx.conf not being installed,
and thus having gst-omx installed but none of its features available.
Signed-off-by: Augustin Thiercelin <augustin.thiercelin@outlook.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The official repo pointed by https://ltrace.org/ hasn't seen any
updates in 5 years, so this commit switches to
https://github.com/dkogan/ltrace from Dima Kogan that includes some
bug fixes, in particular the following commit to avoid a crash:
192e0a6 void struct members are now ignored
The previous ltrace version gave a crash on a ARMv7 device, showing
this error:
"Assertion `field_info->type != ARGTYPE_VOID' failed."
Using this commit ltrace shows a '<void>' return value in such cases,
but at least avoids the crash.
Signed-off-by: Mauro Meneghin <mauro.meneghin@youview.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Julien's e-mail @cotds.org is no longer working:
<juju@cotds.org>: host mail.cotds.org[194.117.244.136] said: 451 4.3.5 Server
configuration problem (in reply to RCPT TO command)
Use his @free.fr e-mail address instead.
Cc: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: adjust email address after Julien's review]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
His/her e-mail address is bouncing:
VMSDVM9.POK.IBM.COM unable to deliver following mail to recipient(s):
<mamatha4@linux.ibm.com>
VMSDVM9.POK.IBM.COM received negative reply:
550 5.1.1 <mamatha4@linux.ibm.com>: Recipient address rejected: User unknown in local recipient table
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add missing space for the cross-compilation.conf.in cpu_family
entry.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Source package of newest release does not contain license file, so
PKG-INFO is used for now. Missing LICENSE file was added to master
branch of xmodem repository ([1]), so hopefully it will replace PKG-INFO
check after new xmodem release.
[1] https://github.com/tehmaze/xmodem/pull/42
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix CVE-2020-14382: A vulnerability was found in upstream release
cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code,
that is effectively invoked on every device/image presenting itself as
LUKS2 container. The bug is in segments validation code in file
'lib/luks2/luks2_json_metadata.c' in function
hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
where the code does not check for possible overflow on memory allocation
used for intervals array (see statement "intervals = malloc(first_backup
* sizeof(*intervals));"). Due to the bug, library can be *tricked* to
expect such allocation was successful but for far less memory then
originally expected. Later it may read data FROM image crafted by an
attacker and actually write such data BEYOND allocated memory.
https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.3/v2.3.4-ReleaseNotes
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
mosquitto nowadays works correctly with libressl, so allow that as the
openssl backend as well.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add optional gst1-rtsp-server dependency as checked for in
gst1-devtools-1.18.0/validate/tools/meson.build.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- remove patches that are already upstrem
- modified and renumbered existing patch
- add CROSS_COMPILE make arg
- update hashfile for new version
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Refresh first patch
- Drop second patch, not needed since
5c725d5050
- Drop BR2_PACKAGE_GEOIP dependency as suricata switched to GeoIP2, see
a291209e47
- jansson is now a mandatory dependency, see
e49c40428e
- rustc is now a mandatory dependency, see
75429bbe3e
EOL date of 4.1 branch is December 31st, 2020.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a follow-up to 4027ba29f4 ("package/nginx: use /run for
PIDFile"), in which we missed that nginx is still built with /var/run
paths.
This commit changes the compile options to use /run instead of
/var/run for pid and lock file to make it consistent.
Further dropping the passing of the pid option in the service file as
this isn't neccessary. Neither debian nor nginx default .service does
it.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
go1.15.3 (released 2020/10/14) includes fixes to cgo, the compiler, runtime, the
go command, and the bytes, plugin, and testing packages.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add missing semicolon for linux kernel verson < 5.6.x compile introduced
by patch 0006-rtw_proc-convert-file_operations-to-proc_ops-for-5.6.patch.
Fixes:
os_dep/linux/rtw_proc.c:195:1: error: expected ‘,’ or ‘;’ before ‘int’
195 | int rtw_drv_proc_init(void)
| ^~~
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
WebKit's JavaScriptCore does not support using JIT nor the LLint
interpreter on ARMv5 and ARMv6, so add those two cases when checking
for target CPUs which need to use the CLoop interpreter.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The ENABLE_C_LOOP option conflicts with ENABLE_SAMPLING_PROFILER, so
the WebKit CMake build system will emit an error when both are enabled
at the same time. To avoid hitting that situation, explicitly disable
ENABLE_SAMPLING_PROFILER as needed.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
WebKit's JavaScriptCore does not support using JIT nor the LLint
interpreter on ARMv5 and ARMv6, so add those two cases when checking
for target CPUs which need to use the CLoop interpreter.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The ENABLE_C_LOOP option conflicts with ENABLE_SAMPLING_PROFILER, so
the WebKit CMake build system will emit an error when both are enabled
at the same time. To avoid hitting that situation, explicitly disable
ENABLE_SAMPLING_PROFILER as needed.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The Docker developers appear to no longer be tagging releases on the
docker/engine repository on GitHub, but are tagging releases on the main
moby/moby repository, which still is the true home of "dockerd."
This commit changes the upstream repo to moby/moby with no changes required.
Signed-off-by: Christian Stewart <christian@paral.in>
v1 -> v2:
- updated hash
- changed upstream to moby/moby
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The hash of the NOTICE file has changed due to the following minor update:
-Exceptions to the Apache 2.0 License:
-=====================================
+(Optional) Exceptions to the Apache 2.0 License:
+================================================
Also update hash file formatting (2 spaces)
See changelog https://github.com/michaelrsweet/mxml/releases/tag/v3.2
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
zlib is required to build s390-tools and cannot be disabled for now
due to libvmdump.
Fixes:
$BUILD_DIR/host/bin/s390x-buildroot-linux-gnu-g++ ... -c vmdump_convert.cpp -o vmdump_convert.o
lkcd_dump.cpp:15:10: fatal error: zlib.h: No such file or directory
15 | #include <zlib.h>
| ^~~~~~~~
compilation terminated.
Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* removed patch 0003 as it is now in upstream
* removed patch 0002 as the logic has been reworked
* adjusted patch 0001 offset
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When we savedefconfig, we remove BR2_DEFCONFIG (f71a621d91, savedefconfig:
Remove BR2_DEFCONFIG from saved defconfig file) and BR2_DL_DIR (36edacce9c,
Makefile: exclude BR2_DL_DIR from savedefconfig), because their meaning
is only valid locally.
However, we were not careful to really match the exact variables, so we
could match arbitrary options.
For example, these config options would all be dropped:
BR2_DEFCONFIG="toto"
BR2_DL_DIR="titi"
BR2_PACKAGE_SABR2_DEFCONFIG="tutu"
BR2_PACKAGE_SABR2_DL_DIR=y
While the first two are indeed the ones we want to drop, the last two
are options (whatever their meaning or how poorly named they are) of the
hypothetical 'sabr2' package, and we want to keep those in a defconfig.
When cleaning the just-saved defconfig, be sure to anchor the patterns to
the beginning of the line.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Sven Oliver Moll <buildroot@svol.li>
Cc: Herve Codina <Herve.CODINA@celad.com>
Acked-by: Herve Codina <Herve.CODINA@celad.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump package to the latest version 1.3.10, and remove the two patches
which are not needed anymore.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
LICENSE diff:
-This software is copyright (c) 2014 by Christopher J. Madsen.
+This software is copyright (c) 2020 by Christopher J. Madsen.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Running "make savedefconfig" with BR2_DL_DIR set also saves that
variable, which is only useful in local context.
Signed-off-by: Sven Oliver Moll <buildroot@svol.li>
[yann.morin.1998@free.fr: wrap line]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since version 2.34 binutils enables debuginfod support by default if the
debuginfod library is found to be available at build time.
On Fedora 32, libdebuginfod may be present on the system, and the
dependency chain of interest is then:
libdebuginfod.so
-> libcurl.so
-> libk5crypto.so
-> libcrypto.so
If the Buildroot configuration ever needs to build host-openssl, which
may happen when building the kernel to sign modules for example, this
leads to an inconsistency between the system-provided libcrypto and
ours, leading to missing symbols:
$ make defconfig
$ make host-binutils
$ ./output/host/bin/i686-buildroot-linux-uclibc-objdump --help
[--snip some help text--]
$ make host-openssl
$ ./output/host/bin/i686-buildroot-linux-uclibc-objdump --help
./output/host/bin/i686-buildroot-linux-uclibc-objdump: symbol lookup
error: /lib64/libk5crypto.so.3: undefined symbol: EVP_KDF_ctrl, version
OPENSSL_1_1_1b
EVP_KDF_ctrl comes from libcrypto:
$ nm -D /usr/lib64/libcrypto.so.1.1 |grep EVP_KDF_ctrl
0000000000176000 T EVP_KDF_ctrl
$ nm -D output/host/lib/libcrypto.so.1.1 |grep EVP_KDF_ctrl
[--empty--]
So, if host-binutils tools, like objdump et al., are called after our
host-openssl is built, then when run, the system-provided libk5crypto.so
is used, but our libcrypto.so is used, because of the RPATH we set on
our host tools.
And boom.
Note that there is also a latent similar issue if we were to build our
host-libcurl too...
Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
[yann.morin.1998@free.fr: rewrite commit log with a bit more info]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
OPENCV3_WARNINGS_ARE_ERRORS option does not exist so rename it to
OPENCV_WARNINGS_ARE_ERRORS (even if it is already disabled by default)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Update first patch to fix build of transmission 3.00 with UTP. Since
upstream commit f27596238d37 (Include stdbool.h unconditionally),
upstream no longer ever defines HAVE_STDBOOL_H, so we always fallback to
manually defining 'bool' which conflicts with the type used elsewhere in
the code.
Drop our workaround, to always include stdbool.h unconditionally.
Fixes:
- http://autobuild.buildroot.org/results/bbfb61cf911fb29dcc02626f6eb47fff9e5e64f5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- expand commit log
- drop commented-out code
- restore CR-LF line endings in replacement code, as used by upstream
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit b6b5981f70 (package/mksh: update to R59b) forgot to update the
hash of mksh.1 which is used as the license file. Although the manpage
has changed to accomodate changes in mksh, the licensing blurb has not
changed.
Fixes:
- http://autobuild.buildroot.org/results/1291917e4b17e087455a6698c4b82e4ff783600d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- expand commit log to state the license has not changed
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Don't build shared library with BR2_SHARED_LIBS=OFF to avoid the
following build failure:
[100%] Linking CXX shared library libpistache.so
make[3]: Leaving directory `/home/buildroot/autobuild/run/instance-1/output-1/build/pistache-f2f5a50fbfb5b8ef6cf1d3d2a9d442a8270e375d'
[100%] Built target pistache_static
/home/buildroot/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-musl/8.3.0/../../../../x86_64-buildroot-linux-musl/bin/ld: /home/buildroot/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-musl/8.3.0/crtbeginT.o: relocation R_X86_64_32 against hidden symbol `__TMC_END__' can not be used when making a shared object
Fixes:
- http://autobuild.buildroot.org/results/6cc/6cc76b3e76defa9b8154568a6ebcd6bf4cadd334/build-end.log
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: update upstream status now they merged it]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
snmpd loudly complains every 3 seconds about a failure reading
/proc/net/if_inet6 if the system does not have IPv6 support:
Jan 1 00:00:12 buildroot daemon.err snmpd[92]: ipaddress_linux: could not open /proc/net/if_inet6: No such file or directory
Jan 1 00:00:15 buildroot daemon.err snmpd[92]: ipaddress_linux: could not open /proc/net/if_inet6: No such file or directory
Jan 1 00:00:18 buildroot daemon.err snmpd[92]: ipaddress_linux: could not open /proc/net/if_inet6: No such file or directory
Jan 1 00:00:21 buildroot daemon.err snmpd[92]: ipaddress_linux: could not open /proc/net/if_inet6: No such file or directory
Add an upstream patch to only print this warning once, rather than on every
poll iteration.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The brcmfmac drivers now load settings files for BCM434xx devices and
fail if they're missing on the Raspberry Pi:
brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43455-sdio.raspberrypi,3-model-b-plus.txt failed with error -2
This commit copies the missing settings files over to the firmware
directory with the other files.
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The python-argon2-cffi package can be used with the system libargon2,
we should use that instead of the embedded version.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Extract from bug report:
"Code line 120 to line 128 is to check whether the patch containing
"rename from" and "rename to". But it directly use grep to find,
ignoring the patch may be a tar file or else. It can only work on patch
of textfile form."
Fixes:
- https://bugs.buildroot.org/show_bug.cgi?id=11931
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Version 2.5.0 enables the new libmpdec++ library by default:
http://www.bytereef.org/mpdecimal/changelog.html#version-2-5-0
Adapt the existing patch, to allow static build of this C++ library.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- meld the C++-enabling and the static-patch commits into one
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
There are two groups of chipsets in the BCM4366 family requiring two
different firmware files. Each is quite big (over 1 MiB) so use
separated options for them.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: split to a separate condition]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This will fix the following build failure with
gstreamer1-editing-services which optionally depends on gst1-devtools
since commit 08a213c1a5:
Run-time dependency gst-validate-1.0 found: NO (tried pkgconfig and cmake)
Looking for a fallback subproject for the dependency gst-validate-1.0
../output-1/build/gstreamer1-editing-services-1.18.0/meson.build:101:0: ERROR: Subproject directory not found and gst-devtools.wrap file not found
Fixes:
- http://autobuild.buildroot.org/results/e9d96a63861737d82734559db5e5ffbf5996ffde
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 391c448acb (package/kernel-module-imx-gpu-viv: bear the kernel
options munging) improperly named the macro, including a superfluous
'MODULE' in the middle of the macro name, which meant it was totally
unused.
Fix that.
Reported-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Refresh second patch
- Drop third patch (already in version)
- An external mbedtls can be used since version 1.12.0 and
5be7fc9c90
so use it with an upstream patch and drop
MONGREL2_POST_CONFIGURE_HOOKS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
ipcalc is an ancient and venerable tool for manipulating IP addresses,
networks, & interfaces from shell scripts. There is a subtool in busybox,
but it does not support everything the upstream tool [1] supports.
[1] https://gitlab.com/ipcalc/ipcalc
Signed-off-by: Derrick Lyndon Pallas <derrick@meter.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- change home page url to https
- convert to meson build
- drop all libav extra options as the internal libav is
gone since commit [1]
- meson options: add doc=disabled
[1] ca478e7546
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- change home page url to https
- change download url to https
- download source renamed from gstreamer-editing-services to
gst-editing-services
- convert to meson build
- use BR2_PACKAGE_GST1_DEVTOOLS/gst1-devtools instead of legacy
BR2_PACKAGE_GST1_VALIDATE/gst1-validate
- drop examples support
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As resizing the rootfs partition using a partition manager can result
in a non booting image due to the firmware's location, removal of the
size limit for the rootfs allows better match size-wise.
Signed-off-by: Dagg Stompler <daggs@gmx.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop all patches (not needed anymore)
- Update help message of Config.in: kismet does not support only WiFi
but also Bluetooth, SDR ...
- Remove ncurses dependency
- libnl is now optional
- Drop --with-netlink-version (not available anymore)
- Add protobuf, protobuf-c, sqlite and zlib mandatory dependencies
- kismet_client and kismet_drone have been dropped since version 2019-04-R1
- Select libmicrohttpd for kismet_server
- Add optional libusb and lm-sensors dependencies
- Use --{enable,disable}-{libcap,pcre} options
- Use the new LICENSE file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix CVE-2020-26159: In Oniguruma 6.9.5_rev1, an attacker able to supply
a regular expression for compilation may be able to overflow a buffer by
one byte in concat_opt_exact_str in src/regcomp.c.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Use official tarball instead of github helper
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
U-Boot 2020.10 no longer provides boot command in default environment for
Udoo Quad/Dual board. Boot script needs to be added to the image. In order
to keep using common infrastructure for freescale boards, move boot files
to root filesystem and add boot script there. Also switch Udoo Neo board
to common freescale infrastructure to simplify maintenance.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
After BSP update Udoo Quad/Dual board once again hangs on boot. On a
new kernel disabling CONFIG_USB option is not enough to work around
the troublesome usb host on Udoo Quad/Dual board. So in order to be
future-proof it makes sense to disable usbh1 block in device tree
rather than fine-tune kernel configuration after BSP updates.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump ATF, U-Boot and kernel to the NXP BSP 5.4.24_2.1.0 versions.
On 5.4.24_2.1.0 the revC board is supported by default.
In case an older revB board is used, then the following step in U-Boot is
needed:
=> setenv fdt_file imx8mm-evk-revb.dtb
=> saveenv
=> reset
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When using the imx8 NXP kernel, it is preferred to use the imx_v8_defconfig
instead of the generic arm64 defconfig, as the NXP defconfig selects more
imx8 specific drivers.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- 0001-Temporary-fix-for-build-without-C.patch, AC_PROG_CXX line
number changed.
- Makefile-fuzz-generated.am now in size zero.
- json-c, libcurl: new (FAPI) dependencies since tpm2-tss version 2.4.0
Signed-off-by: Yair Ben-Avraham <yairba@protonmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use a fixed kernel version to have a reproducible and tested
configuration.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The 2020.08-1 release of Bootlin toolchains has brought support for 3
additional architecture variants, so let's support them.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bootlin toolchains in version 2020.08-1 have just been released, so
let's update the toolchain-external-bootlin package to those new
toolchains.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When building iputils for powerpc with BR2_PIC_PIE enabled, the
arping/rdisc/tftpd binaries will segfault at runtime. This can be
traced back to a few bugs in patchelf corrupting the ELFs when
resizing the RPATH to replace "$ORIGIN/" with "/usr/sbin".
This patch pulls in upstream fixes to prevent the binaries from being
needlessly inflated, prevent the startPage from always being adjusted,
fix a few minor bugs, and fix incorrect endianness handling.
Signed-off-by: Conrad Ratschan <conrad.ratschan@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
[yann.morin.1998@free.fr:
- move before skeletons
- select the custom 'mine' skeleton, not the sysv one
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Some externals may wish to provide custom init systems for tightly
integrated boot. This has been supported through the BR2_INIT_NONE,
however a downside to the BR2_INIT_NONE is it forces the custom init
system to use either skeleton-custom and roll a custom skeleton for
each target, or skeleton-init-none which isn't a complete skeleton.
Allowing br2-external to define custom BR2_INIT_* means they can now
safely 'select' the BR2_PACKAGE_SKELETON_INIT_*, and re-use any of the
skeletons in Buildroot, or one from a br2-external tree.
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In preparation for supporting br2-external inits, move the 'select' for
the BR2_PACKAGE_SKELETON_INIT_* to their respective init systems. This
will allow a br2-external init to 'select' which skeleton it needs as a
default skeleton.
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
[yann.morin.1998@free.fr:
- add comment to init choice, to remind why selecting skeletons is OK
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
[yann.morin.1998@free.fr:
- alphabetical order (skeleton before toolchain)
- leave the list of choices 'open'
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Today, the BR2_ROOTFS_SKELETON_CUSTOM is the only way to build a custom
skeleton. But it's limiting as users must provide a pre-built skeleton
for each target. Supporting a br2-external package allows users to build
up a skeleton and customize it with their own KConfig options.
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Some packages have their own waf copy, but not located at the
top-level directory. In order to support those packages, we allow
packages to override the default <pkg>_WAF location.
Signed-off-by: David GOUARIN <dgouarin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The -Dremote=true flag enables three tools: systemd-journal-gatewayd,
systemd-journal-remote and systemd-journal-upload.
It is not possible with simple means to install them seperately. So use
the systemd-journal-remote option to enable or disable them all together.
Drop systemd-journal-gatewayd option and add it to legacy.
Fixes: #12301
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
systemds libqrencode support is independent from journal-gatewayd. In
v247 it will additionally be used in homectl for recovery key
generation.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is compatible with release-monitoring.org, so it allows easier
tracking of update status.
There appears to be no easy way to use anything other than tag/commit
for _VERSION with the git download method. git.ti.com offers snapshot
download over https, so use use that instead. As added bonus, the https
download method is more firewall friendly.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This version adds wrappers for getgroups and statx, the latter is used
by coreutils 8.32.
Removed patches that are now in upstream.
Added a patch to fix failure when installing.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit changes the stm32mp1 configurations to use the TF-A ->
U-Boot boot flow (called "trusted boot flow" by ST) instead of the
U-Boot SPL -> U-Boot boot flow. ST recommands this trusted boot, and
it's also the only one that allows to use the STM32 Cube Programmer
for reflashing devices.
As part of this, the genimage configuration file is now generated, as
it contains some file names that depend on the platform. Removing
partition-type from genimage.cfg is mandatory, since it would cause a
hybrid MBR partition table to be created, which itself would prevent
ATF from finding the ssbl parition.
Signed-off-by: Shlomi Vaknin <shlomi.39sd@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add `.stm32` binary format that U-Boot generates for the trusted
configuration of STM32MP platforms.
Signed-off-by: Shlomi Vaknin <shlomi.39sd@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop patch (already in version)
- libbsd is an optional dependency since version 1.21b and
0380a4309f
- libconfig is optional since version 1.21c and
2c93a015ea
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Starting with linux kernel v5.9 all required configuration options are
available in the default config.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update the chromebook elm configuration to use v5.9 instead of an
intermediate release candidate.
At the latter stages of the v5.9 release, a patch was added which
broke the Chromebook Elm HDMI. Therefore add a revert patch to get rid
of this problem. The fix (and the revert) are already on the mailing
list (https://lkml.org/lkml/2020/10/10/32) and should become available
with v5.10
Signed-off-by: Bilal Wasim <bilal.wasim@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop patch that is not upstreamable and replace it by using
--{dis,en}able-threads option
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch bumps apparmor and libapparmor to version 3.0.0
Of all our patches, one was already a backport, one is no longer
applicable (file largely rewritten), and the four others have been
applied upstream now.
The hash for the tarball is available on the homepage, so use that
as a reference.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
- expand commit log to explain why we drop all the patches
- add a reference for the hash for the source tarball
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This reverts commit 6afc5eb696. This should
not have been applied yet, but got pushed by accident.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
sentry-sdk has a set of optional "integrations", some of which use asyncio.
pycompile unfortunately errors out on these files when running under Python
2.x:
../scripts/pycompile.py ..
error: File "/usr/lib/python2.7/site-packages/sentry_sdk/integrations/sanic.py", line 64
async def sentry_handle_request(self, request, *args, **kwargs):
^
SyntaxError: invalid syntax
As a workaround, simply drop the unusable files from TARGET_DIR if building
for python 2.x.
Fixes:
http://autobuild.buildroot.net/results/9e4/9e47ee2a56153379e4e7bc839be5972a2302ba9f/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a regression introduced in patch level 16.
Rename the 2 uClibc patches so the upstream patch numbering matches ours.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Pymodbus has optional support for asyncio. Pycompile unfortunately errors
out on these files when running under Python 2.x:
../scripts/pycompile.py ..
error: File "/usr/lib/python2.7/site-packages/pymodbus/client/asynchronous/asyncio/__init__.py", line 257
yield from self._connect()
^
SyntaxError: invalid syntax
As a workaround, simply drop the unusable files from TARGET_DIR if building
for python 2.x.
Fixes:
http://autobuild.buildroot.net/results/cc4/cc48927cbe9ae6c2d8b12d65467ec40df82febf6/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also dropping upstream patch.
With this release quazip drops the qmake build in favour of cmake.
It still ships the pkgconfig .pc file, so it's possible to link to
it by using CMake's find_package() or with pkgconfig.
Signed-off-by: Zoltan Gyarmati <zgyarmati@zgyarmati.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop unneeded CC variable which is not recognized by cmake:
CMake Warning:
Manually-specified variables were not used by the project:
BUILD_DOC
BUILD_DOCS
BUILD_EXAMPLE
BUILD_EXAMPLES
BUILD_TEST
BUILD_TESTING
BUILD_TESTS
CC
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fix CVE-2020-25862: In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and
2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in
epan/dissectors/packet-tcp.c by changing the handling of the invalid
0xFFFF checksum.
- Fix CVE-2020-25863: In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and
2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was
addressed in epan/dissectors/packet-multipart.c by correcting the
deallocation of invalid MIME parts.
- Fix CVE-2020-25866: In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13,
the BLIP protocol dissector has a NULL pointer dereference because a
buffer was sized for compressed (not uncompressed) messages. This was
addressed in epan/dissectors/packet-blip.c by allowing reasonable
compression ratios and rejecting ZIP bombs.
https://www.wireshark.org/docs/relnotes/wireshark-3.2.7.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
TimescaleDB is an open-source database designed to make SQL scalable
for time-series data. It is engineered up from PostgreSQL and
packaged as a PostgreSQL extension, providing automatic partitioning
across time and space (partitioning key), as well as full SQL support.
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some external packages call pg_config to determine the installed
PostgreSQL server includedir and configure options. Add this output to
Buildroots own pg_config, so these packages correctly compile.
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes (reproducible):
http://autobuild.buildroot.net/results/50f/50f199bfe06d054cc6770760e73ac0de594a0670/diffoscope-results.txt
Fail2ban installs the fail2ban-python symlink pointing to the host python
intepreter used to run setup.py, which is naturally not valid at runtime and
breaks the reproducible tests as shown in the diffoscope results:
│ -lrwxrwxrwx 0 0 0 0 2020-10-04 10:50:38.000000 ./usr/bin/fail2ban-python -> /home/naourr/work/instance-0/output-1/host/bin/python
│ +lrwxrwxrwx 0 0 0 0 2020-10-04 10:50:38.000000 ./usr/bin/fail2ban-python -> /home/naourr/work/instance-0/output-2/host/bin/python
As a workaround, update the symlink after installation to point to the
correct target python.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
engineio has conditional logic to load asyncio files when running under
Python 3.x:
if sys.version_info >= (3, 5): # pragma: no cover
from .asyncio_server import AsyncServer
from .asyncio_client import AsyncClient
from .async_drivers.asgi import ASGIApp
try:
from .async_drivers.tornado import get_tornado_handler
except ImportError:
get_tornado_handler = None
else: # pragma: no cover
AsyncServer = None
AsyncClient = None
get_tornado_handler = None
ASGIApp = None
pycompile unfortunately errors out on these files when running under Python
2.x:
../scripts/pycompile.py ..
error: File "/usr/lib/python2.7/site-packages/engineio/asyncio_socket.py", line 13
async def poll(self):
^
SyntaxError: invalid syntax
As a workaround, simply drop the unusable file from TARGET_DIR if building
for python 2.x.
Fixes:
http://autobuild.buildroot.net/results/72c/72cfdffeb4d0fb7c3032b52f0a26a4758eea6762/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
socketio has conditional logic to load asgi/asyncio files when running under
Python 3.x:
if sys.version_info >= (3, 5): # pragma: no cover
from .asyncio_client import AsyncClient
from .asyncio_server import AsyncServer
from .asyncio_manager import AsyncManager
from .asyncio_namespace import AsyncNamespace, AsyncClientNamespace
from .asyncio_redis_manager import AsyncRedisManager
from .asyncio_aiopika_manager import AsyncAioPikaManager
from .asgi import ASGIApp
else: # pragma: no cover
AsyncClient = None
AsyncServer = None
AsyncManager = None
AsyncNamespace = None
AsyncRedisManager = None
AsyncAioPikaManager = None
pycompile unfortunately errors out on these files when running under Python
2.x:
../scripts/pycompile.py ..
error: File "/usr/lib/python2.7/site-packages/socketio/asyncio_server.py", line 84
async def emit(self, event, data=None, to=None, room=None, skip_sid=None,
^
SyntaxError: invalid syntax
As a workaround, simply drop the unusable file from TARGET_DIR if building
for python 2.x.
Fixes:
http://autobuild.buildroot.net/results/455f3e09a590f7a6724ab8cd1b86bdf2bba8071a/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that binutils 2.35.1 has been released, it is time to move to
binutils 2.34 as the default binutils version, instead of 2.33.1.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch sets the --with-xattr option when generating an image with
mkfs.jffs2, so that SELinux security contexts and other extended
attributes will be kept and available in jffs2 images.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When compiling the host version of mtd, --with-jffs and --with-ubifs are
always set, meaning --with-xattr is set by default. The xattr support
only work if 'sys/acl.h' is available, otherwise the feature is silently
dropped (a warning is shown during the configuration step).
This patch adds a dependency on host-acl for host-mtd, so that the xattr
feature is correctly supported. Logic to have xattr support is already
there and working for the non-host flavour.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop gdlib-config and use pkg-config to find gd because gdlib-config
has been dropped from version 2.3.0
gdlib.pc is available since version 2.1.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
gawk can't be selected when busybox is not available as gawk needs
wchar:
WARNING: unmet direct dependencies detected for BR2_PACKAGE_GAWK
Depends on [n]: BR2_USE_WCHAR [=n] && BR2_USE_MMU [=y] && BR2_PACKAGE_BUSYBOX_SHOW_OTHERS [=y]
Selected by [y]:
- BR2_PACKAGE_CUKINIA [=y] && !BR2_PACKAGE_BUSYBOX [=n]
So replace this "select" by a "depends on", as already done by
BR2_PACKAGE_APPARMOR_UTILS_EXTRA
Fixes:
- http://autobuild.buildroot.org/results/66dacfe7b0783c7df29052fff20f3e79ecbcf054
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There is a typo between 'N' (for Firstname Lastname <email>) & 'F'
(for file pattern or directory)
$: ./utils/get-developers outgoing/*
WARNING: 'Sven Fischer <sven@leiderfischer.de>' doesn't match any file
Fixes: e7ebc7cd09 ("package/qt5/qt5remoteobjects: new package")
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
For defconfigs that create a boot envimage, add the host package
uboot-tools and update the script variable names.
Add BR2_PACKAGE_HOST_UBOOT_TOOLS=y just before the existing
BR2_TARGET_UBOOT_ENVIMAGE option. Note that for the defconfigs that are
not manually formatted (i.e. just the result of 'make savedefconfig'),
this puts them in the wrong place. However, it's easier this way, and
it's more consistent in general to have the definition of the envimage
close to BR2_TARGET_UBOOT itself.
Related to 78559d699a
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
For defconfigs that create a boot script, add the host package
uboot-tools and update the script variable names.
Add BR2_PACKAGE_HOST_UBOOT_TOOLS=y just before the existing
BR2_TARGET_UBOOT_BOOT_SCRIPT option. Note that for the defconfigs that
are not manually formatted (i.e. just the result of 'make
savedefconfig'), this puts them in the wrong place. However, it's easier
this way, and it's more consistent in general to have the definition of
the script close to BR2_TARGET_UBOOT itself.
Special cases:
- nanopi_* had the definition of the _SCRIPT variable in a weird place.
These are moved to close to BR2_TARGET_UBOOT.
- Same for orangepi_plus.
- orangpi_pc_* already had BR2_PACKAGE_HOST_UBOOT_TOOLS=y so it's not
added there.
Related to db2b684126
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
apply-patches currently blindly removes *.orig / .*.orig files as GNU patch
by default writes these as backup files when patches only apply with fuzz.
This is unfortunate as package sources may contain files ending in .orig as
well, breaking the build. Luckily GNU patch can be told to not write these
backup files using the --no-backup-if-mismatch option, so used that instead
of the .orig removal step.
--no-backup-if-mismatch is supported since GNU patch 2.3.8 (1997-06-17) and
busybox patch if built with CONFIG_DESKTOP, but E.G. isn't supported by the
BSD patch, so add logic to dependencies.sh to error out if patch doesn't
support the flag.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Normally the kconfig stings would end up empty and cause a build
error. This patch provides test files to allow testing the creation
of uboot environment and script bin files from user provided txt files.
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
For consistancy and dependencies between uboot and uboot-tools,
this patch migrates the script creation over in a similar way as
the env image creation.
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Migrating the support for this feature to uboot-tools to gain the
ability to build env files when BR2_TARGET_UBOOT isn't selected.
When _ENVIMAGE_SOURCE is not set, we generate a default environment.
However, this default depends on the U-Boot configuration. Therefore,
this can only be done if uboot itself is built as well, and
host-uboot-tools needs to depend on uboot.
For the same reason, the commands for creating the environment have to
be adapted a little. Take this occasion to drastically simplify them.
Note: This patch creates a circular dependency with uboot until the
similar migration patch is merged for uboot scripts
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
uclibc-ng supports the RISC-V architecture since version 1.0.31, so
let's allow selecting this C library when RISC-V is used.
There was a previous attempt in commit
bd9810e176, which was reverted in
e7d631c0df, due to uClibc-ng not
implementing the __riscv_flush_icache() which is needed by
gcc. However this function has been implemented in upstream uClibc-ng
as of 1.0.35, so we can now safely re-enable uClibc-ng on RISC-V.
Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
For 9 years the recommended mount point for selinuxfs has been
/sys/fs/selinux, as stated in Linux kernel commit 7a627e3b9a2b:
"""
For selinuxfs, this mount point should be in /sys/fs/selinux/
"""
As other projects follow this convention, not doing so result in
potential issues. One of them is the refpolicy not correctly labelling
and supporting the mount point.
Fix this by using /sys/fs/selinux as of now in Buildroot.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Qt 5.12 added a library for IPC, so let's have a package for it. The
dependency on qtdeclarative is optional.
Signed-off-by: Sven Fischer <sven@leiderfischer.de>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This partially reverts commit a3aac6d847,
just dropping the atomic dependency.
That dependency would introduce a "recursive dependency" chain in
Kconfig.
However, r100 is only available on i386 and x86-64, and they both have
sync4, which means libdrm's HAS_ATOMICS is always 'y' when r100 is
available.
So, like we did in 00c1a8c34f (package/mesa3d: propagate missing
libdrm-freedreno deps), we just add a fat comment that explains why the
dependency is not propagated.
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: James Hilliard <james.hilliard1@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
To allow easier installation of ebtables-legacy-save from the config
menu, select BR2_PACKAGE_BASH. All dependencies of bash are met
already by ebtables depending on BR2_USE_MMU.
Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
Tested-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With the version bump to 2.0.11, ebtables switch to autotools build
system. In addition, ebtables-{restore/save} moved to being installed
as ebtables-legacy-{restore/save}.
Changes to support this version bump include:
* Remove dependency on !BR2_STATIC_LIBS for ebtables-restore as the
switch to autotools supports compiling with static libraries.
* Update ebtables-save script patch to use /usr/sbin/ebtables-legacy
* Remove 0001-*-ethernetdb*.patch as it was merged with commit:
http://git.netfilter.org/ebtables/commit/?id=f8079671326e9fd079391d24911a9a8a77f1d6fd
* Remove 0002-*-musl-*.patch as support was added with commit:
http://git.netfilter.org/ebtables/commit/?id=9fff3d5f9da00255463d28b38d688c25025b7fb1
Tested with test-pkg with BR2_PACKAGE_EBTABLES=y:
br-arm-full [1/6]: OK
br-arm-cortex-a9-glibc [2/6]: OK
br-arm-cortex-m4-full [3/6]: SKIPPED
br-x86-64-musl [4/6]: OK
br-arm-full-static [5/6]: OK
sourcery-arm [6/6]: OK
Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
Tested-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Curently, host-kmod has no option to enable it, because only
the kernel depends on it, and this is unconditional (because
we can't know if modules will be enabled in the kernel config).
But we're soon to add options to enable various features of
kmod, so we'll need a place where to show those features.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Cc: Lucian Buga <lucianbuga@gmail.com>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cukinia is a test framework designed to help Linux-based embedded
systems developers run simple system-level validation tests on their
firmware.
It is designed to integrate well with embedded Linux systems
generation tools, and can be run manually (providing a quick
colourized summary to eye-catch regressions), or any of continuous
available integration framework, by generating Junit-XML or CSV test
reports.
Signed-off-by: Jérôme Oufella <jerome.oufella@savoirfairelinux.com>
Signed-off-by: Shyam Saini <shyam.saini@savoirfairelinux.com>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, we handle three kinds of tests: basic, defconfig, and
runtime, and we treat them totally independently ones from the others.
Except for the basic tests that are ignored when defconfig or runtime
tests are explicitly requested.
The basic tests are also run systematically on all our reference
branches: master, next (when it exists), and the maintenance branches:
YYYY.MM.x.
Furthermore, we can see that the conditions to run each set of tests
are very similar, with only the explicit queries differing by name.
Rework the script so that the conditions are expressed only once, and
each set of tests is decided for each condition. This makes it easier
to decide what tests should run under what conditions.
Using GitLab-CI's schedules, with a variable expressing the actual test
to run, would seem the obvious choice to trigger the pipelines. However,
a schedule is configured for a specific branch, which means we would
need one schedule per branch we want to build per test cases we want to
run, *and* that we update those schedules when we add/remove branches
(e.g. when we open/close 'next', or a maintenance branch). This is not
very nice, as it requires some manual tweaking and twiddling on the web
UI.
Instead, we resort to using triggers, that will be triggered from a
cronjob on some server. Using a cronjiob allows us to more easily manage
the branches we want to test and test cases we want to run, to more
easily spread the load over the week, etc...
Note: triggering a pipeline can be done with a simple curl invocation:
$ curl -X POST \
-F "token=${YOUR_TOKEN}" \
-F "ref=${BRANCH_TO_TEST}" \
-F "variables[BR_SCHEDULE_JOBS]=${TEST_TO_RUN}" \
"https://gitlab.com/api/v4/projects/${YOUR_PROJECT_ID}/trigger/pipeline"
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add tests to ensure the packages SELinux functionalities (being able to
select an extra SELinux module in the refpolicy, and being able to
provide a custom SELinux module) are working as expected.
We use a BR2_EXTERNAL folder, provided in the tests, to use a custom
SELinux enabled package.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a test for BR2_PACKAGE_REFPOLICY_CUSTOM_GIT (which allows to select
a custom location for the SELinux refpolicy). The test uses the official
refpolicy as a test (we only want to test the functionality is working,
not that another refpolicy is correctly building; that is an user
problematic).
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a test for the BR2_REFPOLICY_EXTRA_MODULES_DIRS functionality (which
allows to provide custom SELinux modules).
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch adds a test for the BR2_REFPOLICY_EXTRA_MODULES
functionality (which allows to select extra modules within the SELinux
refpolicy using Kconfig).
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a test called 'SELinuxSystemdSquashfs' which will perform the same
tests as the Ext4 version, but using a Squashfs filesystem. Thanks to
this, we'll have a test on a real only filesystem.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This adds a test called 'SELinuxSystemdExt4'. This test will build an
SELinux enabled image with systemd, boot it, and perform a few runtime
tests to check SELinux related capabilities.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
REFPOLICY_EXTRA_MODULES_DIRS contains
$(PACKAGES_SELINUX_EXTRA_MODULES_DIRS) which is filled in by
package/pkg-generic.mk with the list of packages that have a selinux/
sub-directory. Due to how variable expansion works, if there is an
ifeq/ifneq test of REFPOLICY_EXTRA_MODULES_DIRS, it will only see the
value of REFPOLICY_EXTRA_MODULES_DIRS with the list of packages
*before* refpolicy in alphabetic ordering. This means that packages
after refpolicy in alphabetic ordering would not be taken into
account.
To fix this, we switch to an $(if ...) test, which allows the variable
to really be evaluated during the refpolicy build. This makes sures
the expansion is correct.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The buildroot custom bareboxenv compile command misses the additional
include path 'scripts/include' to gain access to the local copy of the
kernel header files (which leads to compile error when using an older
toolchain).
This could be fixed by enhancing the custom bareboxenv compile command
(see [1]) or by using the barebox build system by simply enabling the
CONFIG_BAREBOXENV_TARGET option (available since April 2012, see [2])
instead (as suggested by Yann E. MORIN).
Fixes (with BR2_TARGET_BAREBOX_BAREBOXENV enabled):
build/barebox-2019.12.0/scripts/bareboxenv.c💯10: fatal error: linux/list.h: No such file or directory
[1] http://lists.busybox.net/pipermail/buildroot/2020-January/270942.html
[2] https://git.pengutronix.de/cgit/barebox/commit/?id=afb03d7a554a2911a3742e316f011319fcb416f1
Note: a user who would previously provide a barebox config file which
had CONFIG_BAREBOXENV_TARGET=y, but a Buildroot config file which did
not have BR2_TARGET_BAREBOX_BAREBOXENV=y, would have bareboxenv-target
built, but it would not be installed in the target. Now, and unset
BR2_TARGET_BAREBOX_BAREBOXENV will not even build it, but his is not a
regression: it was anyway previously not installed.
Reported-by: Frederick Gotham <cauldwell.thomas@gmail.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
- also explicitly disable it when not selected
- rewrap commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Default value of MinTLSversion set to 1.2.
- mbed TLS updated to 2.23.0.
- Small bugfixes.
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop patches (already in version) and so autoreconf
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2020-7069: In PHP versions 7.2.x below 7.2.34, 7.3.x below
7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with
openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the
IV is actually used. This can lead to both decreased security and
incorrect encryption data.
- Fix CVE-2020-7070: In PHP versions 7.2.x below 7.2.34, 7.3.x below
7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP
cookie values, the cookie names are url-decoded. This may lead to
cookies with prefixes like __Host confused with cookies that decode to
such prefix, thus leading to an attacker being able to forge cookie
which is supposed to be secure. See also CVE-2020-8184 for more
information.
https://www.php.net/ChangeLog-7.php#7.4.11
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
All the python packages are inside a
if BR2_PACKAGE_PYTHON || BR2_PACKAGE_PYTHON3
conditional, so no need to repeat it in the Config.in.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 9e4ffdc8cf modified the output of
'setlocalversion' so that the Buildroot version tag is included in the
output, the version part was added in Makefile.
Due to differences in behavior of the used git and Mercurial commands, this
caused different output for the Mercurial case, in BR2_VERSION_FULL and thus
/etc/os-release and 'make print-version'. Assuming the official Buildroot
releases are tagged and no project-specific tags are present, the output
after commit 9e4ffdc8cf is:
-hg<commit>
whereas it is expected to be something like:
2020.02.6-hg<commit>
Change the Mercurial case in setlocalversion to behave similar to git,
looking up the latest tag if the current revision is not itself tagged.
The number of commits after the latest tag is not added, unlike in git, as
this value is not commonly present in Mercurial output, and its added value
can be disputed in this context. Even one commit could bring a huge change
to the sources, so in order to interpret the number one has to look at the
repository anyhow, in which case the commit ID can just be used.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The content of the license file (doc/readme.html) differs between lua 5.3
and 5.4, so we cannot use a shared .hash file for all versions.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Peter: extend commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since Qemu 5.1, this defconfig doesn't boot due to the to small SD card image size (60MB).
qemu-system-arm: sd_init failed: Invalid SD card size: 60 MiB
SD card size has to be a power of 2, e.g. 64 MiB.
You can resize disk images with 'qemu-img resize <imagefile> <new-size>'
(note that this will lose data if you make the image smaller than it currently is).
qemu-system-arm: sd_init failed
From [1]:
"While the possibility to use small SD card images has been seen as
a feature, it became a bug with CVE-2020-13253, where the guest is
able to do OOB read/write accesses past the image size end."
Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/766482935
[1] https://git.qemu.org/?p=qemu.git;a=commitdiff;h=a9bcedd15a5834ca9ae6c3a97933e85ac7edbd36
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/72e0cc78194a1b93bf26a50742e59a1e93bde1d1/
fire has conditional logic to load test_components_py3.py when running under
Python 3.x:
if six.PY3:
from fire import test_components_py3 as py3
pycompile unfortunately errors out on it:
../scripts/pycompile.py ..
error: File "/usr/lib/python2.7/site-packages/fire/test_components_py3.py", line 18
def identity(arg1, arg2: int, arg3=10, arg4: int = 20, *arg5,
^
SyntaxError: invalid syntax
As a workaround, simply drop the unusable _py3 file from TARGET_DIR if
building for python 2.x.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/4ca459d54545c0e20b0f0cdc63bd81844ecd7f36/
aenum has conditional logic to load python 3.x code located in test_v3.py:
if pyver >= 3.0:
from aenum.test_v3 import TestEnumV3, TestOrderV3, TestNamedTupleV3
And contains logic in setup.py to drop that file during setup.py install if
building for python 2.x:
py3_only = ('aenum/test_v3.py', )
..
if __name__ == '__main__':
if 'install' in sys.argv:
import os, sys
..
if sys.version_info[0] != 3:
for file in py3_only:
try:
os.unlink(file)
But this doesn't work in Buildroot as pkg-python.dk first does setup.py
build (which copies test_v3.py to the build directory) before setup.py
install, so test_v3.py gets installed, leading to errors from pycompile:
error: File "/usr/lib/python2.7/site-packages/aenum/test_v3.py", line 12
class MagicAutoNumberEnum(Enum, settings=AutoNumber):
^
SyntaxError: invalid syntax
As a workaround, add a hook to drop it from the target directory when
building for python 2.x.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion
Affected Node.js versions converted carriage returns in HTTP request
headers to a hyphen before parsing. This can lead to HTTP Request
Smuggling as it is a non-standard interpretation of the header.
Impacts:
All versions of the 14.x and 12.x releases line
- CVE-2020-8252: fs.realpath.native may cause buffer overflow
libuv's realpath implementation incorrectly determined the buffer size
which can result in a buffer overflow if the resolved path is longer than
256 bytes.
Impacts:
All versions of the 10.x release line
All versions of the 12.x release line
For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/
Adjust license hash for the addition of the BSD-3c licensed highlight.js:
6f8b7a85d2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We used to have a conditional patch applied on PowerPC soft-float, but
this logic was dropped in commit
0c82f3f635 ("package/gcc: remove powerpc
conditional patching logic"). However, we still have some related
leftovers in the calculation of the hashes for ccache, which can now
be dropped.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Acked-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The logic in libbacktrace/configure.ac to detect if __sync builtins
are available assumes they are as soon as target_subdir is not
empty, i.e when cross-compiling. However, some platforms do not have
__sync builtins, so help the configure script a bit.
"libbacktrace_cv_sys_sync=no" is lost when it is added to
HOST_GCC_COMMON_CONF_ENV because the environment is not exported
when executing the libbacktrace configure script.
Use target_configargs to force "libbacktrace_cv_sys_sync=no" when
executiong the libbacktrace configure script.
Fixes:
https://gitlab.com/bootlin/toolchains-builder/-/jobs/729359681
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Romain: use target_configargs="libbacktrace_cv_sys_sync=no"]
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We dropped the CodeBench 2012.09 toolchain for SuperH a long time,
and with recent toolchains, Ruby at -Os builds perfectly fine, so
there's no reason to keep this work-around.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: slight rewording in the commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit f89ca996b6 enabled linux-pam on
musl however rlogind fails to build on musl because it uses logwtmp:
/home/giuliobenetti/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-musl/8.3.0/../../../../x86_64-buildroot-linux-musl/bin/ld: rlogind.c:(.text.startup+0x9ec): undefined reference to `logwtmp'
As this package is unmaintained, just disable back rlogind on musl
Fixes:
- http://autobuild.buildroot.org/results/f2eb1c0bab7c6c32d6c561da0f85a530bd419206
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
DEPS_DIR is a new CLI option introduced by the version 3.4.0,
which avoids the use of `external_deps_dirs` in the config files.
now, the host config doesn't need to be altered.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When gdb is built from sources fetched from Git, it contains both the
gdb and the binutils code base. In order to really build only gdb, we
disable a number of binutils components in the
GDB_DISABLE_BINUTILS_CONF_OPTS variable: --disable-binutils,
--disable-ld, --disable-gas, etc. However, gprof was still being
built, so disable it as well.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The GDB version used on ARC is based on a recent gdb code base, post
gdb 9.2. This recent gdb code base, which pre-figures what will be in
gdb 10, has a significant change: gdbserver is not longer in
gdb/gdbserver, but at the top-level, and the mechanism to build
gdbserver only has changed. Due to this change, a build of ARC GDB for
gdbserver only fails with:
/bin/bash: line 0: cd: /opt/output/build/gdb-arc-2020.03-release-gdb/gdb/gdbserver: No such file or directory
This commit adjusts gdb.mk to support four cases:
- "old" gdb, gdbserver only
- "old" gdb, with the gdb debugger (and optionally gdbserver as well)
- "new" gdb, gdbserver only
- "new" gdb, with the gdb debugger (and optionally gdbserver as well)
A boolean GDB_GDBSERVER_TOPLEVEL is introduced to differentiate
between the old and new gdb, it is set to "y" for gdb versions that
have the gdbserver code at the top-level. For now, only the ARC
version sets it, but in the future, upstream gdb version 10 will also
have to set it.
Here is the behavior, for each case:
(1) "old" gdb, gdbserver only
We set GDB_SUBDIR to gdb/gdbserver, so only the configure script
in this folder gets called.
--enable-gdbserver --disable-gdb are passed in CONF_OPTS.
(2) "old" gdb, with the gdb debugger (and optionally gdbserver as well)
We set GDB_SUBDIR to build/, an empty directory which allows to
do an out of tree build, which is mandatory for a full gdb build
since gdb 9.x.
--enable-gdb is passed in CONF_OPTS as well as --enable-gdbserver
or --disable-gdbserver depending on whether gdbserver is enabled
as well.
(3) "new" gdb, gdbserver only
We set GDB_SUBDIR to build/, an empty directory which allows to
do an out of tree build, which is mandatory for a full gdb build
since gdb 9.x.
--enable-gdbserver --disable-gdb are passed in CONF_OPTS.
(4) "new" gdb, with the gdb debugger (and optionally gdbserver as well)
We set GDB_SUBDIR to build/, an empty directory which allows to
do an out of tree build, which is mandatory for a full gdb build
since gdb 9.x.
--enable-gdb is passed in CONF_OPTS as well as --enable-gdbserver
or --disable-gdbserver depending on whether gdbserver is enabled
as well.
In addition to these changes, some related changes are done as well:
- We re-enable building both gdb and gdbserver on ARC, as it works
again.
- We only pass --with-curses when curses is really provided, i.e when
the full debugger is being built.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
From release note:
Version 3.1 - September 2020
This release offers substantial new functionality. Users are encouraged
to upgrade. The most notable changes are as follows.
* Fixes non-functional NMEA mode of the ts2phc program (since 3.0)
* Improves system time synchronization via the PTP_SYS_OFFSET_PRECISE
and PTP_SYS_OFFSET_EXTENDED ioctls.
* Supports implementing a PTP GM clock by using a GPS radio or other
PPS time source.
* Provides per-port statistics via the management interface.
* Implements IEEE 1588 v2.1 slave event monitoring.
* Adds Automotive Profile support.y
utils/test-pkg -p linuxptp
br-arm-full [1/6]: OK
br-arm-cortex-a9-glibc [2/6]: OK
br-arm-cortex-m4-full [3/6]: OK
br-x86-64-musl [4/6]: OK
br-arm-full-static [5/6]: OK
sourcery-arm [6/6]: OK
6 builds, 0 skipped, 0 build failed, 0 legal-info failed
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Upstream repository has been dead for quite a while now, and in fact
we are using s.b.o as the "official" location now.
There however exists a Github repository, which is still alive. That
repository has not been touched in a looooong while, but it's still
up, and there is a revision which actually gives the exact same
content (although the hash changes, because the directory name has
changed, from open2300-12/ to open2300-f2198.../).
Also fix spaces in hash file.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The whole arch/Config.in.s390x file is only included by arch/Config.in
if BR2_s390x=y, so having "depends on" conditions on each options of
the choice doesn't make much sense.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: drop first, empty line]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Refreshed patch #1 and disable debuginfod.
The debuginfod tools needs to hook into serverinfrastructure,
this currently only exists for Fedora.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
http://autobuild.buildroot.net/results/76b580000e6311e88584874f942517badd6fadf6/
python-txtorcon DOES support python 2.x, but it contains some optional
python 3 / async code in controller_py3.py which is conditionally used from
controller.py:
try:
from .controller_py3 import _AsyncOnionAuthContext
HAVE_ASYNC = True
except Exception:
HAVE_ASYNC = False
pycompile unfortunately errors out on the async code:
../scripts/pycompile.py ..
error: File "/usr/lib/python2.7/site-packages/txtorcon/controller_py3.py", line 13
async def __aenter__(self):
^
SyntaxError: invalid syntax
As a workaround, simply drop the unusable _py3 file from TARGET_DIR if
building for python 2.x.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The host-zstd-build step was not actually compiling the library:
make[1]: Entering directory '/buildroot/output/build/host-zstd-1.4.5/lib'
make[1]: Nothing to be done for 'default'.
make[1]: Leaving directory '/buildroot/output/build/host-zstd-1.4.5/lib'
and the actual compilation was part of the install step.
This is not how other Buildroot packages work.
Make sure to specify which library targets we want instead. The total amount
of compiled files does not change with this patch.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit a2830f0dad (support/gnuconfig: bump version) carried
spurious, uncommited local changes to config.sub, that were not
part of upstream commit d7a4dee7cc25e332b990d0a6d9f0ddd42cb33cf5.
Fix that by actually using the code as it is upstream.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- squash the revert and the new bump into this commit
- ammend commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
fixes following in the generated cross-complation.conf file:
pkg_config_static = '$(if $(BR2_STATIC_LIBS),true,false)'
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The fakeroot script does not appear to be used in any of the checked
in defconfig targets, but it seems that most often the post
fakeroot script should be done after all the packages rules have
been applied instead of before.
Given that a change in systemd moved the SYSTEMD_PRESET_ALL hook to
a ROOTFS_PRE_CMD_HOOKS, there was no way to use a FAKEROOT script
to disable a service or fixup a systemd configuration. The systemd
move makes sense, and this just tries to preserve the same ability
to fixup a rootfs after all the cmd hooks are processed.
Refer to commit 65b63785a6 for
the change that instigated this reordering.
Signed-off-by: Charles Hardin <ckhardin@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When one GPL-licensed plugin was enabled, the license of
gst1-plugins-ugly would be "LGPL-2.1+ GPL-2.0", but licenses should be
comma separated, not space separated. So let's fix that to get the
expected value of "LGPL-2.1+, GPL-2.0".
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
[yann.morin.1998@free.fr:
- don't force network range
- don't forward TCP port
- drop post-build script to add tty1
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
[yann.morin.1998@free.fr: drop supperfluous depends on s390x in choice]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit adds supports for building buildroot kernel + rootfs
for MT8173 Elm board, also known as Chromebook Elm
(https://www.acer.com/ac/en/US/content/series/acerchromebookr13).
Though Chrome-OS is officially supproted on this board, the
mainline kernel works as well (benchmarks + conformance), and so
the 5.9 kernel is used. As the 5.9 kernel isn't yet released, we
use the 5.9-rc5 for now, which will be up-revd to 5.9 once its
released.
Using the mainline kernel means that we have to apply certain patches
to get the HDMI screen working. These patches are lying in the
"drm-misc-next" list and will make it to the kernel after 5.9. At that
time, we will remove the patches and point Buildroot to use the latest
kernel (hopefully, 5.10).
This commit also adds an ITS file (for creating FIT images), an ARGS
file (for providing kernel args) and a "sign.sh" script to generate
signed kernel images. Though the "sign.sh" is very similar to the
coresponding file under board/chromebook/snow, it cannot be shared
between both boards, as the script requires access to the board
specific its / args file.
Additionally a readme & defconfig is added to help the user get started.
Signed-off-by: Bilal Wasim <bilalwasim676@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The same script is going to be used by the Chromebook Elm to generate
a bootable SD / USB image. Therefore, move the script out of the snow
folder to one level above (board/chromebook/snow -> board/chromebook).
Update the chromebook_snow_defconfig to reflect the new location of
the script.
Signed-off-by: Bilal Wasim <bilalwasim676@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
PowerPC has two PLT models: BSS-PLT and Secure-PLT. BSS-PLT uses
runtime code generation to generate the PLT stubs. Secure-PLT was
introduced with GCC 4.1 and Binutils 2.17 (base has GCC 4.2.1 and
Binutils 2.17), and is a more secure PLT format, using a read-only
linkage table, with the dynamic linker populating a non-executable
index table.
References to other distro/BSD transitions:
https://patchwork.openembedded.org/patch/106621/https://reviews.freebsd.org/D20598
Fixes a bug observed when creating SELinux policy where all apps
require execmem because the heap requires execute before this change.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
While the imagemagick C++ support requires wchar, it is not the case
for the graphicsmagick C++ support, so we can drop the BR2_USE_WCHAR
condition when deciding whether or not GraphicsMagick++-config should
be tweaked.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
qprint is a small utility that handles encoding and decoding arbitrary
binary data in the Quoted-Printable format, which was introduced along
MIME.
As stated in the package description, although MUAs nowadays usually
take care of doing this encoding themselves, there are some use cases
where doing it manually is needed, and providing a command-line program
to do it is amenable to shell scripts.
Signed-off-by: Alejandro González <alejandro.gonzalez.correo@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The CMake based build system will be eventually removed by upstream
so it seems like a good idea to switch over to Meson already before
that happens.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When multiple conditions match simultaneously, even though that should
not happen in practice, we want the more "important" one to win over
the less "important" ones. For example, a tag is more important than a
branch name or a trigger.
Currently, the latest condition to match takes precendence over any
previous one, while we want the exact opposite.
Fix that with proper fallbacks in else-blocks.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
According to the original patch message:
Some Broadcom set-top-box boards have PCI busses, but the GPU is
still probed through DT. We would dereference a null busid here
in that case.
Fixes a segfault on at least the RPi 4 w/ xserver 1.20.9, probably
others as well.
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Current version does not run on imx6 and fails like this:
Error: eglCreateWindowSurface failed with error: 0x3009
Error: eglCreateWindowSurface failed with error: 0x3009
Error: CanvasGeneric: Invalid EGL state
Error: main: Could not initialize canvas
Bumping to the latest version fixes this problem.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
RFC3442 specifies a DHCP extension to provide the client with a list of
static routes to use. This is already handled by udhcpc and exposed as the
"staticroutes" environment variable, but currently not handled by the action
script.
Extend the script to do so. The RFC specifies that if this option is
provided by the server then the normal "routes" (3) option should be
ignored, so ensure that is done.
As we may now have more than just a default route on the interface, extend
the route cleanup logic to handle all routes for the interface (except for
the implied local 0.0.0.0 one).
Notice that this option is only sent by servers if explicitly requested by
the client, E.G. using the -O staticroutes option to udhcpc.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add support for imx8mqevk_defconfig that allows booting a mainline
kernel.
This defconfig still relies on NXP ATF and U-Boot, but in the long term
the plan is to switch to mainline ATF and U-Boot as well.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
http://autobuild.buildroot.net/results/d2d/d2d73f3c7075ca6e9782b9bb591dae40ab56b6a2/
ffmpeg configure prints: "ERROR: fontconfig not found using pkg-config"
Please note that the ffmpeg build error was reproducible but with a
different error message in ffbuild/config.log:
sysroot/usr/lib/libfontconfig.a(fccache.o): in function `lock_cache':
fccache.c:(.text+0xcd8): undefined reference to `pthread_mutex_init'
arm-buildroot-linux-gnueabi/bin/ld: fccache.c:(.text+0xcf8):
undefined reference to `pthread_mutex_destroy'
arm-buildroot-linux-gnueabi/bin/ld: fccache.c:(.text+0xd00):
undefined reference to `pthread_mutex_lock'
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Use github helper
- Drop first patch (not needed since version 0.30.0 and
9fd90c549c)
- vapoursynth-lazy has been dropped since version 0.30.0 and
fb8d240c4d
- mali-fbdev has been dropped since version 0.30.0 and
83d7123dc3
- libdvread has been dropped since version 0.30.0 and
6229404985
- libv4l2 has been dropped since version 0.30. and
b30e85508a
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
http_upstream and stream_upstream random modules are available since
version 1.15.1 and
0c4ccbea23
and are enabled by default, add two options to be able to disable them
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix CVE-2020-14342: It was found that cifs-utils' mount.cifs was
invoking a shell when requesting the Samba password, which could be used
to inject arbitrary commands. An attacker able to invoke mount.cifs with
special permission, such as via sudo rules, could use this flaw to
escalate their privileges.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The ARC glibc port was merged upstream in 2.32, so use that instead of
the one available from Synosys's Github.
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflow
vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- change download url to https (as redirected by the original http url)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 82442b54b6 removed
0001-no-wchar.patch but without importing an upstream patch that
"should" have been equivalent to our patch but resulted in a build
failure on toolchains with wchar but without mbsrtowcs
So add a bunch of upstream patches and a new patch to fix this build
failure
While at it, also put back 0003-glob-detection.patch which, again, has
been upstreamed but is not in version 1.18 ...
Fixes:
- http://autobuild.buildroot.org/results/27f184af35468941173628e5e847a284c0b80d73
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- updated hashes
- explicitly advise to update hash in python-protobuf
- changed link in python-protobuf to point to the protobuf site
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
patch release with two bugfixes
- fixes the list of dependencies of absl::Cord in the CMake build
- bug fix for absl::Status::ErasePayload
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Disable static building of external/squirrel to fix the following build
failure with RELRO:
/home/peko/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-musl/8.3.0/../../../../x86_64-buildroot-linux-musl/bin/ld: CMakeFiles/sq_static.dir/sq.c.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be used when making a PIE object; recompile with -fPIC
/home/peko/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-musl/8.3.0/../../../../x86_64-buildroot-linux-musl/bin/ld: final link failed: nonrepresentable section on output
collect2: error: ld returned 1 exit status
Fixes:
- http://autobuild.buildroot.org/results/46e8f5e622ce450a89bc6d70f4bfd38182557901
- http://autobuild.buildroot.org/results/a43720492d817e4555d728546da9114e3ccba952
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use dhcpdump target to avoid building dhcpdump.8 as it will raise the
following build failure if pod2man is not available:
pod2man --section 8 \
--date "23 June 2008" \
--name "DHCPDUMP" \
--center "User Contributed Software" \
dhcpdump.pod dhcpdump.8
/bin/sh: pod2man: command not found
make[1]: *** [Makefile:11: dhcpdump.8] Error 127
Fixes:
- http://autobuild.buildroot.org/results/db3be149ec71de8376f685a6a9f027191d9bccc9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This release adds support for ambient capabilities and V3 filesystem
capabilities.
A bug in the python bindings was also fixed which prevented use of
capng_updatev.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Do not build examples to avoid a build failure on rtop example which
depends on ncurses and has been added in version 4.11.0 with
7d1ec562dd
/tmp/instance-0/output-1/host/bin/arm-linux-gcc -I. -I/tmp/instance-0/output-1/build/libpfm4-4.11.0/perf_examples/../include -DCONFIG_PFMLIB_DEBUG -DCONFIG_PFMLIB_OS_LINUX -I. -D_GNU_SOURCE -pthread -o rtop rtop.o perf_util.o /tmp/instance-0/output-1/build/libpfm4-4.11.0/perf_examples/../lib/libpfm.a -lpthread -lncurses -ltinfo -lm
/tmp/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-gnueabihf/9.2.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: cannot find -ltinfo
Fixes:
- http://autobuild.buildroot.org/results/8ad23a82bcf32cd22256f9984a8f4cfa45951eee
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- rename pidfile from htpdate to htpdate.pid
Fixes:
PIDFile= references a path below legacy directory /var/run/, updating
/var/run/htpdate.pid → /run/htpdate.pid; please update the unit file
accordingly.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add gentoo patch to fix bison-3.7.1 related compile failure and
an additional one doing a similare change for another bison call
in Source/WebCore/DerivedSources.pri.
Fixes:
generated/XPathGrammar.tab.c:124:10: fatal error: XPathGrammar.tab.h: No such file or directory
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
netcalc is a slimmed down clone of sipcalc, using the popular output
format of ipcalc (perl). It is written in C and only depends on a
POSIX compliant C library. Both IPv4 and IPv6 are supported.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Reviewed-by: Michael Nosthoff <buildroot@heine.tech>
Tested-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following check-package warning:
package/makedumpfile/makedumpfile.mk:24: consecutive empty lines
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
MAKEDUMP_MAKE_OPTS contains an important option to enable LZO support,
but it was not passed at build time.
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- update home page URL
- change download to new location
- remove old patches (first release since 2010)
- autoreconf now useless
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
micropython uses -Wfloat-conversion since version 1.13 and
30840ebc99
This will result in the following build failure with gcc 4.8:
arm-none-linux-gnueabi-gcc: error: unrecognized command line option '-Wfloat-conversion'
To avoid this build failure, set CWARN to an empty value moreover, while
at it, move some duplicated variables under MICROPYTHON_MAKE_OPTS
Fixes:
- http://autobuild.buildroot.org/results/6fe5a5ab91a5d235147e74461bb165ec2cfdc967
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The CMake based build system will be eventually removed by upstream
so it seems like a good idea to switch over to Meson already before
that happens.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changes:
* Coding style has been unified
* SCRAM-SHA-256 and SCRAM-SHA-512 support
* c-ares support
* LibreSSL support
* Introduced global timed handlers that fire periodically regardless
of connections status, such a handler can be used to implement
deferred re-connection
* examples/register implements XEP-0077
* Fixed issue with IPv6 on Windows (#153)
* Improved portability across systems such as Haiku, Windows
* New API:
- xmpp_stanza_get_child_by_name_and_ns()
- xmpp_conn_is_connecting()
- xmpp_conn_is_connected()
- xmpp_conn_is_disconnected()
- xmpp_stanza_new_from_string()
- xmpp_stanza_add_child_ex()
- xmpp_stanza_get_context()
- xmpp_stanza_reply_error()
- xmpp_global_timed_handler_add()
- xmpp_global_timed_handler_delete()
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
CMake offers the BUILD_SHARED_LIBS flag as a default parameter
and most packages honor them.
Similar to pkg-autotools.mk build host packages always with
BUILD_SHARED_LIBS=ON.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is similar to the llvm package which also disables shared libs
for the host variant.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
doxygen fails to build with BUILD_SHARED_LIBS=ON as it only
for some targets honors this flag and links the rest static.
So enforce BUILD_SHARED_LIBS=OFF for this package.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Analog audio is enabled by default in sunxi_defconfig since commit 5d2408c6
(ARM: configs: sunxi: Add sun8i analog codec), so drop from fragment.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The previous commit to this package
(37c5e903a7) introduced a bunch of patches
to fix a CVE. Unfortunatly only applying of the patches was tested but
not building the package.
This commit replaces a define that was introduced in a previous patch
upstream and caused the build failure.
Tested:
br-arm-full [1/6]: OK
br-arm-cortex-a9-glibc [2/6]: OK
br-arm-cortex-m4-full [3/6]: SKIPPED
br-x86-64-musl [4/6]: OK
br-arm-full-static [5/6]: OK
sourcery-arm [6/6]: OK
Fixes:
- http://autobuild.buildroot.net/results/3f7fe8ad181318153c459ba5e1afbbc8b49d541c/
- and more
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
wlconf is build and installed as a host utility to be able to tweak
the wl18xx firmware configuration at build time.
Signed-off-by: Miken Valabdas <mvalabdas@distech-controls.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Brings a number of fixes and audio support. The aarch64 defconfig has
grown, so bump the ext4 size to make it fit.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add patch from upstream that fixes build with Bison 3.7.
There are no autobuilder failures for this issue, but the following
defconfig:
BR2_arm=y
BR2_cortex_a8=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_INIT_NONE=y
BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV=y
BR2_SYSTEM_BIN_SH_NONE=y
BR2_PACKAGE_QT5=y
BR2_PACKAGE_QT5WEBENGINE=y
BR2_PACKAGE_RPI_USERLAND=y
Failed with:
/home/thomas/buildroot/buildroot/output/build/qt5webengine-5.15.0/src/core/release/gen/third_party/blink/renderer/core/xpath_grammar.cc:124:10: fatal error: xpath_grammar.hh: No such file or directory
124 | #include "xpath_grammar.hh"
| ^~~~~~~~~~~~~~~~~~
compilation terminated.
With this patch applied, it builds fine.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: add url to upstream commit, provided by Peter]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
>From the release notes
See: https://github.com/redis/redis/blob/6.0.8/00-RELEASENOTES
================================================================================
Redis 6.0.7 Released Fri Aug 28 11:05:09 IDT 2020
================================================================================
Upgrade urgency MODERATE: several bugs with moderate impact are fixed,
Specifically the first two listed below which cause protocol errors for clients.
================================================================================
Redis 6.0.8 Released Wed Sep 09 23:34:17 IDT 2020
================================================================================
Upgrade urgency HIGH: Anyone who's using Redis 6.0.7 with Sentinel or
CONFIG REWRITE command is affected and should upgrade ASAP, see #7760.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Alteras Jam STAPL Bytecode Player with 64-bit support.
This is a user-space port of the altera-stapl driver from the linux kernel.
The source released by Altera wasn't 64-bit compatible.
Additionally, the linux version is much cleaner and old cruft was removed.
Signed-off-by: Jochen Baltes <jochen.baltes@gmail.com>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
[yann.morin.1998@free.fr: use the latest HEAD of the repository]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Currently, the cross-compilation.conf installed in
$(HOST_DIR)/etc/meson/cross-compilation.conf for use by the SDK is
generated in a post-install-staging hook of the toolchain package.
With per-package directory support enabled, this means that the
generated cross-compilation.conf contains references to the
per-package directory of the toolchain/ package, which is not want we
want:
[binaries]
c = '/home/thomas/projets/buildroot/output/per-package/toolchain/host/bin/arm-linux-gcc'
cpp = '/home/thomas/projets/buildroot/output/per-package/toolchain/host/bin/arm-linux-g++'
ar = '/home/thomas/projets/buildroot/output/per-package/toolchain/host/bin/arm-linux-ar'
strip = '/home/thomas/projets/buildroot/output/per-package/toolchain/host/bin/arm-linux-strip'
pkgconfig = '/home/thomas/projets/buildroot/output/per-package/toolchain/host/usr/bin/pkg-config'
So instead, we generate this file in TOOLCHAIN_TARGET_FINALIZE_HOOKS,
so that the global paths are used:
[binaries]
c = '/home/thomas/projets/buildroot/output/host/bin/arm-linux-gcc'
cpp = '/home/thomas/projets/buildroot/output/host/bin/arm-linux-g++'
ar = '/home/thomas/projets/buildroot/output/host/bin/arm-linux-ar'
strip = '/home/thomas/projets/buildroot/output/host/bin/arm-linux-strip'
pkgconfig = '/home/thomas/projets/buildroot/output/host/usr/bin/pkg-config'
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add several upstream patches that are made to fix this CVE. Since there
is still no dated plan to release a new version add this bunch of
patches.
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Just like glibc, host-localedef needs python3 on the host to
build... since host-localedef is basically using the sources of glibc.
Fixes:
checking if /build/build/per-package/host-localedef/host/bin/ccache
/usr/bin/gcc is sufficient to build libc... yes
checking for x86_64-pc-linux-gnu-nm... /usr/bin/nm
checking for python3... no
checking for python... python
checking version of python... 2.7.18, bad
configure: error:
*** These critical programs are missing or too old: python
*** Check the INSTALL file for required versions.
As reported at:
http://lists.busybox.net/pipermail/buildroot/2020-September/291929.html
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Major updates:
- AMD Zen1 core PMU updates
- AMD Zen2 core PMU support
- Intel Icelake core PMU support
- support to report if events are speculative
- support for Extended PEBS events on Icelake
- Intel Tremont core PMU support
- ARM Neoverse N1 core PMU support
- s390 event table updates
- Marvell TX2 core and uncore updates
- Intel CascadeLakeX uncore PMU support
- Various other event table updates and bug fixes
http://perfmon2.sourceforge.net/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use --with-openssl=pkg-config otherwise sofia-sip will fail to retrieve
openssl dependencies resulting in the following build failure:
/srv/storage/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: ../libsofia-sip-ua/.libs/libsofia-sip-ua.a(tport_type_ws.o): in function `tport_ws_deinit_primary':
tport_type_ws.c:(.text+0x2c): undefined reference to `SSL_CTX_free'
/srv/storage/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: ../libsofia-sip-ua/.libs/libsofia-sip-ua.a(tport_type_ws.o): in function `tport_ws_init_primary_secure':
pkg-config option has been added to freeswitch sofia-sip since 2007 and
044ac9d8fa
Fixes:
- http://autobuild.buildroot.org/results/8a0c9dbad74a3b358f90c7a3b56b638c4bdb8045
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Use tar.gz as SHA512SUMS does not contain the hash for tar.xz
- Fix CVE-2020-15900: A memory corruption issue was found in Artifex
Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator
can allow overriding of file access controls. The 'rsearch'
calculation for the 'post' size resulted in a size that was too large,
and could underflow to max uint32_t.
https://www.ghostscript.com/doc/9.53.0/News.htm
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
re2 unconditionally uses -pthread and add it to re2.pc
Moreover, it fails to buid without threads on:
In file included from /home/peko/autobuild/instance-0/output-1/per-package/re2/host/opt/ext-toolchain/arm-buildroot-linux-uclibcgnueabihf/include/c++/8.3.0/arm-buildroot-linux-uclibcgnueabihf/bits/os_defines.h:39,
from /home/peko/autobuild/instance-0/output-1/per-package/re2/host/opt/ext-toolchain/arm-buildroot-linux-uclibcgnueabihf/include/c++/8.3.0/arm-buildroot-linux-uclibcgnueabihf/bits/c++config.h:508,
from /home/peko/autobuild/instance-0/output-1/per-package/re2/host/opt/ext-toolchain/arm-buildroot-linux-uclibcgnueabihf/include/c++/8.3.0/bits/stl_algobase.h:59,
from /home/peko/autobuild/instance-0/output-1/per-package/re2/host/opt/ext-toolchain/arm-buildroot-linux-uclibcgnueabihf/include/c++/8.3.0/memory:62,
from /home/peko/autobuild/instance-0/output-1/build/re2-2020-08-01/re2/filtered_re2.h:24,
from /home/peko/autobuild/instance-0/output-1/build/re2-2020-08-01/re2/filtered_re2.cc:5:
/home/peko/autobuild/instance-0/output-1/per-package/re2/host/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/features.h:218:5: warning: #warning requested reentrant code, but thread support was disabled [-Wcpp]
# warning requested reentrant code, but thread support was disabled
^~~~~~~
In file included from /home/peko/autobuild/instance-0/output-1/build/re2-2020-08-01/re2/prog.h:22,
from /home/peko/autobuild/instance-0/output-1/build/re2-2020-08-01/re2/bitstate.cc:28:
/home/peko/autobuild/instance-0/output-1/build/re2-2020-08-01/re2/re2.h:768:16: error: 'once_flag' in namespace 'std' does not name a type
mutable std::once_flag rprog_once_;
^~~~~~~~~
/home/peko/autobuild/instance-0/output-1/build/re2-2020-08-01/re2/re2.h:768:11: note: 'std::once_flag' is defined in header '<mutex>'; did you forget to '#include <mutex>'?
/home/peko/autobuild/instance-0/output-1/build/re2-2020-08-01/re2/re2.h:218:1:
+#include <mutex>
Fixes:
- http://autobuild.buildroot.org/results/7d7c6dcac3cb8ea6deb753178e85eb1c5c74c8e3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Drop patches (already in version)
- Fix CVE-2020-16135: libssh 0.9.4 has a NULL pointer dereference in
tftpserver.c if ssh_buffer_new returns NULL.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Buildroot generates Linux systems, so there is no need to have
MS Windows executables in there.
This reduces the target filesystem size by about 600kB:
$ du -hcs usr/lib/python2.7/distutils/command/wininst-*.exe
60K usr/lib/python2.7/distutils/command/wininst-6.0.exe
64K usr/lib/python2.7/distutils/command/wininst-7.1.exe
60K usr/lib/python2.7/distutils/command/wininst-8.0.exe
192K usr/lib/python2.7/distutils/command/wininst-9.0.exe
220K usr/lib/python2.7/distutils/command/wininst-9.0-amd64.exe
596K total
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Buildroot generates Linux systems, so there is no need to have
MS Windows executables in there.
This reduces the target filesystem size by about 2MB:
$ du -hcs usr/lib/python3.8/distutils/command/wininst-*.exe
60K usr/lib/python3.8/distutils/command/wininst-6.0.exe
64K usr/lib/python3.8/distutils/command/wininst-7.1.exe
60K usr/lib/python3.8/distutils/command/wininst-8.0.exe
192K usr/lib/python3.8/distutils/command/wininst-9.0.exe
220K usr/lib/python3.8/distutils/command/wininst-9.0-amd64.exe
188K usr/lib/python3.8/distutils/command/wininst-10.0.exe
220K usr/lib/python3.8/distutils/command/wininst-10.0-amd64.exe
448K usr/lib/python3.8/distutils/command/wininst-14.0.exe
576K usr/lib/python3.8/distutils/command/wininst-14.0-amd64.exe
2,0M total
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add an upstream patch that disable -Werror to avoid the following build
failure:
lttng-live.c: In function 'lttng_live_msg_iter_next':
lttng-live.c:1226:15: error: 'stream_iter' may be used uninitialized in this function [-Werror=maybe-uninitialized]
int ret = common_muxing_compare_messages(
^
lttng-live.c:1198:38: note: 'stream_iter' was declared here
struct lttng_live_stream_iterator *stream_iter;
^
lttng-live.c: At top level:
cc1: error: unrecognized command line option '-Wno-cast-function-type' [-Werror]
cc1: all warnings being treated as errors
Fixes:
- http://autobuild.buildroot.org/results/ff41326f913e71f982b3d5cbaf054f8be47913aa
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 4e60247be6 ("package/xerces: fix
coding style in Config.in") introduced a silly typo in the xerces
package depends on... which effectively made it impossible to enable
this package as the "USE_WCHAR" option does not exist.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop default dependencies, haveged needs nothing but local sockets and
/dev/random.
The service file now mostly matches the upstream Fedora file, except a
lot of isolation options have been dropped. The benefit for a
completely controlled system is small, and those option would pull in
dependencies, delaying entropy being filled up.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes issues with the triple on IBM s390x and Z machines.
Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
[yann.morin.1998@free.fr: update both, using the update script]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add a new option that prints the (runtime) path of compiled .py files
when VERBOSE=1 is set.
Signed-off-by: Robin Jarry <robin.jarry@6wind.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When generating a .pyc file, the original .py source file path is
encoded in it. It is used for various purposes: traceback generation,
.pyc file comparison with its .py source, and code inspection.
By default, the source path used when invoking compileall is encoded in
the .pyc file. Since we use paths relative to TARGET_DIR, we end up with
paths that are only valid when relative to '/' encoded in the installed
.pyc files on the target.
This breaks code inspection at runtime since the original source path
will be invalid unless the code is executed from '/'.
Unfortunately, compileall cannot be forced to use the proper path. It
was not written with cross-compilation usage in mind.
Rework the script to call py_compile.compile() directly with pertinent
options:
- The script now has a new --strip-root argument. This argument is
optional but will always be specified when compiling py files in
buildroot.
- All other (non-optional) arguments are folders in which all
"importable" .py files will be compiled to .pyc.
- Using --strip-root=$(TARGET_DIR), the future runtime path of each .py
file is computed and encoded into the compiled .pyc.
No need to change directory before running the script anymore.
The trickery used to handle error reporting was only applicable with
compileall. Since we implement our own "compileall", error reporting
becomes trivial.
Previously, we had a --force option to tell compileall.compiledir() to
forcibly recompile files if they had changed. Now, we would have to
handle it ourselves. It turns out to not be easy and would need us to
delve into the format of bytecompiled files to extract metadata and
compare it with the expected values, that being even dependent on the
python version being used (fortunately, only two for us: python 2.7 and
the latext 3.x).
Still, this is deemed too complex, and byte-compiling is pretty fast, so
much so that it should be eclipsed by the build duration anyway.
So we just drop support for --force, and instead we always byte-compile.
Signed-off-by: Julien Floret <julien.floret@6wind.com>
Signed-off-by: Robin Jarry <robin.jarry@6wind.com>
[yann.morin.1998@free.fr:
- always byte-compile
- drop --force
- expand commit log to state so and explain why
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Now that upstream supports this board add buildroot support for it,
too.
This supports:
- latest upstream linux kernel. Since the support for this board and
its SoC is still in active development, we want to follow the
upstream kernel releases for now.
- building an image which can be installed to eMMC, SD card or USB
thumb drive.
- upstream u-boot patches are pending, therefore no support for
building a bootloader for now.
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Heiko Thiery <heiko.thiery@gmail.com>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Babeltrace 2 is a trace manipulation toolkit.
The Babeltrace 2 project offers a library with a C API, Python 3
bindings, and a command-line tool which makes it very easy for mere
mortals to view, convert, transform, and analyze traces.
See <https://babeltrace.org/> for more details.
Babeltrace 2 is a major update of Babeltrace 1 (Buildroot package
`lttng-babeltrace`). Both projects are coinstallable. Except for the
command-line tool (named `babeltrace2`), the Babeltrace 2 project is not
backward compatible with Babeltrace 1.
I'm naming this package `babeltrace2` instead of `lttng-babeltrace2`
because, although it can read LTTng traces, the two projects are
independent. All major distributions use `babeltrace2` as the
Babeltrace 2 package's name.
I'm keeping the `lttng-babeltrace` package because, as of this date, we
still add bug and security fixes from time to time, therefore the
project is not in EOL stage. Some external, custom packages could still
depend on the Babeltrace 1 library, for example.
As with `lttng-babeltrace`, you can build and install the host version
of Babeltrace 2 for the workflow where you trace the target, download
the resulting trace (or receive it during the tracing process), and then
read and analyze it with Babeltrace 2.
If you enable the `elfutils` package (`BR2_PACKAGE_ELFUTILS`), then
support for Babeltrace 2's debugging information filter component
class is enabled.
Tested with glibc, uClibc-ng, and musl.
Signed-off-by: Philippe Proulx <eeppeliteloop@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- the package couldn't be selected with vivante backend anyway since
the split
- the package couldn't be updated to newer versions as it would imply
forking libdrm and wayland-protocols for it to build
- drawback of not using NXP weston is the lack of G2D support, let's
have it as a known issue for Buildroot but use standard weston
package
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- add defaults for all meson options (and order according to
meson_options.txt file)
- drop pthread linking flags previously needed for the test
programs (maybe not needed by meson, tests disabled by option)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update nginx-upload to a newer Git commit which adds upload support over
HTTP2 as well as other fixes.
Remove a patch which is no longer required in the current version.
Signed-off-by: Robert Hancock <hancock@sedsystems.ca>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
First patch is not needed since version 1.8.0 and
f071ec0c26
Indeed, as spotted by upstream when sending them this patch, the
original expressions will not mangle '-mfloat-gprs=double' because the
patterns contain a trailing space.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit adds a patch that passes -fno-builtin to fix the build
with gcc 10. The patch has been submitted upstream.
There are no autobuilder failures, since it's a bootloader package,
and therefore not tested by the autobuilders. However, a build failure
was detected when building toolchains and a minimal ARMv7-M system at
https://gitlab.com/bootlin/toolchains-builder/-/jobs/729359529.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since the bump of libcap to 2.42, host-libcap unconditionally tries to
build a shared library, which fails on build machines where the static
version of the C library is not available.
This issue was reported upstream, who fixed it by two different
commits, which are backported as patches 0001 and 0002. They require
passing a DYNAMIC= value, which should be "yes" to enable dynamic
linking, or empty when not using dynamic linking.
However, other upstream changes broke our logic to support static-only
linking for the target. So we introduce a 0003 patch which extends how
the DYNAMIC flag is used to disable the build of the shared library in
the libcap/ folder. This allows to greatly simplify libcap.mk.
Note that the refactoring is mixed with the fix: the two are hardly
splitable. We need to be able to pass the same options at all steps, and
especially the staging step, otherwise some code gets compiled with the
host compiler, installed in staging, and thus fails the architecture
check later on.
Fixes:
host-libcap build failure on system without a static libc
http://autobuild.buildroot.net/results/4b14458014e420ffe088f118e7d0261e67f2d551/
libcap build failure on static only systems
http://autobuild.buildroot.net/results/8961759067c4639ae697b6ee5db606f098b7c7e8/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr:
- also pass DYNAMIC=yes at host-install step
- extend commit log to explain why we refactor and fix together
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Stop trying to enable the xcb-errors Meson option and always disable it:
there is no xcb-util-errors package in Buildroot. The build recipe was
wrongly assuming that the XCB errors library would be installed as part
of the xcb-util package, which is not the case.
Fixes the following autobuilder failure:
http://autobuild.buildroot.net/results/1891aa624b29e4bbcbbe6bc752a1cc90c316024e/
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since commit efa95b19ae
("package/libxml-parser-perl: make host build use correct compiler"),
we pass $(HOST_CONFIGURE_OPTS) when building host-libxml-parser-perl,
in order to use the correct host compiler.
However, this means that LD="$(HOSTLD)" is passed. However, the
host-libxml-parser-perl passes compiler arguments to LD, so it really
assumes that LD is gcc, not ld. For example, it tries to pass
-mtune=generic.
So, let's tell host-libxml-parser-perl that LD is "$(HOSTCC)".
Fixes:
http://autobuild.buildroot.net/results/2ed2e5ccefe9047c597f84d5880de2e8de2bdd94/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
GCC 10 with -std=c++20 breaks boost library due to allocator changes.
https://github.com/boostorg/bimap/issues/23
We need boost 1.74.0 to fix build with gcc-10 -std=c++20. Note that none
of the Buildroot packages that use boost set -std=c++20, so no in-tree
failures.
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Reviewed-by: Michael Nosthoff <buildroot@heine.tech>
Tested-by: Michael Nosthoff <buildroot@heine.tech> for arm
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Only run code when the script is executed directly (not imported).
Factorize command description by using the script's __doc__ variable.
Fix typo in --force help message.
Signed-off-by: Robin Jarry <robin.jarry@6wind.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In commit c2009e9f75
("package/linux-headers: license files hashes only valid for latest
version"), we introduced BR2_KERNEL_HEADERS_LATEST, which should only
be set for the most recent kernel headers versions.
Indeed, the COPYING file of Linux has changed before/after Linux 5.6,
causing its hash file to be different. Since linux-headers uses
linux/linux.hash as the hash file, and this hash file contains the
COPYING hash of Linux >= 5.6, we cannot use that hash for Linux
versions older than 5.6.
When newer versions of the headers than 5.4 were added, this
BR2_KERNEL_HEADERS_LATEST was not moved as it should have been. We fix
this, which fixes a legal-info failure happening when Linux kernel
headers 5.4 are used:
>>> linux-headers 5.4.63 Patching
>>> linux-headers 5.4.63 Collecting legal info
ERROR: COPYING has wrong sha256 hash:
ERROR: expected: fb5a425bd3b3cd6071a3a9aff9909a859e7c1158d54d32e07658398cd67eb6a0
ERROR: got : ee5808b032a67f587d3541099d46de34f5bec8cd5976114ba07f1299ee6001ff
ERROR: Incomplete download, or man-in-the-middle (MITM) attack
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, the check of defconfigs is run for all branches, even those
that are pushed only to run runtime tests. This is very inconvenient.
In fact, we only want to check the defconfigs on standard branches, that
is master, next, and the maintenance branches.
This will also decrease drastically the number gitlab-ci minutes used
when one pushes their repo to gitlab.com, where the number of CI minutes
are now going to be pretty severely restricted.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Note that those tests were so far ignored only when requesting a single
defconfig build, or a single runtime test build; everything else
was trigerring thoses tests.
However, it feels more natural that they are also ignored when all
defconfigs build. or all runtime tests, are explictly requested.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- CVE-2020-15166: Denial-of-Service on CURVE/ZAP-protected servers by
unauthenticated clients.
If a raw TCP socket is opened and connected to an endpoint that is fully
configured with CURVE/ZAP, legitimate clients will not be able to exchange
any message. Handshakes complete successfully, and messages are delivered
to the library, but the server application never receives them. For more
information see the security advisory:
https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m
- Stack overflow on server running PUB/XPUB socket (CURVE disabled).
The PUB/XPUB subscription store (mtrie) is traversed using recursive
function calls. In the remove (unsubscription) case, the recursive calls
are NOT tail calls, so even with optimizations the stack grows linearly
with the length of a subscription topic. Topics are under the control of
remote clients - they can send a subscription to arbitrary length topics.
An attacker can thus cause a server to create an mtrie sufficiently large
such that, when unsubscribing, traversal will cause a stack overflow. For
more information see the security advisory:
https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8
- Memory leak in PUB server induced by malicious client(s) without CURVE/ZAP.
Messages with metadata are never processed by PUB sockets, but the
metadata is kept referenced in the PUB object and never freed. For more
information see the security advisory:
https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw
- Memory leak in client induced by malicious server(s) without CURVE/ZAP.
When a pipe processes a delimiter and is already not in active state but
still has an unfinished message, the message is leaked.
For more information see the security advisory:
https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87
- Heap overflow when receiving malformed ZMTP v1 packets (CURVE disabled).
By crafting a packet which is not valid ZMTP v2/v3, and which has two
messages larger than 8192 bytes, the decoder can be tricked into changing
the recorded size of the 8192 bytes static buffer, which then gets
overflown by the next message. The content that gets written in the
overflown memory is entirely decided by the sender.
For more information see the security advisory:
https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6
Drop now upstreamed patches, autoreconf and reformat hash file with 2 space
delimiters.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit [1] in U-Boot upstrea, there is no necessity to pass extra
metadata_csum option due to changed env location in U-Boot so we can
drop it completely.
[1] 76db1681da52342ca9f4fb7e6787bd83cc82f429:
stm32mp1: use a specific SD/eMMC partition for U-Boot enviromnent
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr: 76db1681d referecnes a U-Boot commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
kbd uses _Generic since version 2.2.90 and
da5feb8fd9
However, _Generic is not available until gcc 4.9:
https://gcc.gnu.org/wiki/C11Status
As a result, build with gcc 4.8 fails on:
setleds.c:352:3: warning: implicit declaration of function '_Generic' [-Wimplicit-function-declaration]
ndefflags = BITMASK_SET(BITMASK_UNSET(odefflags, ndef), nval);
^
setleds.c:22:2: error: expected expression before 'unsigned'
unsigned char: (unsigned char)(~(x)) \
^
Fixes:
- http://autobuild.buildroot.org/results/b74ecdda44543da1d47fa2c027fb046a3ca1e2d1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: propagate the MMU dependency to the comment]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
IPython-enabled pdb.
This package can be very helpful when someone wants to debug
a Python application on the board itself.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
On aarch64 With the config option "--enable-mpers=check" the configure.ac
script searchs for a 32bit compiler. When a matching compiler is found
in the PATH some compatiblity checks are done. This can fail when the
available kernel headers on host and buildroot target does not match.
Since buildroot does not support 32bit binaries when building for 64bit
architecture (no -m32 option) we can disable this option unconditionally.
When disabling unconditionally also the configuration for toolchain using
MUSL can be removed.
Cc: Baruch Siach <baruch@tkos.co.il>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Force GIT_VERSION to avoid git version logic that takes the Buildroot
git commit id.
Update LICENSE hash; copyright year update.
Format hashes file with two space delimiters.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package uses gcc filename without absolute path, which breaks
the host build if host and target compiler have the same filename.
(Can happen with an external toolchain).
This patch adds the variables for the host as overrides,
as they are otherwise not picked up from the environment.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fix CVE-2020-15503: LibRaw before 0.20-RC1 lacks a thumbnail size
range check. This affects decoders/unpack_thumb.cpp,
postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example,
malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without
validating T.tlength.
- zlib is an optional dependency since
b63f017b06
Also update indentation in hash file (two spaces) as well as README.md
hash, no license changes:
- d1975cb0e0
- d38361b76e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Both patches are now upstream and can be dropped:
- 7cfaa9dede0f7f711a0fb961559e9629e7c7a259 is "MakeHeader.py: Fix for
non-utf8 environments"
- dfd9279f87791e36a5212726781c31fbe7110361 is "Resolve complation
issues with -fno-common (default from gcc-10)"
The license file hash is changed due to the removal of one empty line:
@@ -353,4 +353,3 @@
applicable licenses of the version of PLPA used in your combined work,
provided that you include the source code of such version of PLPA when
and as the GNU GPL requires distribution of source code.
-
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Easyframes uses fork when capturing frames in a pcap file, therefore
add the dependency BR2_USE_MMU.
Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Contains fixes for overflows when input chunks are larger than 2 GiB,
an uninitialized data access, and minor correctness and performance
improvements. There does not seem to be any CVEs filed, but there is
a security notice in the release notes at:
https://github.com/google/brotli/releases/tag/v1.0.9
Patch "0001-CMake-Allow-using-BUILD_SHARED_LIBS-to-choose-static.patch"
is rebased against the latest upstream changes.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
graphical is equivalent to the sysvinit runlevel 5
multi-user is equivalent to a runlevel between 2 and 4
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update hash of COPYING and add CREDITS to license files as most of the
original COPYING content moved to CREDITS and COPYING now contains
GPL-2.0+ text since version 2.0.90 and
1304c0c11c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
opcua-asyncio is an asyncio-based asynchronous OPC UA client
based on python-opcua, removing hacks for support of
python < 3.6.
Asynchronous programming allows for simpler code (e.g. less need
for locks) and potentially performance gains.
More information is available at :
https://github.com/FreeOpcUa/opcua-asyncio.
Signed-off-by: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Ordinary local file IO is blocking, and cannot easily and
portably made asynchronous.
This means doing file IO may interfere with asyncio applications,
which shouldn’t block the executing thread. aiofiles helps
with this y introducing asynchronous versions of files
that support delegating operations to a separate thread pool.
More information is available at :
https://pypi.org/project/aiofiles.
Signed-off-by: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
janus-gateway comes with an example website to test its features.
Since the bump to 0.10.3, this website takes 1.8MiB uncompressed on
the target, among which is a 1MiB video sample which does not compress
well.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This will avoid the following build failure with openpgm 5.3:
In file included from /home/fabrice/buildroot/output/host/bin/../arm-buildroot-linux-gnueabihf/sysroot/usr/include/pgm-5.3/pgm/skbuff.h:39,
from /home/fabrice/buildroot/output/host/bin/../arm-buildroot-linux-gnueabihf/sysroot/usr/include/pgm-5.3/pgm/msgv.h:33,
from /home/fabrice/buildroot/output/host/bin/../arm-buildroot-linux-gnueabihf/sysroot/usr/include/pgm-5.3/pgm/pgm.h:44,
from src/ip.cpp:67:
/home/fabrice/buildroot/output/host/bin/../arm-buildroot-linux-gnueabihf/sysroot/usr/include/pgm-5.3/pgm/socket.h:207:1: error: ‘const char* pgm_family_string(int)’ defined but not used [-Werror=unused-function]
207 | pgm_family_string (
| ^~~~~~~~~~~~~~~~~
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
No MINIDLNA_IGNORE_CVES entry is added as no CVE has been assigned to
minidlna. Indeed, CallStranger vulnerability affect(ed) most of the UPnP
stacks (e.g. gupnp, libupnp)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Per-package build of apparmor with apache fails on:
/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apparmor/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/apxs -c mod_apparmor.c -L/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apparmor/host/bin/../x86_64-buildroot-linux-musl/sysroot/usr/lib -lapparmor
/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/../../usr/build-1/libtool --silent --mode=compile /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/bin/x86_64-linux-gcc -prefer-pic -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g2 -I/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/include -I/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/../../usr/include/apr-1 -I/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/../../usr/include/apr-1 -I/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/../../../../x86_64-buildroot-lin
ux-musl/sysroot/usr/include -c -o mod_apparmor.lo mod_apparmor.c && touch mod_apparmor.slo
mod_apparmor.c:28:10: fatal error: sys/apparmor.h: No such file or directory
#include <sys/apparmor.h>
^~~~~~~~~~~~~~~~
The issue is that sys/appamor.h is not installed in the apache
per-package directory which is mangled by
APACHE_FIX_STAGING_APACHE_CONFIG, i.e.
/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/include
So implement the same workaround made on apache to replace those wrong
apache paths by apparmor paths in apxs binary and its configuration file
(i.e. config_vars.mk) as suggested by Thomas Petazzoni and Yann E. Morin
during review of the first iteration of this patch
Fixes:
- http://autobuild.buildroot.org/results/ef1fcd57e0c09a2806bf2272bb21df6d3300b45b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in
ReadMNGImage in coders/png.c.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing.
The server sending a "no_renegotiation" alert in an unexpected timing,
followed by an invalid second handshake was able to cause a TLS 1.3
client to crash via a null-pointer dereference. The crash happens in the
application's error handling path, where the gnutls_deinit function is
called after detecting a handshake failure (#1071).
[GNUTLS-SA-2020-09-04, CVSS: medium]
https://lists.gnupg.org/pipermail/gnutls-help/2020-September/004669.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
CVE-2020-25125: Importing an OpenPGP key having a preference list for AEAD
algorithms will lead to an array overflow and thus often to a crash or other
undefined behaviour (affected: 2.2.21 / 2.2.22)
For more details, see the announcement:
https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
certutil is a command-line utility for managing keys and certificate in
both NSS databases and other NSS tokens.
Signed-off-by: Julien Floret <julien.floret@6wind.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cherry-pick a patch from upstream project that fixes the build when used
with a uClibc based toolchain.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop patches that are now upstream.
Pipewire now requires renderer-gl, only enable pipewire when
renderer-gl is also enabled.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The libcamera project has moved to C++17, therefore also update the
toolchain requirements accordingly.
Signed-off-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
[yann.morin.1998@free.fr: s/\t/ / in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The ControlValue structure is currently defined with a 16-bit hole
(causing unaligned access to the numElements_ field, though that's a
separate topic).
This structure has a static assertion to ensure that its size does not
change without due care, as it forms part of our ABI and is used in
Serialisation between the pipeline handlers and IPA components.
The m68k architecture is the only target which fails this assertion,
which is likely because it can pack the structure more efficiently,
producing a different binary size.
This is likely an area we will tackle before stabilising our ABI, but
until then, disable m68k builds as libcamera is not expected to be
supported on this target.
Fixes;
- http://autobuild.buildroot.net/results/9dce26e94299a2c61bba60cbc7803926e2f85e29/
Signed-off-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
[yann.morin.1998@free.fr, suggestions from Thomas:
- introduce BR2_PACKAGE_LIBCAMERA_ARCH_SUPPORTS
- propagate that to the comment
- add autobuilder reference
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When both BR2_REFPOLICY_EXTRA_MODULES_DIRS and
PACKAGES_SELINUX_EXTRA_MODULES_DIRS are empty, we expect
REFPOLICY_EXTRA_MODULES_DIRS to also be empty. However, due to spaces,
this is not the case. This commit adds a $(strip ...) call to ensure
it is the case.
Thanks to this, the check on whether REFPOLICY_EXTRA_MODULES_DIRS is
empty later on will really work as it should.
Reported-by: Antoine Ténart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Extract from bug report:
"In usb_modeswitch Makefile dispatcher-script, dispatcher-dynlink and
dispatcher-statlink are .PHONY targets. The result is that sources are
compiled also when install targets are called.
USB_MODESWITCH_INSTALL_TARGET_CMDS calls $(MAKE) which is a call to
parallel make eg. make -j9. So the install phase can install empty
usb_modeswitch binary (happened once) if the compiler have just cleared
the binary and install command installs it before compiler writes the
binary. USB_MODESWITCH_INSTALL_TARGET_CMDS should call $(MAKE1)."
Instead of disabling parellel install, use install-common target instead
of install-{dyn,stat}link targets. Indeed, the dynamic or static
usb_modeswitch_dispatcher binary will be built by
all-with-{dyn,stat}link-dispatcher targets, there is no need to rebuild
it during the install step
Fixes:
- https://bugs.buildroot.org/show_bug.cgi?id=12911
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
tinyhttpd is affected by CVE-2002-1819 and is not maintained anymore
(no release since 2001) so remove it
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If BR2_TARGET_ROOTFS_UBIFS is selected, enable the following kernel options:
- CONFIG_UBIFS_FS_XATTR
- CONFIG_UBIFS_FS_SECURITY
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If BR2_TARGET_ROOTFS_SQUASHFS is selected, enable the following kernel options:
- CONFIG_SQUASHFS_XATTR
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If BR2_TARGET_ROOTFS_JFFS2 is selected, enable the following kernel options:
- CONFIG_JFS_SECURITY
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If BR2_TARGET_ROOTFS_F2FS is selected, enable the following kernel options:
- CONFIG_F2FS_FS_XATTR
- CONFIG_F2FS_FS_SECURITY
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If BR2_TARGET_ROOTFS_EXT2_4 is selected, enable the following kernel options:
- CONFIG_EXT4_FS_SECURITY
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If BR2_TARGET_ROOTFS_EXT2_3 is selected, enable the following kernel options:
- CONFIG_EXT3_FS_SECURITY
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If BR2_TARGET_ROOTFS_EXT2 is selected, enable the following kernel options:
- CONFIG_EXT2_FS_XATTR
- CONFIG_EXT2_FS_SECURITY
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If BR2_TARGET_ROOTFS_EROFS is selected, enable the following kernel options:
- CONFIG_EROFS_FS_XATTR
- CONFIG_EROFS_FS_SECURITY
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, the libselinux package sets the CONFIG_DEFAULT_SECURITY_SELINUX
kernel option. However, as of kernels >= 5.1, this option is superseded in
favor of the CONFIG_LSM option, a comma-separated list of LSMs the kernel
should initialize in order.
As the previous behavior of this package sets the kernel's default and only
LSM to initialize to SELinux, it is safe to set this string to just selinux.
If the user wants additional LSM's, they may do so with a custom kernel config.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add documentation about how to use SELinux in Buildroot, and what are
the available mechanisms to extend and customize the SELinux policy.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
[Thomas: misc improvements.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The refpolicy configure and build step were not correctly defined. The
configuration was split between the configure and build step, while
both the compilation and the installation were done in the install
step. Fix this by moving all the configuration within the
configuration step and by adding a call to make in the build step to
compile the policy.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Allow packages to have an 'selinux' subfolder containing SELinux modules
(sources) to be synced and compiled within the refpolicy, if the package
is selected.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add support for the user to provide a fully custom refpolicy. When
this is used, modules aren't disabled anymore and packages do not
select refpolicy available modules either. The custom refpolicy must
define the full policy explicitly, and must be a fork of the original
refpolicy, to have the same build system.
This is added to allow users to fully control an SELinux policy, by
providing a complete custom policy.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Allow users to select additional modules available in the refpolicy, to
be built in the binary policy. This will allow non-base modules to be
selected based on the user use-case and to select extra module
dependencies when providing out-of-tree modules.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Allow users to provide custom SELinux modules to be part of the final
policy. A new configuration variable is added, pointing to list of
directories containing the custom modules.
SELinux modules do require a metadata.xml file to be well integrated
in the refpolicy build. If this file isn't provided, it will be
automatically created.
For now, this option requires the extra modules to be directly into
the BR2_REFPOLICY_EXTRA_MODULES directory, and subfolders aren't
supported. They may never be, as having subfolders could introduce
issues when two different modules have the same name (which isn't
supported by the refpolicy).
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Select the fstools SELinux module when e2fsprogs binaries are compiled
and installed in the target filesystem, so that they'll be supported by
the SELinux policy.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Select the fstools SELinux module to be compiled in the policy for the
relevant binaries of util-linux.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Select the dbus SElinux module so that it will be compiled in the
refpolicy. This way, if an SELinux policy is generated, dbus will be
supported.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Select the systemd and udev SELinux modules so that they will be
compiled in the refpolicy. This way, if an SELinux policy is generated,
Systemd will be supported.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add support for packages to enable SELinux modules already supported by
the refpolicy, but not selected by default in its policy.
With this commit, packages will be able to do something like:
SYSTEMD_SELINUX_MODULES = systemd udev
to enable additional SELinux modules.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The refpolicy is configured to use a monolithic build, compiling all the
available modules (whether they're 'base' or 'modules' ones) in the
binary policy. The result is a quite big SELinux policy, with a lot more
rules than what would be needed in a Buildroot image.
Refactor the refpolicy build configuration to enable less modules by
default. To achieve this, all the modules marked as being part of the
'base' policy are kept but all the modules marked as being only
'modules' are disabled. Then a static list of modules (in addition to
the already selected 'base' ones) are enabled. The result is a much
smaller refpolicy: tests showed a reduction of the binary policy from
2.4M to 249K (~90% smaller).
This minimal set of SELinux modules should allow to boot a system in
enforcing mode in the future. It currently does not work, not because
extra modules are needed, but because of required changes within the
selected modules.
This patch would break backward compatibility as the refpolicy will no
longer have all the modules provided by the project, but only those
selected. This should not be an issue as this configuration was not
suitable directly for a real system. Modifications had to be done. If we
still find out later that this is an issue for someone, we'll have the
ability to mimic what was done previously thanks to other mechanisms
(such as providing the upstream policy as a "custom" policy location).
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Set the SELinux file security contexts using setfiles when generating
root filesystem images.
Without such security contexts created at build time, they need to be
setup at first boot by running the restorecon utility on the target.
This has two drawbacks:
- You have to special case the first boot, which cannot be done in
enforcing mode, and will have to run restorecon, then reboot.
- You cannot support read-only filesystems.
By setting up the security contexts at build time, we can have a
filesystem image that is immediately ready to boot an SELinux system
in enforcing mode, including if the root filesystem is read-only.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The mke2fs binary copies the xattrs of the source directory when
creating an image, but this logic did not include the root directory of
the resulting image. A patch was sent upstream to fix this. Include the
patch in Buildroot to allow creating SELinux ready images at build time.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mg is a small Emacs-like editor with no external dependencies except a
standard C library. It weighs in at 130 kiB and is one of a select few
completely free (public domain) text editors suitable for small and
embedded systems.
This version is based on the OpenBSD Mg, but with more features, one of
which being the no-ncurses/termcap support, which heavily reduces the
impact on a resource constrained system.
Upstream: https://github.com/troglobit/mg/
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
GraphicsMagick is the swiss army knife of image processing.
It provides a robust and efficient collection of tools
and libraries which support reading, writing,
and manipulating an image in over 89 major formats
including important formats like DPX, GIF, JPEG, JPEG-2000,
PNG, PDF, PNM, TIFF, and WebP.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that RISC-V 32-bit (RV32) support has been merged into mainline
glibc, we can use the Linux 5.4 kernel.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
By default, the iputils build script might build binaries which are
useless for certain applications, like tftpd or ninfod. Those binaries
will add to the target filesystem size unless a post-build script removes
them manually, which is cumbersome and doesn't shorten build times.
In particular, in a certain aarch64 Buildroot project with musl selected
as a C library, this patch allowed to shrink the full iputils package from
219 KiB (if every option is selected) to 63 KiB (with only the ping
binary selected) - a 71.2% relative size decrease.
Moreover, upstream recently introduced a commit that disabled tftpd from
building by default, like rarpd. In the current state of things, this change
will introduce inconveniences for Buildroot users which prefer to use the
tftpd implementation provided by this package. With this patch, however, that
decision and similar future ones won't be a concern, because they will
have complete control of what binaries are built.
These changes add Kconfig options which let the user select what
binaries are built with ease.
Signed-off-by: Alejandro González <alejandro.gonzalez.correo@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The apu2 by PC Engines is a 64 bit single board computer with coreboot
BIOS. It only has serial output, but no graphics chip. With its 2–4
ethernet ports, it is often used to build a firewall or router.
The provided defconfig configures busybox and isolinux. It will output
a hybrid ISO image that can be written to a USB stick or burned to a
CD.
Configuration based on a blogpost by Tony Arkles:
http://www.better-bsp.com/blog/2017/03/02/buildrooting-for-apu2/
Signed-off-by: Danilo Bargen <mail@dbrgn.ch>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Examples and tests are not needed especially because of them fails on
some architectures because it wrongly tries to use wc_Sha256FinalRaw:
CCLD tests/unit.test
/tmp/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/aarch64-none-linux-gnu/9.2.1/../../../../aarch64-none-linux-gnu/bin/ld: tests/tests_unit_test-api.o: in function `test_wc_Sha256FinalRaw':
/tmp/instance-0/output-1/build/wolfssl-4.5.0-stable/tests/api.c:6504: undefined reference to `wc_Sha256FinalRaw'
Fixes:
- http://autobuild.buildroot.org/results/d5b6f97f7510874fe28c675e599be08cb8a78c7b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
"mkdir" (without "-p") fails if the target directory exists, which means
that if alsa-utils is being reinstalled or if other files have
previously been installed in the alsa-state.d or alsa-restore.d
directories the installation will fail.
Switch to "$(INSTALL) -d" which allows us to be explicit about the
permissions and handles the case of a pre-existing directory correctly.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The AmLogic Odroid C2 boards use an ATF version for which the source
code is not available. The mainline U-Boot documentation at
doc/board/amlogic/odroid-c2.rst details how to build a bootable U-Boot
image for this platform: it requires fetching the ATF binary files
from https://github.com/hardkernel/u-boot.git as well as a tool called
fip_create from the same repository.
This commit therefore implements a simple Buildroot package that
retrieves this repository, installs the firmware files, and
builds/installs the host fip_create utility.
This package really installs target images (firmware files) and one
host utility, so we had to take an arbitrary decision on whether it
should be a target package or a host package, and we've chosen to make
it a target package.
Signed-off-by: Dagg Stompler <daggs@gmx.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The manual has a section on adding board support to upstream buildroot,
but it fails to mention some of the things we expect. Add more of them.
- Internal toolchain.
- Beautify defconfig file.
- Fixed versions for components.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Adam Duskett <Aduskett@gmail.com>
Reviewed-by: Adam Duskett <aduskett@gmail.com>
[yann.morin.1998@free.fr:
- use +monospace+ for the variables
- use _italic_ for sections in defconfig
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch is based on patch from the rockchip tree:
commit c8a337593660f27379c30248a11bf08dc8712113
Author: Jeffy Chen <jeffy.chen@rock-chips.com>
Date: Tue Nov 13 18:59:43 2018 +0800
package: cups: Add udev rules to assign usb printers' group to lp
Change-Id: Ieae17deaa7d3623e1f0e1cc826871f1719d98d88
Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com>
but removes a hardcoded device usb vendor/id and keps only the usb
printer class.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch is a backport from the rockchip tree.
Author: Jeffy Chen <jeffy.chen@rock-chips.com>
Date: Tue Nov 13 18:25:34 2018 +0800
package: cups: Add lp user as default cups user
Change-Id: Ic7434fe0a7b41b86b5b8b097fa29dd9718e29aa5
Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com>
User lp is necessary for running the cups spooler.
Groups lpadmin grants administrative privileges to users.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
A defconfig for the friendlyarm nanopc-t4 was added in
c23895f06e, but then removed
in 8efd4463f7 because an ARM32
compiler was needed to build ATF, and this was not supported
back then.
Now, since package/arm-gnu-a-toolchain/ has been added, this
defconfig can be re-introduced.
Following new changes are introduced in comparision with the
older changeset:
- updated readme
- GPT partition layout is being used
- update defconfig to build ATF
- bump u-boot to 2020.07
- bump linux to 5.8.2
Signed-off-by: Suniel Mahesh <sunil@amarulasolutions.com>
Reviewed-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: fixate U-Boot version; remove blind BR2_TARGET_UBOOT_NEEDS_PYTHON]
A defconfig for the friendlyarm nanopi-m4 was added in
493c3979a4, but then removed
in a24bd8936f because an ARM32
compiler was needed to build ATF, and this was not supported
back then.
Now, since package/arm-gnu-a-toolchain/ has been added, this
defconfig can be re-introduced.
Following new changes are introduced in comparision with the
older changeset:
- readme updated
- GPT partition layout
- update defconfig to build ATF
- bump u-boot to 2020.07
- bump linux to 5.8.2
Signed-off-by: Suniel Mahesh <sunil@amarulasolutions.com>
Reviewed-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: fixate U-Boot version; remove blind BR2_TARGET_UBOOT_NEEDS_PYTHON]
A defconfig for the rockpro64 was added in
59e1077b4e, but then removed
in 10f49213b7 because an ARM32
compiler was needed to build ATF, and this was not supported
back then.
Now, since package/arm-gnu-a-toolchain/ has been added, this
defconfig can be re-introduced.
Following new changes are introduced in comparision with the
older changeset:
- renamed defconfig from pine64_rockpro64 to rockpro64
- updated readme
- using a GPT partition layout
- update defconfig to build ATF
- bump u-boot to 2020.07
- bump linux to 5.8.2
Signed-off-by: Suniel Mahesh <sunil@amarulasolutions.com>
Reviewed-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: fixate U-Boot version; remove blind BR2_TARGET_UBOOT_NEEDS_PYTHON]
Move the code to run check-flake8 into the Makefile, like we have for
check-package, so that it is easy to run locally (and not wait for
someone to report a failure from their Gitlab pipelines).
Compared to the existing check from gitlab-ci.yml, the Makefile check
differs in this respect:
- don't explicitly find *.py files: they are supposed to also be found
as a result of running 'file' on them;
- use git ls-tree instead of find: this is supopsedly faster as it
uses the index rather than readdir();
- don't output the count of warnings or errors: the output is a single
integer, which is confusing when there are errors, and even more so
when there are no, when it is simply '0';
- don't sort: the output is already stable and independent from the
locale;
- don't report the number of processed files: this information is
rather useless, and getting a hold of it would be more challenging
in this new code.
Note: ideally, we would want to use --null, --zero, or similar options,
with utilities that generates or parses a files listing. While git
ls-tree and xargs do support it, it becomes a little bit tricky to use
the --print0 option of file, and then grep in that output (it is not
undoable, but would requires replacing grep+cut with some sed trickery).
Since we do not expect our scripts names to contain funky chars (like
\n or a colon), we just hand-wave away that issue (and the old code was
doing the same assumption too).
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The variables for the "docker version" output are located at
$(DOCKER_CLI_GOMOD)/cli/version - correct the path to these in the ldflags to
fix the following "unknown" lines in "docker version" output:
Client:
Version: unknown-version
Git commit: unknown-commit
Built: unknown-buildtime
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Upstream does not maintain these older versions anymore. Due to security
fixes not being backported to these versions anymore we remove these old
X server versions.
Move current patches from version-specific directory to package directory.
No legacy handling is added for the old versions, since it's simply a
version bump. THe old packages and features (AIGLX) that depend on the
old versions do have legacy handling.
Remove legacy handling for 1.19.*
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Current X.org X server is incompatible with this driver.
We no longer support unmaintainted versions of X.org X server.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Current X.org X server is incompatible with this driver.
We no longer support unmaintainted versions of X.org X server.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
boost-thread needs std::current_exception since version 1.71.0 and
386f5507cb
std::current_exception depends on !BR2_TOOLCHAIN_HAS_GCC_BUG_64735 as a
result, uhd fails to build on:
In file included from /home/buildroot/autobuild/run/instance-2/output-1/build/uhd-3.15.0.0/host/include/uhd/error.h:74:0,
from /home/buildroot/autobuild/run/instance-2/output-1/build/uhd-3.15.0.0/host/include/uhd/types/metadata.h:12,
from /home/buildroot/autobuild/run/instance-2/output-1/build/uhd-3.15.0.0/host/lib/types/metadata_c.cpp:8:
/home/buildroot/autobuild/run/instance-2/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/boost/exception/diagnostic_information.hpp: In function 'std::__cxx11::string boost::current_exception_diagnostic_information(bool)':
/home/buildroot/autobuild/run/instance-2/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/boost/exception/diagnostic_information.hpp:54:26: error: 'current_exception' is not a member of 'std'
else if (auto* p=std::current_exception().__cxa_exception_type())
^
In file included from /home/buildroot/autobuild/run/instance-2/output-1/build/uhd-3.15.0.0/host/include/uhd/error.h:74:0,
from /home/buildroot/autobuild/run/instance-2/output-1/build/uhd-3.15.0.0/host/include/uhd/types/ranges.h:12,
from /home/buildroot/autobuild/run/instance-2/output-1/build/uhd-3.15.0.0/host/lib/types/ranges_c.cpp:8:
/home/buildroot/autobuild/run/instance-2/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/boost/exception/diagnostic_information.hpp: In function 'std::__cxx11::string boost::current_exception_diagnostic_information(bool)':
/home/buildroot/autobuild/run/instance-2/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/boost/exception/diagnostic_information.hpp:54:26: error: 'current_exception' is not a member of 'std'
else if (auto* p=std::current_exception().__cxa_exception_type())
So add a dependency to !BR2_TOOLCHAIN_HAS_GCC_BUG_64735
Fix:
- http://autobuild.buildroot.net/results/0cdbf01df174648cf0dfb34d9506eb80570e99c0/
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Use UDEV_USERS, now that it's suported by virtual packages.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Use LUAINTERPRETER_TARGET_FINALIZE_HOOKS, now that it's suported by
virtual packages.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: don't remove relevant comment]
Virtual packages are not built but it's useful to allow them to have
permission/device/user tables and target-finalize/rootfs-pre-cmd hooks.
With this change we don't need to duplicate data as currently done in
eudev and systemd user tables, or test if the package is selected to add
a target-finalize hook as in luainterpreter.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reformat the dependency on libcap-ng same as other dependencies: in one
line, preceded by a comment that it is used only by setpriv.
This also makes it clear why it's not included in util-linux-libs.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
There was a private variable UTIL_LINUX_LIBS that is used by the
util-linux package. With the addition of the util-linux-libs package,
this is a bit confusing. Therefore, rename the variable to
UTIL_LINUX_LINK_LIBS.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The different tools and libraries in util-linux have a lot of optional
dependencies. When we want to support those optional dependencies, we
can easily generate dependency cycles. For instance, findmount and lsblk
need udev to work correctly, but eudev and systemd both depend libblkid,
which comes from util-linux.
Normal distros (e.g. Debian) solve this by first building a minimal
package that has no dependencies at all, then build the packages that
depend on util-linux, and finally rebuild util-linux with all bells and
whistles. Solve it in Buildroot by means of the following changes:
- Split util-linux into two packages:
- util-linux-libs, providing lib{blkid,fdisk,mount,smartcols,uuid}.
- util-linux, providing both the aforementioned libs and the programs.
- Add a blind selection for util-linux-libs, i.e. it is indirectly
selected according to the util-linux options.
- Make host and target util-linux have a build dependencies on the -libs
packages.
- Make eudev and systemd have build dependencies on util-linux-libs.
This can be extended to other packages in the future but is not needed
right now because the configuration options are backward-compatible.
- Make util-linux have an optional build dependency on the package that
provides libudev (either eudev or systemd), if it is selected.
Installing util-linux overrides files installed by util-linux-libs but
this is not a problem: it's allowed for a package to overwrite files
from another package, as long as there is a dependency between the two.
util-linux-libs has a Config.in symbol for the package as a whole, but
not for the individual libraries: it simply reuses the symbols of the
full package.
The build dependency of util-linux on util-linux-libs ensures that
util-linux overwrites the files installed by util-linux-libs and not
vice versa. In practice this dependency shouldn't be needed: the only
reason for util-linux-libs to be built is to break a circular
dependency. In that case, there is already a transitive dependency of
util-linux on util-linux-libs, so adding it explicitly is redundant.
Still, better safe than sorry.
host-util-linux-libs is not needed at the moment. It can be added if we
have a dependency cycle problem later.
With this approach we don't need to patch configuration files neither
change packages other than eudev and systemd.
Other packages that require util-linux libraries and whose libraries may
be used by util-linux programs can be updated later. We also don't need
to change any existing defconfig, since all configuration options are
kept in the util-linux package.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=11811
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch makes the upcoming udisks2 version bump patch easier to
read, and also fixes the udisks.mk, so it follows Buildroot's package
guidelines.
Host packages are placed on top of the dependency list, followed by
target dependencies.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch makes the upcoming udisks2 version bump patch easier to
read, and also fixes the Config.in, so it follows Buildroot's package
guidelines.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Extract from ChangeLog:
- In release 1.6.1 the version number in CMakeLists.txt wasn't
updated, affecting the installed cmake and pkgconfig files. The
version number has been bumped to 1.6.2 in all relevant files now.
- "KaxBlockAddIDValue" class: this class is no longer marked as
"mandatory" in order to coincide with the latest specification.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update indentation in hash file (two spaces)
Extract from NEWS:
- Fix unlikely memory leak in idna_to_unicode_4z4z().
- Check codepoint validity in punycode_decode() and punycode_decode().
- tld: Add U+00EF to .nl TLD table.
- Indent code.
- Translation fixes.
- Update gnulib files.
- API and ABI is backwards compatible with the previous version.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop patch (already in version) and so autoreconf
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update indentation in hash file (two spaces)
Extract from NEWS:
- mkdir: fixed exit code with -f option.
- ftp: made ftp:use-pret setting tri-boolean.
- get/mget/put/mput: don't try next files after error if cmd:fail-exit
is true.
- get/mget: fixed -O option with remote URL and xfer:use-temp-file being
true.
- mirror: disallow empty patterns; don't delete "..".
- mirror: fixed --on-change with --reverse.
- sftp: fixed a bug with truncated files when packets are reordered
(finally).
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Upstream removed spandsp and sofia-sip from source and now uses external
packages, removed patch 0001 which fixed a bug in the internal sofia-sip
code, removed insecure md5 and sha1 hashes.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Extract from NEWS:
- Fix subscription check on V6 link-local addresses
- Add autofree function for GUPnPServiceProxyAction
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
>From https://github.com/PurpleI2P/i2pd/releases/tag/2.33.0:
- UDP tunnels through ECIES-X25519-AEAD-Ratchet
- Shared transient addresses
- ECIES-X25519-AEAD-Ratchet and multiple encryption keys through I2CP
- Pre-calculated x25519 ephemeral keys
- crypto.ratchet.inboundTags parameter
- Don't save invalid address to AddressBook
- Correct ECDSA signatures names in SAM
- New webconsole layout
- Shared routing path for datagram session
- Change datagram routing path if nothing comes back in 10 seconds
- Updated reseed servers list
- Don't connect through terminated SAM destination
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 25b1dc4613 disabled parted on
uClibc due to the following build failure:
atari.c:221:9: error: dereferencing pointer to incomplete type 'struct __uclibc_locale_struct'
return isalnum_l(part->id[0], atr_c_locale)
This was fixed in upstream uClibc-ng as of upstream commit
d1a3ca7ca56630fddde7311a0474eed4a21335a7, which was part of the 1.0.33
uClibc-ng release. On the Buildroot side, even though Buildroot
2020.02 was using uClibc-ng 1.0.32, we already had this patch
backported.
So we can now safely re-enable parted for uClibc-ng toolchains, as
well as its reverse dependencies.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Libbytesize is a small library providing a C "class" for working with
arbitrary big sizes in bytes.
The mdraid plugin for libblockdev depends on this package, which newer
versions of udisks require when building with the udisks daemon
enabled.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libblockdev is a C library supporting GObject introspection for
manipulation of block devices. It has a plugin-based architecture
where each technology (like LVM, Btrfs, MD RAID, Swap,...) is
implemented in a separate plugin, possibly with multiple
implementations.
gobject-introspection is not a strict dependency and may be disabled
via a configure flag.
This is the base package with everything disabled, the subsequent
patches in this series will add more options necessary to bump udisks
to the latest.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit adds the new test cases generated automatically by the
bl-toolchains-gen script, to test the integration of the Bootlin
toolchains.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit wires-up the toolchain-external-bootlin package into
Buildroot by:
- Adding
toolchain/toolchain-external/toolchain-external-bootlin/Config.in,
which is not generated by the bl-toolchains-gen script as it is a
static file that does not depend on the list and characteristics of
available Bootlin toolchains.
- Including that file, as well as the Config.in.options file, from
toolchain/toolchain-external/Config.in.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Titouan Christophe <titouan.christophe@railnova.eu>
Tested-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit adds the contents of the
toolchain/toolchain-external/toolchain-external-bootlin/ files
generated by bl-toolchains-gen, unmodified.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
https://toolchains.bootlin.com/ has been providing for a few years a
number of ready-to-use pre-built toolchains, for a wide range of
architectures (which it turns out, are all built using Buildroot).
While toolchains.bootlin.com provides Buildroot config fragments to
easily use those toolchains with Buildroot (see [0] for example), this
is not visible anywhere. So instead, we would like to add support for
these toolchains in Buildroot just like we have existing support for
Linaro, ARM, Synopsys, etc. toolchains.
[0] https://toolchains.bootlin.com/downloads/releases/toolchains/aarch64/fragments/aarch64--glibc--bleeding-edge-2020.02-2.frag
However, the number of toolchains provided by toolchains.bootlin.com
is really large, and they are regularly updated. Maintaining that
manually would be time consuming and error-prone. So instead, this
commit introduces a script that automatically generates:
- toolchain/toolchain-external/toolchain-external-bootlin/Config.in.options
- toolchain/toolchain-external/toolchain-external-bootlin/toolchain-external-bootlin.mk
- toolchain/toolchain-external/toolchain-external-bootlin/toolchain-external-bootlin.hash
- support/testing/tests/toolchain/test_external_bootlin.py
We create a single external toolchain package, with a Kconfig "choice"
as a sub-option to select the toolchain variant to be used. The script
contains a Python dict that provides the mapping between the
toolchains provided by toolchains.bootlin.com, and the architecture
options/variants they are applicable to.
The test cases allow to verify that the toolchain configuration is
correct, and that it is able to build a Busybox based system. It
doesn't do any runtime testing as such testing is already done by
toolchains.bootlin.com: the test cases here are only meant to verify
that the toolchain-external-bootlin package works as expected.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Titouan Christophe <titouan.christophe@railnova.eu>
Tested-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since the go.mod integration, the <pkg>_WORKSPACE variable is useless,
so drop it.
Reported-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that we have switched to the go.mod integration, all Go packages
are built with -mod=vendor, so there's no need to have custom GOFLAGS
in mender-artifact.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With the go.mod integration, the <pkg>_WORKSPACE variable has become
useless, drop it.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With the go.mod integration, the DOCKER_ENGINE_SRC_SUBDIR has become
useless, drop it.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With the go.mod integration, the <pkg>_WORKSPACE variable is no longer
needed, drop it.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With the go.mod integration, the <pkg>_WORKSPACE variable has become
useless, so drop it.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The Go compiler needs to know the "import path" to the root of package
source repositories. Previously, this was done by creating a fake
_gopath in the build directory and symlinking the package source into
that path.
Go has deprecated the GOPATH mechanism in favor of a new approach -
Modules - which specifies the root import path (and dependencies) in a
"go.mod" file. This commit moves Buildroot to use the new go.mod
approach, which requires:
- Passing GO111MODULE=on when building host or target Go packages.
- Passing GOPROXY=off and -mod=vendor to prevent the Go module system
from downloading by itself sources from the Internet. We currently
only support Go packages that have all their dependencies in their
source tree in "vendor" directories.
- Specifying a <pkg>_GOMOD variable, which is used both to create a
minimal go.mod file in the package source tree if it exists, and to
invoke the right build targets. Indeed, all elements in
<pkg>_BUILD_TARGETS are now relative to <pkg>_GOMOD.
Reference: https://github.com/golang/go/wiki/Modules
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In preparation for the go.mod integration, define the DOCKER_CLI_GOMOD
variable.
We also use it as a handy shortcut when defining DOCKER_CLI_LDFLAGS.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In preparation for the go.mod integration, define the
DOCKER_ENGINE_GOMOD variable.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In preparation for the go.mod integration, define the
DOCKER_CONTAINERD_GOMOD variable.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that GO_TARGET_ENV and GO_HOST_ENV are just aliases to
HOST_GO_TARGET_ENV and HOST_GO_HOST_ENV, drop the former two, and use
the latter two directly.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There is no point in having some common Go env variables defined in
pkg-golang.mk:GO_COMMON_ENV, and some in
package/go/go.mk:HOST_GO_COMMON_ENV. Let's move all of them to
package/go/go.mk:HOST_GO_COMMON_ENV.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
HOST_GO_HOST_ENV is explicitly specifying
HOST_CGO_{CFLAGS,CXXFLAGS,LDFLAGS}, so let's do the same for target
packages.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
A few variables are common between HOST_GO_TARGET_ENV and
HOST_GO_HOST_ENV, so let's introduce a HOST_GO_COMMON_ENV variable for
those few common ones (which will increase in follow-up commits).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/go/go.mk provides a HOST_GO_TARGET_ENV which provides a useful
set of environment variables needed to build target Go packages.
For host packages, we simply have package/pkg-golang.mk defining
GO_HOST_ENV to specify CFLAGS/LDFLAGS, but that's it: we don't pass an
explicit path to the compiler, we don't pass GO111MODULE, GOCACHE,
GOROOT, etc.
This commit introduces a HOST_GO_HOST_ENV variable that provides the
appropriate set of environment variables to use when building host
golang packages.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The upstream tarball provides an already generated configure script,
which works fine, so there's no need to AUTORECONF.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
watchdog is a flexible watchdog daemon that improves on the already
available Busybox watchdog daemon by providing more advanced features,
like defining custom system status checks and executing repair scripts
to react upon invariants that don't hold.
Due to "watchdog" being also provided by Busybox, we need to make that
package/watchdog installs the watchdog binary in the same place as
Busybox (i.e in /sbin), and need to add a dependency of Busybox on
this new watchdog package.
Signed-off-by: Alejandro González <alejandro.gonzalez.correo@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
By default, go will attempt to download needed modules before building, which
is not desirable. This behavior also causes permission issues when cleaning,
as go downloads modules as read-only by default. Because mender-artifact
includes the modules in the vendor directory, mod=vendor prevents the package
from downloading the go modules during the build process and prevents
permission issues when cleaning.
Fixes:
http://autobuild.buildroot.net/results/d5bcaca73ae74fe8b0ebd39b6331564cd639fb66
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also separate the fields in the hash file by two spaces and add pgp
signature check.
Since we're now using the default value for POWERTOP_SOURCE, drop this
variable definition.
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mainline Linux now has basic s500/roseapplepi support, so switch to that to
get rid of the dependency on gcc7. Add two patches for the dts / fix that
didn't make it for kernel 5.7.
The mainline kernel does not yet have support for the mmc interface, so
change to initramfs for now. Patches for mmc support have been posted
recently, so this can be reverted once they show up in a stable kernel:
https://lore.kernel.org/lkml/cover.1593124368.git.cristian.ciocaltea@gmail.com/
The owl serial port is called ttyOWLn in mainline, so adjust the bootargs to
match. Also drop the unneeded execute permission on uEnv.txt.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This scripts takes as entry on stdin a JSON description of the package
used for a given configuration. This description is the one generated
by "make show-info".
The script generates the list of all the packages used and if they are
affected by a CVE. The output is either a JSON or an HTML file similar
to the one generated by pkg-stats.
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>=
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The affects method of the CVE uses the Package class defined in
pkg-stats. The purpose of migrating the CVE class outside of pkg-stats
was to be able to reuse it from other scripts. So let's remove the
Package dependency and only use the needed information.
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add the list of the CVEs to ignore for each package because they
already have a fix for it.
This information will be useful for a cve-checker.
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In 2019, the JSON vulnerability feeds switched their schema from
version 1.0 to 1.1.
The main difference is the removal of the "affects" element that we
were using to check if a package was affected by a CVE.
This information is now available in the "configuration" element which
contains the cpeid as well as properties about the versions
affected. Instead of having a list of the versions affected, with
these properties, it is possible to have a range of versions.
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In order to be able to use the CVE checking logic outside of
pkg-stats, move the CVE class in a module that can be used by other
scripts.
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some CVE entries in the NVD database have version_value set to "-",
which seems to indicate that it applies to all versions of the
software project, or that they don't really know which versions are
affected, and which are not.
So, for the benefit of doubt, it seems more appropriate to consider
such CVEs as affecting our packages.
This makes the total number of CVEs affecting our next branch jump
from 141 CVEs to 658 CVEs, but that number will go back down once we
switch to the JSON 1.1 schema. Indeed, in the JSON 1.0 schema, there
are often cases where a version_value is set to "=" *and* specific
versions are set to.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- remove patch that is in new version
- update indentation in hash file (two spaces)
Run tests:
br-arm-full [1/6]: OK
br-arm-cortex-a9-glibc [2/6]: OK
br-arm-cortex-m4-full [3/6]: OK
br-x86-64-musl [4/6]: OK
br-arm-full-static [5/6]: OK
sourcery-arm [6/6]: OK
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
FRR is free software that implements and manages various IPv4 and IPv6
routing protocols. It runs on nearly all distributions of Linux and
BSD as well as Solaris and supports all modern CPU architectures.
FRR currently supports the following protocols:
BGP
OSPFv2
OSPFv3
RIPv1
RIPv2
RIPng
IS-IS
PIM-SM/MSDP
LDP
BFD
Babel
PBR
OpenFabric
VRRP
EIGRP (alpha)
NHRP (alpha)
Some not-needed features were disabled to minimize package
dependencies:
- POSIX capabilities
- RPKi
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[Thomas:
- select bash instead of depending on it
- switch to version 7.4, since 7.3 was not building (it's using
TRUE/FALSE, which are not standard, and this was fixed in 7.4)
- use the github macro to define FRR_SITE
- use host-python3 instead of host-python]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This option is required by frr package, so enable it by default as there
is no size difference with or without this option enabled.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
IPTraf-ng is a console-based network monitoring program for Linux that
displays information about IP traffic. It returns such information as:
- Current TCP connections
- UDP, ICMP, OSPF, and other types of IP packets
- Packet and byte counts on TCP connections
- IP, TCP, UDP, ICMP, non-IP, and other packet and byte counts
- TCP/UDP counts by ports
- Packet counts by packet sizes
- Packet and byte counts by IP address
- Interface activity
- Flag statuses on TCP packets
- LAN station statistics
V1.2.1 fixed multiple issues in V1.1.4 like :
- Introduce packet capturing abstraction: add recvmmsg(),
TPACKET_V2 and TPACKET_V3 to capture in multigigabit speeds.
- Handling mlock() failures and carry on execution (without
crashing iptraf-ng).
- Properly account non-IP packets.
- Show dropped packet count.
Signed-off-by: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove patch from this version.
Remove USE_CRYPTO related config (configuration was removed in this
release).
tftpd is not built by default since this release, thus explicitly enable it.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The src/v3.cpp source file, used as a license file, has seen a few
modifications (hence the change of hash) but none of these changes are
related to licensing.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that gdb 9.2 has been introduced, and gdb 8.3 is the default gdb
version, we can drop the oldest gdb version, 8.1.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use "/usr/bin:/usr/sbin" as the default path if BR2_ROOTFS_MERGED_USR
is enabled, otherwise use "/bin:/sbin:/usr/bin:/usr/sbin".
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The TestExternalToolchain() base class implement a test checking if
the ELF interpreter that is advertised by Busybox really exists in the
rootfs. Of course, this only makes sense with ELF toolchains. Until
now, only ELF toolchains were tested, but we are going to use
TestExternalToolchain() with non-ELF toolchains as well, so let's make
this conditional.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: strip() lines during readlines()]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Related changes:
- add dependency on Google RE2 package
- update patches to new offsets
Tested on Ubuntu 20.04
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
RE2 is a fast, safe, thread-friendly alternative to backtracking
regular expression engines like those used in PCRE, Perl, and
Python. It is a C++ library.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump the Xen package to the latest release. We can also remove a patch
to change the CFLAGS as it is no longer required.
The hash of the license file is changed, as ZPL-2.0 is no longer
listed as one of the licenses of 3rd party code imported into Xen.
Signed-off-by: Alistair Francis <alistair@alistair23.me>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit slightly improves the output of pkg-stats by showing the
progress of the upstream URL checks and latest version retrieval, on a
package basis:
Checking URL status
[0001/0062] curlpp
[0002/0062] cmocka
[0003/0062] snappy
[0004/0062] nload
[...]
[0060/0062] librtas
[0061/0062] libsilk
[0062/0062] jhead
Getting latest versions ...
[0001/0064] libglob
[0002/0064] perl-http-daemon
[0003/0064] shadowsocks-libev
[...]
[0061/0064] lua-flu
[0062/0064] python-aiohttp-security
[0063/0064] ljlinenoise
[0064/0064] matchbox-lib
Note that the above sample was run on 64 packages. Only 62 packages
appear for the URL status check, because packages that do not have any
URL in their Config.in file, or don't have any Config.in file at all,
are not checked and therefore not accounted.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit reworks the code that checks if the upstream URL of each
package (specified by its Config.in file) using the aiohttp
module. This makes the implementation much more elegant, and avoids
the problematic multiprocessing Pool which is causing issues in some
situations.
Suggested-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit reworks the code that retrieves the latest upstream
version of each package from release-monitoring.org using the aiohttp
module. This makes the implementation much more elegant, and avoids
the problematic multiprocessing Pool which is causing issues in some
situations.
Since we're now using some async functionality, the script is Python
3.x only, so the shebang is changed to make this clear.
Suggested-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The new version requires an extra features in the toolchain and won't
build with a specific gcc bug, therefore two new toolchain options are
added as dependencies:
* !BR2_TOOLCHAIN_HAS_GCC_BUG_64735
* BR2_TOOLCHAIN_HAS_UCONTEXT
Signed-off-by: Koen Martens <gmc@sonologic.nl>
Reviewed-by: Joel Carlson <JoelsonCarl@gmail.com>
Tested-by: Joel Carlson <JoelsonCarl@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove patch that is no longer needed as of upstream commit
1c33be992e8120abd20add8021e4d91d226f5b6a which removed the old VM.
We need to add an exclusion rule for guile modules to check-bin-arch
as they appear as valid ELF binaries but with an architecture of
"None".
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[Thomas:
- bump to 3.0.4
- rework how check-bin-arch excludes checking the Guile .go files]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit bumps stress-ng version to 0.11.17.
This version includes the patch that fixes musl build at commit
03416938871388243d28621f4b59ce532231f11c, and also fixes a
"Invalid syntax in conditional" build error in a Makefile.
Signed-off-by: Alejandro González <alejandro.gonzalez.correo@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In preparation for the introduction of Lua 5.4, we need to adjust the
dependency of the lua-compat53 package: it only makes sense when a Lua
5.1-compatible interpreter is available (either Lua 5.1 or LuaJIT). We
use the recently introduced BR2_PACKAGE_LUAINTERPRETER_ABI_VERSION_5_1
symbol to achieve this.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In preparation for the introduction of Lua 5.4, clarify the dependency
of luabitop: it only makes sense when used with Lua 5.1.
Also update the comment to no longer mention Lua 5.2, since we don't
support Lua 5.2 in Buildroot anymore.
Note that as explained in https://luajit.org/extensions.html, LuaJit
already implements luabitop functions, so luabitop is really for Lua
5.1 only, not for all Lua interpreters that implemented the 5.1 ABI.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
0001-configure-add-without-demo-option: adapt patch to 5.4.0 version
Signed-off-by: Michael Fischer <mf@go-sys.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- * Work it around via a compiler barrier quirk suggested by Jakub Jelinek.
- * Fixed in GCC 4.8.2 and later versions.
- *
- * (asm goto is automatically volatile - the naming reflects this.)
- */
-#define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
-
-#ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP
-#define __HAVE_BUILTIN_BSWAP32__
-#define __HAVE_BUILTIN_BSWAP64__
-#define __HAVE_BUILTIN_BSWAP16__
-#endif /* CONFIG_ARCH_USE_BUILTIN_BSWAP */
--
2.11.0
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
