Fixes the following security issue:
- CVE-2021-3181: rfc822.c in Mutt through 2.0.4 allows remote attackers to
cause a denial of service (mailbox unavailability) by sending email
messages with sequences of semicolon characters in RFC822 address fields
(aka terminators of empty groups). A small email message from the
attacker can cause large memory consumption, and the victim may then be
unable to see email messages from other persons.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c1413cd94c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The host build of uboot-tools can occur early in the build process and may
require the creation of BINARIES_DIR before generation of an enabled envimage
and/or boot script binary. So to resolve this in proper way, separated the
build and installation part of uboot env/script in their respective commands.
Signed-off-by: Kalpesh Panchal <kalpesh.panchal@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d8db91fc6f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 4fea71ac78 (package/sudo: security bump to version 1.9.5p2)
removed the patch, but forgot to remove the now unneeded autoreconf. Fix
that.
Reported-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 84a8aac451)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Major changes between sudo 1.9.5p2 and 1.9.5p1
* Buildroot: dropped a patch that was included in the release.
* Fixed sudo's setprogname(3) emulation on systems that don't
provide it.
* Fixed a problem with the sudoers log server client where a partial
write to the server could result the sudo process consuming large
amounts of CPU time due to a cycle in the buffer queue. Bug #954.
* Added a missing dependency on libsudo_util in libsudo_eventlog.
Fixes a link error when building sudo statically.
* The user's KRB5CCNAME environment variable is now preserved when
performing PAM authentication. This fixes GSSAPI authentication
when the user has a non-default ccache.
* When invoked as sudoedit, the same set of command line options
are now accepted as for "sudo -e". The -H and -P options are
now rejected for sudoedit and "sudo -e" which matches the sudo
1.7 behavior. This is part of the fix for CVE-2021-3156.
* Fixed a potential buffer overflow when unescaping backslashes
in the command's arguments. Normally, sudo escapes special
characters when running a command via a shell (sudo -s or sudo
-i). However, it was also possible to run sudoedit with the -s
or -i flags in which case no escaping had actually been done,
making a buffer overflow possible. This fixes CVE-2021-3156.
https://www.sudo.ws/stable.html#1.9.5p2
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4fea71ac78)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
opentracing-cpp fails to build if clang-tidy is installed:
...
-- clang-tidy found: /usr/lib/llvm/11/bin/clang-tidy
-- Configuring done
-- Generating done
...
[ 25%] Building CXX object CMakeFiles/opentracing.dir/src/propagation.cpp.o
.../buildroot/output/build/opentracing-cpp-1.5.1/include/opentracing/string_view.h:5:10: error: 'algorithm' file not found [clang-diagnostic-error]
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:3:11: warning: '__llvm_libc' needs to be the outermost namespace [llvmlibc-implementation-in-namespace]
namespace opentracing {
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:11:3: warning: use '= default' to define a trivial default constructor [hicpp-use-equals-default,modernize-use-equals-default]
PropagationErrorCategory() {}
^ ~~
= default;
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:13:15: warning: use a trailing return type for this function [modernize-use-trailing-return-type]
const char* name() const noexcept override {
~~~~~~~~~~~ ^
auto -> const char*
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:13:15: warning: method 'name' can be made static [readability-convert-member-functions-to-static]
const char* name() const noexcept override {
^ ~~~~~~
static
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:17:24: warning: use a trailing return type for this function [modernize-use-trailing-return-type]
std::error_condition default_error_condition(int code) const
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:37:15: warning: use a trailing return type for this function [modernize-use-trailing-return-type]
std::string message(int code) const override {
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp:58:28: warning: use a trailing return type for this function [modernize-use-trailing-return-type]
const std::error_category& propagation_error_category() {
^
226 warnings and 1 error generated.
Error while processing .../buildroot/output/build/opentracing-cpp-1.5.1/src/propagation.cpp.
Suppressed 218 warnings (218 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
Found compiler error(s).
make[3]: *** [CMakeFiles/opentracing.dir/build.make:83: CMakeFiles/opentracing.dir/src/propagation.cpp.o] Error 1
make[3]: *** Waiting for unfinished jobs....
.../buildroot/output/build/opentracing-cpp-1.5.1/include/opentracing/string_view.h:5:10: error: 'algorithm' file not found [clang-diagnostic-error]
^
.../buildroot/output/build/opentracing-cpp-1.5.1/src/dynamic_load.cpp:4:
Disable the 'ENABLE_LINTING' option to avoid this influence.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit aede6dd7b6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop libupnp18 as libupnp has been bumped to 1.14.x and 1.8.x will not
been fixed against CallStranger a.k.a. CVE-2020-12695
mpd and vlc are already compliant with libupnp 1.14.x (i.e those
packages use UpnpInit2 instead of the deprecated UpnpInit)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit eddc9df972)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Move site to Orange-OpenSource
- Drop patch (already in version)
- This version is compatible with libupnp 1.14.x to fix
CallStranger a.k.a. CVE-2020-12695
- Add threadutil license (BSD-3-Clause)
- Update hash in license file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a83073ac31)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- This version is compatible with libupnp 1.14.x which fix
CallStranger a.k.a. CVE-2020-12695
- Drop all patches (already in version)
- expat is not needed since version 1.5.0 and
a4f0cccd6a
- fmt is a mandatory dependency since version 1.5.0 and
fe81e5fc88
- spdlog is a mandatory dependency since version 1.5.0 and
615d698fe4
- pugixml is a mandatory dependency since version 1.5.0 and
c244006aa0
- libnpupnp can be used instead of libupnp since version 1.6.2 and
e648763626
- Set CXX_FILESYSTEM_NO_LINK_NEEDED to ON to avoid a build failure
due to check_cxx_source_runs which has been added with
8ea0fce24c
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- libupnp and libnpupnp are mutually exclusive
- fix typo in npupnp package name
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 61b1107e30)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CallStranger a.k.a. CVE-2020-12695 as well as CVE-2020-13848
- Update indentation in hash file (two spaces)
- Backport all changes from libupnp18 to libupnp:
- Use COPYING instead of LICENSE (no license change)
- Add host-pkgconf dependency
- Add --enable-reuseaddr
- Add openssl optional dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 118648d161)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2020-36221: An integer underflow was discovered in OpenLDAP before
2.4.57 leading to slapd crashes in the Certificate Exact Assertion
processing, resulting in denial of service (schema_init.c
serialNumberAndIssuerCheck).
- CVE-2020-36222: A flaw was discovered in OpenLDAP before 2.4.57 leading to
an assertion failure in slapd in the saslAuthzTo validation, resulting in
denial of service.
- CVE-2020-36223: A flaw was discovered in OpenLDAP before 2.4.57 leading to
a slapd crash in the Values Return Filter control handling, resulting in
denial of service (double free and out-of-bounds read).
- CVE-2020-36224: A flaw was discovered in OpenLDAP before 2.4.57 leading to
an invalid pointer free and slapd crash in the saslAuthzTo processing,
resulting in denial of service.
- CVE-2020-36225: A flaw was discovered in OpenLDAP before 2.4.57 leading to
a double free and slapd crash in the saslAuthzTo processing, resulting in
denial of service.
- CVE-2020-36226: A flaw was discovered in OpenLDAP before 2.4.57 leading to
a memch->bv_len miscalculation and slapd crash in the saslAuthzTo
processing, resulting in denial of service.
- CVE-2020-36227: A flaw was discovered in OpenLDAP before 2.4.57 leading to
an infinite loop in slapd with the cancel_extop Cancel operation,
resulting in denial of service.
- CVE-2020-36228: An integer underflow was discovered in OpenLDAP before
2.4.57 leading to a slapd crash in the Certificate List Exact Assertion
processing, resulting in denial of service.
- CVE-2020-36229: A flaw was discovered in ldap_X509dn2bv in OpenLDAP before
2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring,
resulting in denial of service.
- CVE-2020-36230: A flaw was discovered in OpenLDAP before 2.4.57 leading in
an assertion failure in slapd in the X.509 DN parsing in decode.c
ber_next_element, resulting in denial of service.
https://www.openldap.org/software/release/changes.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 46c4c9684d)
[Peter: mark as security bump, add CVE info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some external packages call pg_config to determine the installed
PostgreSQL options. Add this output to Buildroots own pg_config,
so these packages correctly compile.
Added options:
--pkgincludedir
--pgxs
--cflags
--cc
--pkglibdir
--bindir
--sharedir
--localedir
--docdir
--mandir
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e3ff618bd8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
See also commit 4ff6e52392 which describes the
problem in detail.
The same problem now arises again, because syslog-ng renamed the
--enable-snmp-dest option into --enable-afsnmp. See syslog-ng commit
4537938474771673ef5bd4a9cad7c9a7dc20b7c1, first part of 3.27.1.
Update the configure options passed from Buildroot accordingly.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 40f4468e94)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 40bb37bd70 refactored get-developers, and now the 'os' module is
no longer needed, but still imported:
utils/get-developers:6:1: F401 'os' imported but unused
1 F401 'os' imported but unused
Drop it now.
Reported-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9277978e28)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
boost is an optional dependency which is enabled by default since
version 0.80.0 and
355fd8d58c
There is no cmake option to enable or disable this dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 497f989d75)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
meson will by default try to detect the presence of ccache, and if
found, will use it unconditionally.
However, using a system-wide ccache, which would be using our own cache
directory, may very well conflict with our own ccache.
But there is no option to disable that meson behaviour. The only
workaround that is even the official documented way to do so, is to
actually pass environment variables that point to the compiler:
https://mesonbuild.com/Feature-autodetection.html#ccache
For the host variants, we pass $(HOST_CONFIGURE_OPTS) in the environment,
and this contains correct settings for CC and CXX, so meson does not try
and detect ccache; it uses exactly what we tell it to use.
For the target variant, the settings for the cross-compiler are defined
in the cross-compilation file, and so meson just abides by our will. But
for the compiler-for-build, there is no way to specify the CC_FOR_BUILD
or CXX_FOR_BUILD via a cross-compilation file:
https://mesonbuild.com/Machine-files.htmlhttps://mesonbuild.com/Cross-compilation.html
We could pass the full TARGET_CONFIGURE_OPTS in the environment, like we
do for the host variant, but this contains a lot more variables that are
supposed to be covered by the cross-compilation file.
So, we stay safe and just provide the exact two variables that meson
will use to avoid detecting ccache.
If the current configuration defines the use of ccache, then these two
variables will be properly setup to use our own ccache.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Gleb Mazovetskiy <glex.spb@gmail.com>
Cc: James Hilliard <james.hilliard1@gmail.com>
Cc: Norbert Lange <nolange79@gmail.com>
(cherry picked from commit f4a61d1ae2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As reported on IRC by sephthir, the qemu_sparc_ss10_defconfig doesn't
work as expected: the system generated when booted under Qemu produces
illegal instruction messages.
gcc 8.3, 9.2 are the latest working gcc version. git bisect between
gcc 8.3 and 8.4 allowed to identify the commit that introcuced the
regression.
Reverting this patch allowed to produce a working rootfs.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/786589934
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4d16e6f532)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit dfcc18f84b cmake-package
_INSTALL_STAGING_OPTS/_INSTALL_TARGET_OPTS use 'install/fast'
instead of 'install', adjust documentation accordingly.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0c80a0da9a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fixes CVE-2021-23239, a potential information leak in sudoedit that
could be used to test for the existence of directories not normally
accessible to the user in certain circumstances. When creating a new
file, sudoedit checks to make sure the parent directory of the new
file exists before running the editor. However, a race condition
exists if the invoking user can replace (or create) the parent
directory. If a symbolic link is created in place of the parent
directory, sudoedit will run the editor as long as the target of the
link exists. If the target of the link does not exist, an error
message will be displayed. The race condition can be used to test for
the existence of an arbitrary directory. However, it cannot be used to
write to an arbitrary location.
- Fixes CVE-2021-23240, a flaw in the temporary file handling of
sudoedit's SELinux RBAC support. On systems where SELinux is enabled,
a user with sudoedit permissions may be able to set the owner of an
arbitrary file to the user-ID of the target user. On Linux kernels
that support protected symlinks setting
/proc/sys/fs/protected_symlinks to 1 will prevent the bug from being
exploited. For more information, see Symbolic link attack in
SELinux-enabled sudoedit.
- Update license hash:
- copyright of python bindings added with
6c1b155fed
- a few other files (ISC licenced) added with
d4b2db9078
- year updated with
9e111eae57
- Update indentation in hash file (two spaces)
https://www.sudo.ws/stable.html#1.9.5p1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1b14e99666)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Using absolute paths within getdeveloperlib isn't very sensible, it
makes a lot more sense to handle everything as relative paths from the
top-level Buildroot source directory.
parse_developers() is changed to no longer take the base path as
argument: it is automatically calculated based on the location of
utils/getdeveloperlib.py. Then, the rest of the logic is adjusted to
use relative paths, and prepend them with the base "brpath" when
needed.
This commit allows pkg-stats to report correct developers information
even when executed from an out of tree directory.
Before this patch:
$ ~/buildroot/support/scripts/pkg-stats -p ipmitool --json out.json
$ cat out.json | jq '.packages.ipmitool.developers'
[]
$ cat out.json | jq '.defconfigs.stm32f469_disco'
{
"name": "stm32f469_disco",
"path": "configs/stm32f469_disco_defconfig",
"developers": []
}
After this patch:
$ ~/buildroot/support/scripts/pkg-stats -p ipmitool --json out.json
$ cat out.json | jq '.packages.ipmitool.developers'
[
"Floris Bos <bos@je-eigen-domein.nl>",
"Heiko Thiery <heiko.thiery@gmail.com>"
]
$ cat out.json | jq '.defconfigs.stm32f469_disco'
{
"name": "stm32f469_disco",
"path": "configs/stm32f469_disco_defconfig",
"developers": [
"Christophe Priouzeau <christophe.priouzeau@st.com>"
]
}
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 40bb37bd70)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With Python 3.8, the following deprecation warnings are emitted:
/home/thomas/projets/buildroot/./support/scripts/pkg-stats:418: DeprecationWarning: The explicit passing of coroutine objects to asyncio.wait() is deprecated since Python 3.8, and scheduled for removal in Python 3.11.
/home/thomas/projets/buildroot/./support/scripts/pkg-stats:536: DeprecationWarning: The explicit passing of coroutine objects to asyncio.wait() is deprecated since Python 3.8, and scheduled for removal in Python 3.11.
The correct way to pass coroutines is to use asyncio.create_task(),
but this is rather new method (Python 3.7), and using it breaks
compatibility with older Python versions. As suggested at
https://docs.python.org/3/library/asyncio-task.html#asyncio.create_task,
use the more cryptic, but also more compatible asyncio.ensure_future()
method.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ffb2620405)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The cve module needs ijson, which may not be installed. Since cve
matching is only enabled when --nvd-path is passed, it is a bit silly
to error out about ijson being missing if it's not used.
So instead of unconditionally importing the cve module, only do it
conditionally.
However, instead of doing it right at the point where it is used, we
do it at the beginning of the main() function. Indeed, if the cve
module is needed but cannot be imported, we want to error out
immediately rather than doing a whole bunch of things, and failing on
the user later on in the middle of the pkg-stats execution.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 824032d168)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Until now the bootlin-x86-64-glibc was using a Bootlin toolchain as a
custom external toolchain. However, now that we have the
toolchain-external-bootlin package explicitly supporting Bootlin
toolchains as known toolchain profiles, it makes sense to use
that. Indeed, this will ensure that this autobuilder configuration
will use the latest available version of the Buildroot toolchain for
x86-64 glibc.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 01533244a5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When a package has both a target and a host variant, and uses git
submodules, and the host variant is downloaded before the target one, we
end up with the generated archive missing the submodules.
This happens in exactly one package in our tree: c-capnproto.
This issue was not caught before because after a few days, the full
sources are added to sources.buildroot.net. So when the hash check
fails, the full tarball is simply downloaded from there.
Propagate the git submodule setting from the target variant to the host
variant, unless the host variant explicitly opted-out.
Fixes:
http://autobuild.buildroot.org/results/2de9c6c8ce83569d18cc7140ebc60d6fe1aadcbf/
Reported-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 4d03923b6a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes build error
output/host/opt/ext-toolchain/bin/../lib/gcc/aarch64-amd-linux-gnu/4.9.1/../../../../aarch64-amd-linux-gnu/bin/ld:
cannot find -latomic
using this defconfig
BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_AARCH64=y
BR2_PACKAGE_OPENSSL=y
libopenssl is only used here as an example: all packages adding -latomic
if BR2_TOOLCHAIN_HAS_LIBATOMIC=y are broken, like dav1d, ffmpeg, gnutls,
kodi and vlc.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a530fd4a42)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The LLVM project has switched to using a monorepo to host all their
components. The separate, individual repositories have been closed
late 2020 / early 2021. The libclc repository is no longer.
Switch to using the libclc source from the llvm legacy and frozen
mirror.
Even though we could switch over to using the github helper, we just
keep using the git download method: it is a small repository, and it
will not impact people that were already using it.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Valentin Korenblit <valentinkorenblit@gmail.com>
Cc: Michael Opdenacker <michael.opdenacker@bootlin.com>
Acked-by: Romain Naour <romain.naour@gmail.com>
(cherry picked from commit 971d1ea7ac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The following commits:
- 7868289fd5 package/zic: bump version to 2020f
- c99374ecbb package/tzdata: bump version to 2020f
bumped the tzdata from version 2020a to 2020f. However, in 2020b, the
zic option '-y' was removed, and so was the yearistype.sh script [0].
This now spews annoying warnings:
warning: -y ignored
Fortunately, it still consumes its argument, so the missing yearistype.sh
is simply ignored.
Drop that option.
[0] https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
(cherry picked from commit 7f78eef767)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As stated in README.md, multipath-tools is covered by several licenses
and LGPL-2.0 is "just" the default license:
- GPL-2.0+ (e.g. libmultipath/alias.c)
- GPL-3.0+ (e.g. libdmmp/libdmmp.c)
- LGPL-2.1+ (e.g. libmpathcmd/mpath_cmd.c)
So replace COPYING (which is a symlink to LICENSES/LGPL-2.0) by the
approriate license files in LICENSES directory
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: further split long lines]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit fc7b7f73c4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Set the new WARNFLAGS to "" which has been added since version 0.8.5 and
82f1b164cb
Otherwise, -Werror will raise the following build failure:
/srv/storage/autobuild/run/instance-3/output-1/host/bin/mipsel-linux-gcc --std=gnu99 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -D_FORTIFY_SOURCE=1 -Werror -Wall -Wextra -Wformat=2 -Werror=implicit-int -Werror=implicit-function-declaration -Werror=format-security -Wno-clobbered -Wno-error=clobbered -Werror=cast-qual -Werror=discarded-qualifiers -pipe -DBIN_DIR=\"/sbin\" -DLIB_STRING=\"lib\" -DRUN_DIR=\"run\" -MMD -MP -fPIC -I.. -I../../libmultipath/nvme -Wp,-D_FORTIFY_SOURCE=2 -c -o nvme.o nvme.c
<command-line>: error: "_FORTIFY_SOURCE" redefined [-Werror]
Fixes:
- http://autobuild.buildroot.org/results/71f7661e7d26ca8608e902eee9f2a92376b00601
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fe4b4e9dc3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions
are vulnerable to a use-after-free bug in its TLS implementation. When
writing to a TLS enabled socket, node::StreamBase::Write calls
node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first
argument. If the DoWrite method does not return an error, this object is
passed back to the caller as part of a StreamWriteResult structure. This
may be exploited to corrupt memory leading to a Denial of Service or
potentially other exploits
- CVE-2020-8287: HTTP Request Smuggling in nodejs Affected versions of
Node.js allow two copies of a header field in a http request. For
example, two Transfer-Encoding header fields. In this case Node.js
identifies the first header field and ignores the second. This can lead
to HTTP Request Smuggling
- CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js.
You can read more about it in
https://www.openssl.org/news/secadv/20201208.txt
Update the license hash for the addition of the (MIT licensed)
cjs-module-lexer module:
9eb1fa1924
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ecc8f0fe84)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2020-35512: On Unix, avoid a use-after-free if two usernames have the
same numeric uid. In older versions this could lead to a crash (denial of
service) or other undefined behaviour, possibly including incorrect
authorization decisions if <policy group=...> is used. Like Unix
filesystems, D-Bus' model of identity cannot distinguish between users of
different names with the same numeric uid, so this configuration is not
advisable on systems where D-Bus will be used.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c80989aa9d)
[Peter: mention security fix]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit d82da39d55 forgot to move
BR2_PACKAGE_CA_CERTIFICATES condition under BR2_PACKAGE_LIBTASN1 to
avoid the following build failure:
checking if trust module is enabled... configure: WARNING: --with-libtasn1 is needed in order to build the trust module, disabling
no
checking for trust module paths... configure: error: need --enable-trust-module in order to specify trust module paths.
Fixes:
- http://autobuild.buildroot.org/results/e7f68205e1b776f9af34e6017f6eb17f46aa2f19
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0ad12b3a6a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2020-27618: An infinite loop has been fixed in the iconv program when
invoked with input containing redundant shift sequences in the IBM1364,
IBM1371, IBM1388, IBM1390, or IBM1399 character sets.
CVE-2020-29562: An assertion failure has been fixed in the iconv function
when invoked with UCS4 input containing an invalid character.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
linux-*/arch/arm/boot/dts/imx6ul.dtsi
requires the install of the sdma-imx6q.bin as stated in
line 727: fsl,sdma-ram-script-name = "imx/sdma/sdma-imx6q.bin";
without the BR2_PACKAGE_FIRMWARE_IMX_SDMA_FW_NAME being set to "imx6q"
line 102 of firmware-imx.mk does not install the firmware to to target
Signed-off-by: Rob Mellor <Rob.Mellor@ultra-pals.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 8e00c32b14)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since its introduction in Buildroot in 2013 with commit 07203d78c2
(trace-cmd: new package), trace-cmd has declared installing in staging.
But trace-cmd is a generic-package, and has never, ever provided any
commands for staging installation.
Drop this declaration.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 896b93310a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
rpcbind is only used by nfsd to export nfs share supporting older
v2, v3 protocols.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
- move the select to the corresponding symbol
- tweak the commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 95fdf09731)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes:
https://www.python.org/downloads/release/python-391/
Changelog:
https://docs.python.org/release/3.9.1/whatsnew/changelog.html
Fixes the following security issues:
- bpo-42103: Prevented potential DoS attack via CPU and RAM exhaustion when
processing malformed Apple Property List files in binary format.
- bpo-42051: The plistlib module no longer accepts entity declarations in
XML plist files to avoid XML vulnerabilities. This should not affect
users as entity declarations are not used in regular plist files.
- bpo-40791: Add volatile to the accumulator variable in
hmac.compare_digest, making constant-time-defeating optimizations less
likely.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cde875bf8b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add -p argument that ignore that specified directory already exists.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr:
- split to its own patch
- rewrite commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9c5ef6018e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add -p argument that ignore that specified directory already exists.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr:
- split to its own patch
- rewrite commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d2d629ecd8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr:
- use $(INSTALL), not "mkdir -p + cp"
- split to its own patch
- rewrite commit title
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 25bd8ba690)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since 2008 pcre is a hard-dependency of php:
aa64c6727c
Instead of optionally depending on the pcre2 package and building the
bundled pcre2 code of php in case BR2_PACKAGE_PCRE2 was not selected
we let php depend on pcre2.
While being at it rename the pcre-related configure option due to
upstream commit:
c1a22f3d4e
Fixes:
http://autobuild.buildroot.net/results/4a5/4a582af6b66c59a61b75a7047d8530202972ebdd/
because the pcre2 package already contains the fix for mips r6.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr: keep the JIT option]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit fabb1243ab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
An 'else' or 'elif' clause inside a make conditional should not be indented
in the same way as the if/endif clause. check-package did not recognize the
else statement and expected an indentation.
For example:
ifdef FOOBAR
interesting
else
more interesting
endif
would, according to check-package, need to become:
ifdef FOOBAR
interesting
else
more interesting
endif
Treat 'else' and 'elif' the same as if-like keywords in the Indent test, but
take into account that 'else' is also valid shell, so we need to correctly
handle line continuation to prevent complaining about the 'else' in:
ifdef FOOBAR
if true; \
... \
else \
... \
fi
endif
We don't add the 'else' and 'elif' statements to start_conditional, because
it would cause incorrect nesting counting in class OverriddenVariable.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a1bb132a81)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 7105e65cd6 ("package/openvpn:
adds target install of systemd unit files") added the installation of
systemd unit files. But in fact, they can be installed by openvpn's
build system. It was simply not working due to the custom install step
implemented in openvpn.mk.
So instead, let's have the autotools-package infra call "make
install", which properly installs everything that's needed for
openvpn, including systemd units, but also plugins, etc.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 30bc58d376)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Dependency on threads comes from libllcp itself not from libusb (which
is not even selected)
While at it, also add a comment about this dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b9dc970909)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In barebox v2020.09.0, kconfig has been updated to a newer version
based on Linux 5.9-rc2. As in linux, kconfig can call the compiler
to test its capabilities.
We have no way to know if a custom version would require it or not,
so we just unconditionally depend on the toolchain
Signed-off-by: Jules Maselbas <jmaselbas@kalray.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 1c1a629d81)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The upstream git tree has disappeared, but a ZIP file is still hosted
somewhere at NXP. The content of that zip file has been verified to be
100% identical to the tarball we hosted on s.b.o.
As this is a zip file, we can't use the generic extract commands, and
must come up with our own. As such, it no longer makes sense to fix the
CRLF as a post-extract hook; this is moved to the extract command.
Add a hash file while at it.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit bd560b6da5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the folloing build failure with protobuf (enabled since commit
31c68a449e) and gcc 5.3.0:
[ 53%] Building CXX object modules/dnn/CMakeFiles/opencv_dnn.dir/opencv-caffe.pb.cc.o
In file included from /home/peko/autobuild/instance-1/output-1/per-package/opencv3/host/opt/ext-toolchain/mips64el-buildroot-linux-uclibc/include/c++/5.5.0/atomic:38:0,
from /home/peko/autobuild/instance-1/output-1/per-package/opencv3/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/google/protobuf/io/coded_stream.h:115,
from /home/peko/autobuild/instance-1/output-1/build/opencv3-3.4.12/buildroot-build/modules/dnn/opencv-caffe.pb.h:23,
from /home/peko/autobuild/instance-1/output-1/build/opencv3-3.4.12/buildroot-build/modules/dnn/opencv-caffe.pb.cc:4:
/home/peko/autobuild/instance-1/output-1/per-package/opencv3/host/opt/ext-toolchain/mips64el-buildroot-linux-uclibc/include/c++/5.5.0/bits/c++0x_warning.h:32:2: error: #error This file requires compiler and library support for the ISO C++ 2011 standard. This support must be enabled with the -std=c++11 or -std=gnu++11 compiler options.
#error This file requires compiler and library support \
^
Fixes:
- http://autobuild.buildroot.org/results/7caf175af039054a032b8f63b458b3940d9ec0f3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bf96f4e8d3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenCV-3's buildsystem will try to detect ccache and use it if
available. This may yield a system-installed ccache.
However, in Buildroot, ccache is entirely hidden away and handled in the
toolchain wrapper.
Forcibly disable detection of ccache.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 505e7f4771)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In buildroot, stripping for the target is configured and implemented
with the global `BR2_STRIP_strip` option that drive the stripping in
the target-finalize step.
So, we explicitly disable stripping at build time for the target
variants.
For the host variants, however, we don't much care about symbols and
stuff, but smaller executables will hopefully load faster than bigger
ones (disputable, given that sections in ELF files are paged-in
on-demand), so we explictly enable stripping.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[yann.morin.1998@free.fr:
- add burb about the target-finalize step
- enable stripping for host variants
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3f39f902b3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2020-25692: A NULL pointer dereference was found in OpenLDAP server
and was fixed in openldap 2.4.55, during a request for renaming RDNs. An
unauthenticated attacker could remotely crash the slapd process by sending
a specially crafted request, causing a Denial of Service.
- CVE-2020-25709: Assertion failure in CSN normalization with invalid input
- CVE-2020-25710: Assertion failure in CSN normalization with invalid input
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Peter: add CVE info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 09a565d940)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Includes security fixes up to XSA-359:
XSA-345: x86: Race condition in Xen mapping code
XSA-346: undue deferral of IOMMU TLB flushes
XSA-347: unsafe AMD IOMMU page table updates
XSA-348: undue recursion in x86 HVM context switch code (CVE-2020-29566)
XSA-351: Information leak via power sidechannel (CVE-2020-28368)
XSA-352: oxenstored: node ownership can be changed by unprivileged clients
(CVE-2020-29486)
XSA-353: oxenstored: permissions not checked on root node (CVE-2020-29479)
XSA-355: stack corruption from XSA-346 change
XSA-356: infinite loop when cleaning up IRQ vectors (CVE-2020-29567)
XSA-358: FIFO event channels control block related ordering (CVE-2020-29570)
XSA-359: FIFO event channels control structure ordering (CVE-2020-29571)
And drop now upstreamed security patches.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c9d27610ab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2020-8277: Denial of Service through DNS request (High). A Node.js
application that allows an attacker to trigger a DNS request for a host of
their choice could trigger a Denial of Service by getting the application
to resolve a DNS record with a larger number of responses.
https://nodejs.org/en/blog/release/v12.19.1/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f359580796)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This will avoid the following build failure with xtensa:
[ 62%] Linking CXX executable ../../guids_test
[ 62%] Building CXX object retrace/CMakeFiles/retrace_common.dir/retrace.cpp.o
CMakeFiles/guids_test.dir/guids_test.cpp.o:(.debug_line+0xf7b): dangerous relocation: overflow after relaxation
collect2: error: ld returned 1 exit status
lib/guids/CMakeFiles/guids_test.dir/build.make:85: recipe for target 'guids_test' failed
Fixes:
- http://autobuild.buildroot.org/results/8fea93a88bb34e98e391a048c3b996b45ebac803
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0d209dce35)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In a Linux system without IPv6 support (or booted with "ipv6.disable=1")
file /proc/net/snmp6 is not present. If such file is not present an allocated
memory is not freed. Memory leak occurs even without snmp queries.
Problem seen at least since netsnmp 5.7.3 (probably even v5.6.1).
Patch backported from netsnmp 5.9, where the problem does not appear any more.
Signed-off-by: Adam Wujek <dev_public@wujek.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5e6f6e0745)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that
$ssl_force_tls was processed if an IMAP server's initial server response
was invalid. The connection was not properly closed, and the code could
continue attempting to authenticate. This could result in authentication
credentials being exposed on an unencrypted connection, or to a
machine-in-the-middle.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 89a9f74fa8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_PACKAGE_QT5BASE_OPENSSL was dropped by commit 4be1f9b9873
(package/qt5enginio: drop qt 5.6 support), but python-pyqt5 not updated to
match. Fix that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 54854dc44e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2020-29599: ImageMagick before 6.9.11-40 and 7.x before
7.0.10-40 mishandles the -authenticate option, which allows setting a
password for password-protected PDF files. The user-controlled password
was not properly escaped/sanitized and it was therefore possible to
inject additional shell commands via coders/pdf.c.
- Update license hash (correct wording to match Apache 2 license:
45e5d2493c)
https://github.com/ImageMagick/ImageMagick/blob/7.0.10-51/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b898e80639)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2019-14318: Crypto++ 8.2.0 and earlier contains a timing side
channel in ECDSA signature generation. This allows a local or remote
attacker, able to measure the duration of hundreds to thousands of
signing operations, to compute the private key used. The issue occurs
because scalar multiplication in ecp.cpp (prime field curves, small
leakage) and algebra.cpp (binary field curves, large leakage) is not
constant time and leaks the bit length of the scalar among other
information. For details, see:
https://github.com/weidai11/cryptopp/issues/869
- Update license hash due to the addition of ARM SHA1 and SHA256 asm
implementation from Cryptogams
1a63112faf4c9ca6b723https://www.cryptopp.com/release830.html
[Peter: adjust CVE info, issue is fixes in 8.3.0]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e7c789d48f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The host-ncurses install step attempts to run ldconfig, causing a permission
failure:
cd /buildroot/output/host/lib && (ln -s -f libncurses.so.6.0 libncurses.so.6; ln -s -f libncurses.so.6 libncurses.so; )
test -z "" && /sbin/ldconfig
/sbin/ldconfig: Can't create temporary cache file /etc/ld.so.cache~: Permission denied
make[3]: [/buildroot/output/host/lib/libncurses.so.6.0] Error 1 (ignored)
The error is non-fatal and ignored, but confusing.
The ncurses makefiles already avoid calling ldconfig when DESTDIR is set
(target case) but for host-ncurses DESTDIR is empty and the output/host path
is passed via --prefix.
Pass an empty ac_cv_path_LDCONFIG to the configure step, so than ldconfig is
not called.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 389f48fe90)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The 'opkg.py' script installed by host-opkg-utils has as shebang:
#!/usr/bin/env python3
which may not be available on all host machines.
Add a potential dependency on host-python3 via BR2_PYTHON3_HOST_DEPENDENCY,
which will only add the host-python3 dependency if no python3 is already
available on the host.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7dcd20f9d5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When BR2_PER_PACKAGE_DIRECTORIES=y, $(TARGET_DIR) is evaluated as
$(BASE_DIR)/target, but $$(TARGET_DIR) is evaluated as
$(BASE_DIR)/per-package/$(PKG)_NAME/target.
Signed-off-by: Tian Yuanhao <tianyuanhao@aliyun.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8d595c0d92)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When building for an ARMv8 in 32-bit, Go does not yet support ARMv8
optimizations (see issue: https://github.com/golang/go/issues/29373)
but can still benefit from ARMv7 optimizations.
Signed-off-by: Michael Baudino <michael@baudi.no>
[yann.morin.1998@free.fr:
- move the comment to its own line, expand and reword it a bit
- reword the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c59409afd9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit fixes a typo in variable names that caused CC and CXX
environment variables to be empty.
Signed-off-by: Michael Baudino <michael@baudi.no>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 4e81152078)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Starting with CMake 3.4 CMake supports setting a compiler launcher
like ccache. The feature is described in
https://cmake.org/cmake/help/latest/variable/CMAKE_LANG_COMPILER_LAUNCHER.html
This should be safe since everything is built for the host using make or ninja.
The use of *_ARG1 is discouraged by the cmake developers
https://cmake-developers.cmake.narkive.com/OTa9EKfj/cmake-c-compiler-arg-not-documented .
Without this patch I get the following error message with CMake 3.19.1 on Arch Linux.
Disabling BR2_CCACHE also resolves the issue.
/usr/bin/cmake [~]/buildroot/build/host-lzo-2.10/ -DCMAKE_INSTALL_SO_NO_EXE=0 -DCMAKE_FIND_ROOT_PATH="[...]" -DCMAKE_FIND_ROOT_PATH_MODE_PROGRAM="BOTH" -DCMAKE_FIND_ROOT_P
ATH_MODE_LIBRARY="BOTH" -DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE="BOTH" -DCMAKE_INSTALL_PREFIX="[...]" -DCMAKE_C_FLAGS="-O2 -I[...]/include" -DCMAKE_CXX_FLAGS="-O2 -I[...]/include" -DCMAKE_EXE_LINKER_FLAGS="-L[...]/lib -Wl,-rpath,[...]/lib" -DCMAKE_SHARED_LINKER_FLAGS="-L[...]/l
ib -Wl,-rpath,[...]/lib" -DCMAKE_ASM_COMPILER="/usr/bin/as" -DCMAKE_C_COMPILER="[...]/bin/ccache" -DCMAKE_CXX_COMPILER="[...]/bin/ccache"
-DCMAKE_C_COMPILER_ARG1="/usr/bin/gcc" -DCMAKE_CXX_COMPILER_ARG1="/usr/bin/g++" -DCMAKE_COLOR_MAKEFILE=OFF -DBUILD_DOC=OFF -DBUILD_DOCS=OFF -DBUILD_EXAMPLE=OFF -DBUILD_EXAMPLES=OFF -DBUILD_TEST=OFF -DBUILD_TESTS=OFF -DBUILD_TESTING=O
FF -DENABLE_SHARED=ON -DENABLE_STATIC=OFF )
-- The C compiler identification is unknown
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - failed
-- Check for working C compiler: [...]/bin/ccache
-- Check for working C compiler: [...]/bin/ccache - broken
CMake Error at /usr/share/cmake-3.19/Modules/CMakeTestCCompiler.cmake:66 (message):
The C compiler
Signed-off-by: Bernd Amend <bernd.amend@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Tested-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0e310b4fd0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.15.6 (released 2020/12/03) includes fixes to the compiler, linker, runtime,
the go command, and the io package.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 267dd8b427)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
TF-A supports stack smashing protection (-fstack-protector-*).
However, that feature is currently silently disabled because
ENABLE_STACK_PROTECTOR is not set during build time.
As documented in the TF-A user guide, the flag ENABLE_STACK_PROTECTOR
is required to enable stack protection support. When enabled the symbols
for the stack protector (e.g. __stack_chk_guard) are built.
This needs to be done because TF-A does not link against an external
library that provides that symbols (e.g. libc).
So in case we see that BR2_SSP_* is enabled, let's enable the corresponding
ENABLE_STACK_PROTECTOR build flag for TF-A as documented in the TF-A user guide.
This patch also fixes a the following linker errors with older TF-A versions
if BR2_SSP_* is enabled (i.e. -fstack-protector-* is used as compiler flag)
and ENABLE_STACK_PROTECTOR is not set, which are caused by the missing
stack protector symbols:
[...]
params_setup.c:(.text.params_early_setup+0xc): undefined reference to `__stack_chk_guard'
aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x14): undefined reference to `__stack_chk_guard'
aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x104): undefined reference to `__stack_chk_guard'
aarch64-none-linux-gnu-ld: params_setup.c:(.text.params_early_setup+0x118): undefined reference to `__stack_chk_fail'
aarch64-none-linux-gnu-ld: ./build/px30/release/bl31/pmu.o: in function `rockchip_soc_sys_pwr_dm_suspend':
pmu.c:(.text.rockchip_soc_sys_pwr_dm_suspend+0xc): undefined reference to `__stack_chk_guard'
[...]
TF-A releases after Nov 2019, that include 7af195e29a4, will circumvent
these issue by explicitliy and silently disabling the stack protector
by appending '-fno-stack-protector' to the compiler flags in case
ENABLE_STACK_PROTECTOR is not set.
Tested on a Rockchip PX30 based system (TF-A v2.2 and upstream/master).
Signed-off-by: Christoph Müllner <christoph.muellner@theobroma-systems.com>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 7b3fcbcdaa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patch '0001-fix-compile-time-atomic-detection.patch' claims to be Merged but
this is not true. The linked issue is closed with 'Needs information', and
the code itself is effectively not merged.
Clarify the 'Upstream-status' line to make this more clear.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 43021dfb77)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
* 4.6.2: A vulnerability (CVE-2020-27783) was discovered in the HTML Cleaner
by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner now
removes more sneaky "style" content.
* 4.6.1: A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry,
which allowed JavaScript to pass through. The cleaner now removes more
sneaky "style" content.
For more details, see the changes file:
https://github.com/lxml/lxml/blob/lxml-4.6.2/CHANGES.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ea41a5faab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2020-27207: Zetetic SQLCipher 4.x before 4.4.1 has a
use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in
sqlite3.c. A remote denial of service attack can be performed. For
example, a SQL injection can be used to execute the crafted SQL command
sequence. After that, some unexpected RAM data is read.
https://www.zetetic.net/blog/2020/11/25/sqlcipher-442-release
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f38893f8dd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The old git tree is unreachable now, switch to using the new one.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c7bd3805bd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Weston does not work with the ti-sgx SDK, so switch to using the
KMS-based demos.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr: split off into its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 29ff603f08)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
weston does not work on the ti-sgx SDK, so switch to using KMS directly,
and drop the wayland-related config options.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr: split into its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8efc5dce98)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which
allows access by actors other than the current user.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3b6a105af8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2020-25412: com_line() in command.c in gnuplot 5.4 leads to an
out-of-bounds-write from strncpy() that may lead to arbitrary code
execution.
- Drop second patch (already in version)
- Update indentation in hash file (two spaces)
http://gnuplot.info/ReleaseNotes_5_4_1.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2020-15257: Access controls for the shim’s API socket verified that
the connecting process had an effective UID of 0, but did not otherwise
restrict access to the abstract Unix domain socket. This would allow
malicious containers running in the same network namespace as the shim,
with an effective UID of 0 but otherwise reduced privileges, to cause new
processes to be run with elevated privileges.
For more details, see the advisory:
https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libcap builds an incorrect libcap.pc because libdir is pulled from the
host os:
ifndef lib
lib=$(shell ldd /usr/bin/ld|egrep "ld-linux|ld.so"|cut -d/ -f2)
endif
Fix this error by passing lib=lib and prefix in
{HOST_LIBCAP,LIBCAP}_BUILD_CMDS
Fixes:
- https://bugs.buildroot.org/show_bug.cgi?id=13276
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
* CVE-2020-14360 / ZDI CAN 11572 XkbSetMap Out-Of-Bounds Access
Insufficient checks on the lengths of the XkbSetMap request can lead to
out of bounds memory accesses in the X server.
* CVE-2020-25712 / ZDI-CAN-11839 XkbSetDeviceInfo Heap-based Buffer Overflow
Insufficient checks on input of the XkbSetDeviceInfo request can lead to a
buffer overflow on the head in the X server.
For more details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/12/01/3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the release notes:
- Security/Reliability:
- Fixed memory leaks when a response is buffered and the buffer
limit is reached or Privoxy is running out of memory.
Commits bbd53f1010b and 4490d451f9b. OVE-20201118-0001.
Sponsored by: Robert Klemme
- Fixed a memory leak in the show-status CGI handler when
no action files are configured. Commit c62254a686.
OVE-20201118-0002.
Sponsored by: Robert Klemme
- Fixed a memory leak in the show-status CGI handler when
no filter files are configured. Commit 1b1370f7a8a.
OVE-20201118-0003.
Sponsored by: Robert Klemme
- Fixes a memory leak when client tags are active.
Commit 245e1cf32. OVE-20201118-0004.
Sponsored by: Robert Klemme
- Fixed a memory leak if multiple filters are executed
and the last one is skipped due to a pcre error.
Commit 5cfb7bc8fe. OVE-20201118-0005.
- Prevent an unlikely dereference of a NULL-pointer that
could result in a crash if accept-intercepted-requests
was enabled, Privoxy failed to get the request destination
from the Host header and a memory allocation failed.
Commit 7530132349. CID 267165. OVE-20201118-0006.
- Fixed memory leaks in the client-tags CGI handler when
client tags are configured and memory allocations fail.
Commit cf5640eb2a. CID 267168. OVE-20201118-0007.
- Fixed memory leaks in the show-status CGI handler when memory
allocations fail. Commit 064eac5fd0 and commit fdee85c0bf3.
CID 305233. OVE-20201118-0008.
For more details, see the announcement:
https://www.openwall.com/lists/oss-security/2020/11/29/1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Backport upstream commit ([1]) adding missing string include.
Fixes:
- http://autobuild.buildroot.net/results/53a5f023ae40db18f45ebe7578962914c2d22a44
In file included from .../build/kmsxx-cb0786049f960f2bd383617151b01318e02e9ff9/kms++/inc/kms++/omap/omapcard.h:3,
from .../build/kmsxx-cb0786049f960f2bd383617151b01318e02e9ff9/kms++/src/omap/omapcard.cpp:2:
.../build/kmsxx-cb0786049f960f2bd383617151b01318e02e9ff9/kms++/inc/kms++/card.h:17:18: error: 'string' in namespace 'std' does not name a type
17 | Card(const std::string& device);
| ^~~~~~
[1] b53f9d383c.patch
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2020-15180: during SST a joiner sends an sst method name to the donor.
Donor then appends it to the "wsrep_sst_" string to get the name of the
sst script to use, e.g. wsrep_sst_rsync. There is no validation or
filtering here, so if the malicious joiner sends, for example, "rsync `rm
-rf /`" the donor will execute that too.
- CVE-2020-14812: Vulnerability in the MySQL Server product of Oracle MySQL
(component: Server: Locking). Supported versions that are affected are
5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily
exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause
a hang or frequently repeatable crash (complete DOS) of MySQL Server.
- CVE-2020-14765: Vulnerability in the MySQL Server product of Oracle MySQL
(component: Server: FTS). Supported versions that are affected are 5.6.49
and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.
- CVE-2020-14776: Vulnerability in the MySQL Server product of Oracle MySQL
(component: InnoDB). Supported versions that are affected are 5.7.31 and
prior and 8.0.21 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.
- CVE-2020-14789: Vulnerability in the MySQL Server product of Oracle MySQL
(component: Server: FTS). Supported versions that are affected are 5.7.31
and prior and 8.0.21 and prior. Easily exploitable vulnerability allows
high privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server.
- CVE-2020-28912:
https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-bui.pdf
describes a named pipe privilege vulnerability, specifically for MySQL,
where an unprivileged user, located on the same machine as the server, can
act as man-in-the-middle between server and client.
Additionally, 10.3.27 fixes a regression added in 10.3.26.
Drop weak md5/sha1 checksums.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
1.3.6e
---------
+ Fixed null pointer deference in mod_sftp when using SCP incorrectly
(Issue #1043).
1.3.6d
---------
+ Fixed issue with FTPS uploads of large files using TLSv1.3 (Issue #959).
1.3.6c
---------
+ Fixed regression in directory listing latency (Issue #863).
+ Detect OpenSSH-specific formatted SFTPHostKeys, and log hint for
converting them to supported format.
+ Fixed use-after-free vulnerability during data transfers (Issue #903)
[CVE-2020-9273]
+ Fixed out-of-bounds read in mod_cap by updating the bundled libcap
(Issue #902) [CVE-2020-9272]
http://proftpd.org/docs/RELEASE_NOTES-1.3.6e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: mark as security bump, add CVEs]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
While processing ARP/NCSI packets in 'arp_input' or 'ncsi_input'
routines, ensure that pkt_len is large enough to accommodate the
respective protocol headers, lest it should do an OOB access.
Add check to avoid it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes#13341
The -x / --exec start-stop-daemon option expects the path to the executable,
not just the name, leading to errors when running the init script:
Starting vsftpd: start-stop-daemon: unable to stat //vsftpd (No such file or directory)
Reported-by: tochansky@tochlab.net
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add upstream patch [1] to fix (musl) time_t related compile failure.
Fixes:
- https://bugs.busybox.net/show_bug.cgi?id=13336
src/thd_trip_point.cpp: In member function ‘bool cthd_trip_point::thd_trip_point_check(int, unsigned int, int, bool*)’:
src/thd_trip_point.cpp:250:19: error: format ‘%ld’ expects argument of type ‘long int’, but argument 6 has type ‘time_t’ {aka ‘long long int’} [-Werror=format=]
250 | thd_log_info("Too early to act zone:%d index %d tm %ld\n",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
251 | zone_id, cdev->thd_cdev_get_index(),
252 | tm - cdevs[i].last_op_time);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~
| |
| time_t {aka long long int}
src/thermald.h:82:57: note: in definition of macro ‘thd_log_info’
82 | #define thd_log_info(...) g_log(NULL, G_LOG_LEVEL_INFO, __VA_ARGS__)
| ^~~~~~~~~~~
src/thd_trip_point.cpp:250:59: note: format string is defined here
250 | thd_log_info("Too early to act zone:%d index %d tm %ld\n",
| ~~^
| |
| long int
| %lld
[1] a7136682b9.patch
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop dependency on BR2_ENABLE_LOCALE, which was marked as a dependency
of wlroots, but wlroots does not depend on it anymore.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop dependency on BR2_ENABLE_LOCALE, which was marked as a dependency of
libinput which is selected by wlroots. However, libinput does not depend on
BR2_ENABLE_LOCALE since commit bef6b92b67 (package/libinput: remove
dependency on BR2_ENABLE_LOCALE).
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
xinetd does not enforce the user and group configuration directives for
TCPMUX services, which causes these services to be run as root and makes it
easier for remote attackers to gain privileges by leveraging another
vulnerability in a service.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Without hashlib module pip returns the following errors:
# pip
ValueError: unsupported hash type sha224
ERROR:root:code for hash sha256 was not found.
Traceback (most recent call last):
File "/usr/lib/python2.7/hashlib.py", line 147, in <module>
File "/usr/lib/python2.7/hashlib.py", line 97, in __get_builtin_constructor
ValueError: unsupported hash type sha256
ERROR:root:code for hash sha384 was not found.
Traceback (most recent call last):
File "/usr/lib/python2.7/hashlib.py", line 147, in <module>
File "/usr/lib/python2.7/hashlib.py", line 97, in __get_builtin_constructor
ValueError: unsupported hash type sha384
ERROR:root:code for hash sha512 was not found.
Traceback (most recent call last):
File "/usr/lib/python2.7/hashlib.py", line 147, in <module>
File "/usr/lib/python2.7/hashlib.py", line 97, in __get_builtin_constructor
ValueError: unsupported hash type sha512
Traceback (most recent call last):
File "/usr/bin/pip", line 11, in <module>
load_entry_point('pip==20.0.2', 'console_scripts', 'pip')()
File "/usr/lib/python2.7/site-packages/pip/_internal/cli/main.py", line 73, in main
File "/usr/lib/python2.7/site-packages/pip/_internal/commands/__init__.py", line 96, in create_command
File "/usr/lib/python2.7/importlib/__init__.py", line 37, in import_module
File "/usr/lib/python2.7/site-packages/pip/_internal/commands/install.py", line 24, in <module>
File "/usr/lib/python2.7/site-packages/pip/_internal/cli/req_command.py", line 15, in <module>
File "/usr/lib/python2.7/site-packages/pip/_internal/index/package_finder.py", line 21, in <module>
File "/usr/lib/python2.7/site-packages/pip/_internal/index/collector.py", line 12, in <module>
File "/usr/lib/python2.7/site-packages/pip/_vendor/requests/__init__.py", line 43, in <module>
File "/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/__init__.py", line 7, in <module>
File "/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/connectionpool.py", line 29, in <module>
File "/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/connection.py", line 40, in <module>
File "/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/util/__init__.py", line 7, in <module>
File "/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/util/ssl_.py", line 8, in <module>
ImportError: cannot import name md5
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2020-28196: MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before
1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message
because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite
lengths lacks a recursion limit.
Also fix .hash file indentation.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF
Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the
XML writer, leading to heap-based buffer overflows (sometimes seen in
raptor_qname_format_as_xml).
For more details, see the oss-security discussion:
https://www.openwall.com/lists/oss-security/2020/11/13/1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libmagic is an optional dependency of gensoimage that can raise the
following build failure:
/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: /home/buildroot/autobuild/instance-0/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libmagic.a(compress.o): in function `uncompressbuf':
compress.c:(.text+0x7bc): undefined reference to `lzma_auto_decoder'
/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: compress.c:(.text+0x828): undefined reference to `lzma_code'
/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: compress.c:(.text+0x848): undefined reference to `lzma_end'
collect2: error: ld returned 1 exit status
genisoimage/CMakeFiles/genisoimage.dir/build.make:628: recipe for target 'genisoimage/genisoimage' failed
Fixes:
- http://autobuild.buildroot.org/results/7e06edc363817c9c9a1687ec89e9984a90a2012d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The wcsnrtombs function has been found to have multiple bugs in handling of
destination buffer size when limiting the input character count, which can
lead to infinite loop with no forward progress (no overflow) or writing past
the end of the destination buffer.
For more details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/11/20/4
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a minor release which solved a build issues and fixes a number
of rendering issues. Release notes:
https://wpewebkit.org/release/wpewebkit-2.30.3.html
Patch "0002-WebProcess-InjectedBundle-fix-compile-without-video-.patch"
can be removed because a similar fix is included in this release.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2020-25032: An issue was discovered in Flask-CORS (aka CORS Middleware
for Flask) before 3.0.9. It allows ../ directory traversal to access
private resources because resource matching does not ensure that pathnames
are in a canonical format.
Also drop outdated md5 checksum and fix .hash indentation.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 4266c9f54f (package/gvfs: needs dynamic library) updated the
dependency of gvfs, but inverted the comment dependency, causing it to only
be shown if !static - Fix that.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Reviewed-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Replace ENABLE_DPKD by ENABLE_DPDK to fix the following error:
Manually-specified variables were not used by the project:
BUILD_DOC
BUILD_DOCS
BUILD_EXAMPLE
BUILD_EXAMPLES
BUILD_TEST
BUILD_TESTING
BUILD_TESTS
ENABLE_DPKD
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pkg-stats is not able anymore to set the developers for defconfigs and
packages. This issue is introduced with
ae86067a15. The hasfile() method from
Developer object tries to check an absolute path against a relative path.
Convert the filepath to be checked also into an absolute path.
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- avoid read-heap-buffer-overflow in ares_parse_soa_reply found during
fuzzing
- Avoid theoretical buffer overflow in RC4 loop comparison
- Empty hquery->name could lead to invalid memory access
- ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was
passed in
https://c-ares.haxx.se/changelog.html#1_17_0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When using a custom git or mercurial repository for u-boot the error message
indicating a version had not been provided incorrectly stated that the URL was
missing. Update the error message to indicate that it's the version that's
missing.
Signed-off-by: Garret Kelly <garret.kelly@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This will avoid the following build failure with qemu 5.0.0 and above:
/srv/storage/autobuild/run/instance-2/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-uclibc/8.3.0/../../../../x86_64-buildroot-linux-uclibc/bin/ld: /srv/storage/autobuild/run/instance-2/output-1/host/x86_64-buildroot-linux-uclibc/sysroot/usr/lib/../lib64/libnuma.a(libnuma.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a PIE object; recompile with -fPIC
Fixes:
- http://autobuild.buildroot.org/results/616dff216a215dc0494c846d337e03e0795b2fb2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
--disable-bzip2 is not a recognized option so replace it by
--disable-libbz2 to match the target logic.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We change Trent's e-mail address in commit
1c20802d4b, but it turns out the new one
also doesn't work:
<trent.piepho@synapse.com>: host
synapse-com.mail.protection.outlook.com[104.47.57.138] said: 550 5.4.1
Recipient address rejected: Access denied. AS(201806281)
[DM6NAM11FT063.eop-nam11.prod.protection.outlook.com] (in reply to RCPT TO
command)
So let's drop Trent entirely, which orphans the libp11 package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Attempting to compile this package with newer Kernel version (e.g. v5.4)
fails with message:
Generating local configuration database from kernel ...Kernel version parse failed!
Upgrading the package to 5.8 fixes this issue. Anyways, v4.4 is now
rather old and beat the very purpose of having newer drivers in older
kernels.
Since backports tag v4.14-rc4-1, the requirement on minimal kernel
version changed from 3.0 to 3.10. See commit [1]. The minimal kernel
version check is changed accordingly.
License files are also updated: the linux backports package copies the
license files from the kernel version used for its generation. v5.8 is
now "GPL-2.0 WITH Linux-syscall-note". However, there is no such SPDX
identifier (contrary to what is said in the COPYING file), so we keep it
as GPL-2.0 (which also keeps it aligned to what we have in linux.mk).
[1] https://git.kernel.org/pub/scm/linux/kernel/git/backports/backports.git/commit/?id=a0d05f9f9ca50ea8b1d60726fac6b54167257e76
Signed-off-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Tested-by: Petr Vorel <petr.vorel@gmail.com>
[yann.morin.1998@free.fr: keep license as GPL-2.0, like for linux]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since there is not necessary to have support of systemd within the host
variant let's disable it unconditionally to solve the following errors:
/usr/bin/install -c -m 644 data/rauc.service '/usr/lib/systemd/system'
/usr/bin/install: cannot create regular file '/usr/lib/systemd/system/rauc.service': Permission denied
/usr/bin/install -c -m 644 data/de.pengutronix.rauc.conf 'no'
make[4]: *** [Makefile:1700: install-nodist_systemdunitDATA] Error 1
make[4]: *** Waiting for unfinished jobs....
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
While testing Buildroot on a Cortex-A5 that doesn't provide NEON, we
found out that a system generated with the ARM toolchain from Arm
didn't boot. It turns out that this ARM toolchain is built with:
--with-arch=armv7-a --with-fpu=neon --with-float=hard --with-mode=thumb
So, it uses NEON as its FPU, which means it can only work on CPU cores
that have NEON support. This commit adds the appropriate dependency to
the toolchain-external-arm-arm package, and adjusts the Config.in help
text accordingly.
While at it, it also drops the part of the Config.in help text that
says the code is tuned for Cortex-A9, as it is not the case: it was
the case for the Linaro toolchain (built with --with-tune=cortex-a9),
but not for the ARM toolchain, for which no specific --with-tune is
passed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Alexandre Belloni <alexandre.belloni@bootlin.com>
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a
large amount of memory.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The commit 05fea6e4a6 "infra/pkg-kconfig:
do not rely on package's .config as a timestamp" broke the kernel
version check of this linux-backports package (it was no longer
executed). Since linux-4.19, the kernel's build system internally
touches its .config file, so it can no longer be used as a stamp file.
The stamp file defined in KCONFIG_STAMP_DOTCONFIG variable of
pkg-kconfig infra need to be used instead.
This commit fixes the kernel version check.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Tested-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- math/big: panic during recursive division of very large numbers
A number of math/big.Int methods (Div, Exp, DivMod, Quo, Rem, QuoRem, Mod,
ModInverse, ModSqrt, Jacobi, and GCD) can panic when provided crafted
large inputs. For the panic to happen, the divisor or modulo argument
must be larger than 3168 bits (on 32-bit architectures) or 6336 bits (on
64-bit architectures). Multiple math/big.Rat methods are similarly affected.
crypto/rsa.VerifyPSS, crypto/rsa.VerifyPKCS1v15, and crypto/dsa.Verify may
panic when provided crafted public keys and signatures. crypto/ecdsa and
crypto/elliptic operations may only be affected if custom CurveParams with
unusually large field sizes (several times larger than the largest
supported curve, P-521) are in use. Using crypto/x509.Verify on a crafted
X.509 certificate chain can lead to a panic, even if the certificates
don’t chain to a trusted root. The chain can be delivered via a
crypto/tls connection to a client, or to a server that accepts and
verifies client certificates. net/http clients can be made to crash by an
HTTPS server, while net/http servers that accept client certificates will
recover the panic and are unaffected.
Moreover, an application might crash invoking
crypto/x509.(*CertificateRequest).CheckSignature on an X.509 certificate
request or during a golang.org/x/crypto/otr conversation. Parsing a
golang.org/x/crypto/openpgp Entity or verifying a signature may crash.
Finally, a golang.org/x/crypto/ssh client can panic due to a malformed
host key, while a server could panic if either PublicKeyCallback accepts a
malformed public key, or if IsUserAuthority accepts a certificate with a
malformed public key.
Thanks to the Go Ethereum team and the OSS-Fuzz project for reporting
this. Thanks to Rémy Oudompheng and Robert Griesemer for their help
developing and validating the fix.
This issue is CVE-2020-28362 and Go issue golang.org/issue/42552.
- cmd/go: arbitrary code execution at build time through cgo
The go command may execute arbitrary code at build time when cgo is in
use. This may occur when running go get on a malicious package, or any
other command that builds untrusted code.
This can be caused by malicious gcc flags specified via a #cgo directive,
or by a malicious symbol name in a linked object file.
Thanks to Imre Rad and to Chris Brown and Tempus Ex respectively for
reporting these issues.
These issues are CVE-2020-28367 and CVE-2020-28366, and Go issues
golang.org/issue/42556 and golang.org/issue/42559 respectively.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
- https://bugs.busybox.net/show_bug.cgi?id=13306
.../wpewebkit-2.30.2/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp:242:30: error: ‘class WebCore::Settings’ has no member named ‘setGenericCueAPIEnabled’; did you mean ‘setBeaconAPIEnabled’?
page->settings().setGenericCueAPIEnabled(enabled);
^~~~~~~~~~~~~~~~~~~~~~~
setBeaconAPIEnabled
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream backports package does not define the LEX/YACC Makefile
variables, contrary to the Kernel which is defining those in [1]. The
default "lex" and "yacc" are then used. On some systems, "yacc" is
Berkeley Yacc. Kconfig parser files are using non-Posix Bison
constructs.
Attempting to generate the parser with byacc fails with error:
yacc: e - line 97 of "zconf.y", syntax error
%destructor {
^
This patch defines the LEX and YACC Makefile variable to use flex and
bison, to fix this issue. The host-bison and host-flex dependencies are
added only if the host does not have them, following the same logic of
the Kernel.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=73a4f6dbe70a1b93c11e2d1d6ca68f3522daf434
Signed-off-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- AST-2020-001: Remote crash in res_pjsip_session
Upon receiving a new SIP Invite, Asterisk did not return the created
dialog locked or referenced.
- AST-2020-002: Outbound INVITE loop on challenge with different nonce
If Asterisk is challenged on an outbound INVITE and the nonce is changed
in each response, Asterisk will continually send INVITEs in a loop. This
causes Asterisk to consume more and more memory since the transaction will
never terminate (even if the call is hung up), ultimately leading to a
restart or shutdown of Asterisk. Outbound authentication must be
configured on the endpoint for this to occur.
For details, see the announcement:
https://www.asterisk.org/asterisk-news/asterisk-13-37-1-16-14-1-17-8-1-18-0-1-and-16-8-cert5-now-available-security/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Avoid setting executable bits for apparmor.service. This gets rid of a
corresponding warning during installation:
Configuration file ../target/usr/lib/systemd/system/apparmor.service
is marked executable. Please remove executable permission bits.
Proceeding anyway.
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use fbset.c as the license file and, while at it, also update
indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use argp.h as the license file and, while at it, update indentation in
hash file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that pkg-stats is not just a maintainer-oriented tool, but a tool
generally useful to users, introduce a make target to run
pkg-stats. Of course, it is run with the newly introduced -c option,
which produces a pkg-stats output for just the selection of packages
of the currently defined configuration.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that pkg-stats is able to generate its output based on the list of
packages enabled in the current configuration, cve-checker doesn't
serve any purpose.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pkg-stats was initially a Buildroot maintenance oriented tool: it was
designed to examine all Buildroot packages and provide
statistics/details about them.
However, it turns out that a number of details provided by pkg-stats,
especially CVEs, are relevant also for Buildroot users, who would like
to check regularly if their specific Buildroot configuration is
affected by CVEs or not, and possibly check if all packages have
license information, license files, etc.
The cve-checker script was recently introduced to provide an output
relatively similar to pkg-stats, but focused on CVEs only.
But in fact, its main difference is on the set of packages that we
consider: pkg-stats considers all packages, while cve-checker uses
"make show-info" to only consider packages enabled in the current
configuration.
So, this commit introduces a -c option to pkg-stats, to tell pkg-stats
to generate its output based on the list of configured packages. -c is
mutually exclusive with the -p option (explicit list of packages) and
-n option (a number of packages, picked randomly).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, pkg-stats expects being executed from Buildroot's top-level
source directory. As we are going to extend pkg-stats to cover only
the packages available in the current configuration, it makes sense to
be able to run it from the output directory, which can be anywhere
compared to Buildroot's top-level directory.
This commit adjusts pkg-stats to this, by inferring all Buildroot
paths based on the location of the pkg-stats script itself.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
"loader_dr3_helper.c uses xcb_xfixes_create_region() that requires dep_xcb_xfixes to link.
This is dependent on with_platform_x11 and with_dri3.
But the source meson file does not set this up dependent on with_dri3."
i686-buildroot-linux-gnu/bin/ld: src/loader/libloader_dri3_helper.a(loader_dri3_helper.c.o): in function `loader_dri3_swap_buffers_msc':
loader_dri3_helper.c:(.text.loader_dri3_swap_buffers_msc+0x33e): undefined reference to `xcb_xfixes_create_region'
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/830981830
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Set BITCOIN_GENBUILD_NO_GIT to not include (Buildroot) git version info in
build, which is available since version 0.15.0 and
e98e3dde6a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
WPE WebKit 2.30.0 added an USE_SYSTEMD buil option, which needs to
be set to avoid CMake from trying to use systemd unconditionally.
Based on a similar patch for package/webkitgtk by Peter Seiderer.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix a typo in service location, the right location is indeed /usr/sbin.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- systemd support/USE_SYSTEMD option was added since 2.30.0,
so add an optional dependency
Fixes:
-- Could NOT find Systemd (missing: Systemd_LIBRARY Systemd_INCLUDE_DIR)
CMake Error at Source/cmake/OptionsGTK.cmake:425 (message):
libsystemd is needed for USE_SYSTEMD
Reported-by: C Larbi <pkl2000us@gmail.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- option was renamed from ENABLE_OPENGL to ENABLE_GRAPHICS_CONTEXT_GL
since 2.30.0
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since Qemu 5.1, this defconfig doesn't boot due to the to small SD card image size (60MB).
qemu-system-arm: sd_init failed: Invalid SD card size: 60 MiB
SD card size has to be a power of 2, e.g. 64 MiB.
You can resize disk images with 'qemu-img resize <imagefile> <new-size>'
(note that this will lose data if you make the image smaller than it currently is).
qemu-system-arm: sd_init failed
From [1]:
"While the possibility to use small SD card images has been seen as
a feature, it became a bug with CVE-2020-13253, where the guest is
able to do OOB read/write accesses past the image size end."
The qemu_arm_vexpress_tz_defconfig doesn't trigger such issue since
it doesn't use the same filesystem support (i.e doesn't use
-drive file=output/images/rootfs.ext2,if=sd,format=raw).
Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/766482935
[1] https://git.qemu.org/?p=qemu.git;a=commitdiff;h=a9bcedd15a5834ca9ae6c3a97933e85ac7edbd36
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
qemu_arm_versatile doesn't use SD card interface but SCSI, so there is no
need to increase the image size.
The change was for qemu_arm_vexpress_defconfig instead (notice the
name of the defconfig used in gitlab).
This reverts commit cb62a8e0a2.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build of xen tools fails if slirp is built before xen because xen is not
compatible with spice slirp which does not provide libslirp.h:
/home/buildroot/autobuild/instance-2/output-1/build/xen-4.13.0/tools/qemu-xen/net/slirp.c:40:10: fatal error: libslirp.h: No such file or directory
#include <libslirp.h>
^~~~~~~~~~~~
Indeed, xen prefers a system-provided slirp over its internal one
So add slirp as a mandatory dependency (now that we switched to the up
to date https://gitlab.freedesktop.org/slirp/libslirp)
This build failure is raised since, at least, version 4.13.0
Fixes:
- http://autobuild.buildroot.org/results/b80b33ed558518f7bbb0a3c8586bf2d0b8acc36f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Use an up to date fork (spice slirp is archived and has not been
updated since 2012)
- Add COPYRIGHT as the license file
- BSD-4-Clause has been replaced by BSD-3-Clause since
3bac39137af9f6e69c4e
- Add hash file
- Switch to meson-package
- Fix multiple security vulnerabilities: CVE-2014-3640, CVE-2017-11434,
CVE-2019-6778, CVE-2019-9824, CVE-2019-14378 and CVE-2020-10756
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
festival fails to built with glibc 2.18 due to fopen and the h_addr field in
struct hostent:
../gst/festival/gstfestival.c: In function 'gst_festival_chain':
../gst/festival/gstfestival.c:273:3: warning: implicit declaration of function 'fdopen' [-Wimplicit-function-declaration]
fd = fdopen (f, "wb");
^
../gst/festival/gstfestival.c:273:6: warning: assignment makes pointer from integer without a cast [enabled by default]
fd = fdopen (f, "wb");
^
../gst/festival/gstfestival.c: In function 'festival_socket_open':
../gst/festival/gstfestival.c:367:45: error: 'struct hostent' has no member named 'h_addr'
memmove (&serv_addr.sin_addr, serverhost->h_addr, serverhost->h_length);
^
Both of which are hidden behind _GNU_SOURCE in glibc 2.18, so enable that to
fix this build issue.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
dvbsubenc fails to build with gcc 4.8 due to restrict keyword and for
loop declarations:
../gst/dvbsubenc/libimagequant/blur.c:10:46: error: expected ';', ',' or ')' before 'src'
transposing_1d_blur (unsigned char *restrict src, unsigned char *restrict dst,
^
../gst/dvbsubenc/libimagequant/blur.c: In function 'liq_min3':
../gst/dvbsubenc/libimagequant/blur.c:101:5: error: 'for' loop initial declarations are only allowed in C99 mode
for (unsigned int i = 0; i < width - 1; i++) {
^
../gst/dvbsubenc/libimagequant/blur.c:101:5: note: use option -std=c99 or -std=gnu99 to compile your code
Fixes:
- http://autobuild.buildroot.org/results/183e876d63340b5c204f47a4653cbfebb0523277
Both of which are C99 features, so explicitly enable C99 support to fix
that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add license file and, while at it, update indentation to two spaces
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit b737c6b351. This was not
supposed to be committed, as the patch did not update linux.hash.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
I haven't looked at that package and touched it for 6 years now, and
clearly others have taken care of it when looking at the Git history.
Signed-off-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release. From the release notes:
go1.15.4 (released 2020/11/05) includes fixes to cgo, the compiler, linker,
runtime, and the compress/flate, net/http, reflect, and time packages.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Various bfd section macros and functions like bfd_section_size() have been
modified starting with binutils >= 2.34.
Add a patch to handle this API change.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following check-package warning added by commit
a2b98a6add:
package/davfs2/davfs2.mk:22: expected indent with tabs
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mount.davfs expects the availability of the user and group davfs2.
Signed-off-by: Sven Klomp <mail@klomp.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch is needed to fix the build with freetype >= 2.10.3.
https://www.freetype.org/index.html#news
"A warning for distribution maintainers: Version 2.10.3 and later may
break the build of ghostscript, due to ghostscript's use of a with-
drawn macro that wasn't intended for external usage."
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Although BR2_DL_DIR is indeed a site-local setting, which does not
actually define the target system, we've had it in the tree for a
long time now, and people have been depending on it for a variety
of use-cases.
Furthermore, BR2_DL_DIR is far from the only such site-local setting,
BR2_CCACHE_DIR springs to mind, and in the less-obvious category, we
can also find BR2_JLEVEL, but also BR2_WGET, BR2_SVN, BR2_GIT et al.
as they may be tweaked to set the timeout, number of retries or so on
to work around stupid proxies. But of course, the most local site-local
setting is probably BR2_PACKAGE_OVERRIDE_FILE, with its default value
being explicitly just 'local.mk'.
Ideally, we would like to have a clear separation between the
configuration that actually defines the target system on one hand,
and the site-local settings that drive and control how the build is
performed, on the other hand. This is by far a much bigger endeavour
than just dropping BR2_DL_DIR from the saved defconfig.
This reverts commit 36edacce9c (adapted
to keep the fix from 1a7873ec98).
Closes: #13291
Note: thanks to Thomas; some phrasing above was borrowed from a
discussion with him.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Lance Fredrickson <lancethepants@gmail.com>
Cc: Sven Oliver Moll <buildroot@svol.li>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Adam Duskett <aduskett@gmail.com>
This will fix the following build failure with python 3.9 and
sigrok-cli:
/srv/storage/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/mips64el-buildroot-linux-uclibc/5.5.0/../../../../mips64el-buildroot-linux-uclibc/bin/ld: /srv/storage/autobuild/run/instance-1/output-1/host/bin/../mips64el-buildroot-linux-uclibc/sysroot/usr/lib/libsigrokdecode.so: undefined reference to `PyList_Insert'
Fixes:
- http://autobuild.buildroot.org/results/cc6447b926f8223c68d0086428d29a037b18252d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following flake8 warnings:
support/testing/tests/core/test_selinux.py:21:1: E302 expected 2 blank lines, found 1
support/testing/tests/core/test_selinux.py:38:1: E302 expected 2 blank lines, found 1
support/testing/tests/core/test_selinux.py:51:1: E302 expected 2 blank lines, found 1
support/testing/tests/core/test_selinux.py:62:1: E302 expected 2 blank lines, found 1
support/testing/tests/core/test_selinux.py:65:14: E127 continuation line over-indented for visual indent
support/testing/tests/init/test_systemd_selinux.py:53:1: E302 expected 2 blank lines, found 1
support/testing/tests/init/test_systemd_selinux.py:64:1: E302 expected 2 blank lines, found 1
Interestingly, the "continuation line over-indented for visual indent"
shows up only once, while the same pattern is there at multiple places
in the file. We fix all places with that over-indentation pattern.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 8efb52c1a1 added a libxslt
dependency presumably to manage
bbd39a457c
However, this is wrong and build will fail on:
checking for xsltproc... no
configure: error: Please install xsltproc before configuring.
xsltproc is used to generate ModemManager-names.h since, at least,
version 0.7.990 and
365b906a3e
However, this file is already available in the official tarball so drop
this unneeded dependency and set ac_cv_prog_XSLTPROC_CHECK to yes
Fixes:
- http://autobuild.buildroot.org/results/edc755b874ea43d1c009ad76c28f05e18519138e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
NOTE: this version requires mbim: >= 1.24.0, qmi: >= 1.26.0.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since
481ee7ca3d
remi use setuptools-scm to obtain version, but .git directory is dropped when
the archive is fetched. The result is a build failure like:
Traceback (most recent call last):
File "setup.py", line 22, in <module>
include_package_data=True,
File "/tmp/instance-0/output-1/host/lib/python2.7/site-packages/setuptools/__init__.py", line 145, in setup
return distutils.core.setup(**attrs)
File "/tmp/instance-0/output-1/host/lib/python2.7/distutils/core.py", line 111, in setup
_setup_distribution = dist = klass(attrs)
File "/tmp/instance-0/output-1/host/lib/python2.7/site-packages/setuptools/dist.py", line 448, in __init__
k: v for k, v in attrs.items()
File "/tmp/instance-0/output-1/host/lib/python2.7/distutils/dist.py", line 287, in __init__
self.finalize_options()
File "/tmp/instance-0/output-1/host/lib/python2.7/site-packages/setuptools/dist.py", line 740, in finalize_options
ep.load()(self)
File "/tmp/instance-0/output-1/host/lib/python2.7/site-packages/setuptools/dist.py", line 747, in _finalize_setup_keywords
ep.load()(self, ep.name, value)
File "/tmp/instance-0/output-1/host/lib/python2.7/site-packages/setuptools_scm/integration.py", line 17, in version_keyword
dist.metadata.version = _get_version(config)
File "/tmp/instance-0/output-1/host/lib/python2.7/site-packages/setuptools_scm/__init__.py", line 147, in _get_version
parsed_version = _do_parse(config)
File "/tmp/instance-0/output-1/host/lib/python2.7/site-packages/setuptools_scm/__init__.py", line 118, in _do_parse
"use git+https://github.com/user/proj.git#egg=proj" % config.absolute_root
LookupError: setuptools-scm was unable to detect version for u'/tmp/instance-0/output-1/build/python-remi-2020.10.30'.
Make sure you're either building from a fully intact git repository or PyPI tarballs. Most other sources (such as GitHub's tarballs, a git checkout without the .git folder) don't contain the necessary metadata and will not work.
For example, if you're using pip, instead of https://github.com/user/proj/archive/master.zip use git+https://github.com/user/proj.git#egg=proj
make: *** [package/pkg-generic.mk:250: /tmp/instance-0/output-1/build/python-remi-2020.10.30/.stamp_built] Error 1
make: Leaving directory '/tmp/instance-0/buildroot'
Fix:
- http://autobuild.buildroot.net/results/3a6/3a62359d0e183d45e50e999fc2c58f7805bda142/
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
[Peter: drop _LICENSE_FILES, tarball does not include LICENSE file]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add initial support for Orangepi Zero Plus board:
- U-Boot 2020.10
- Linux 5.7.19
- Default packages from buildroot
This patch is based on Orangepi Zero Plus2 board support, so genimage
configuration and description is copy pasted. One difference is that
newer Linux and U-Boot are selected. Another difference is Ethernet
support (Plus) instead of WiFi (Plus2).
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
opencv3 does not install anything in $(TARGET_DIR)/usr/share/OpenCV/doc
so drop OPENCV3_CLEAN_INSTALL_DOC
However it installs its licence files in
$(TARGET_DIR)/usr/share/licenses/opencv3 so add
OPENCV3_CLEAN_INSTALL_LICENSE
Moreover, the cmake hook does not catch all cmake files and missed the
valgrind files so update OPENCV3_CLEAN_INSTALL_CMAKE and add
OPENCV3_CLEAN_INSTALL_VALGRIND to delete those files:
OpenCVConfig.cmake OpenCVConfig-version.cmake OpenCVModules.cmake OpenCVModules-release.cmake valgrind_3rdparty.supp valgrind.supp
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This reverts commit d01b0bbad0.
Original commit made restriction for Linux headers < 3.4 which was
related to keepalived version 1.3.5, but it compiles fine now at least
with a toolchain based on 3.2 headers and keepalived 2.0.15 together
with ipset enabled.
Probably it was fixed by this commit:
5a7f895bb7
Signed-off-by: Vadym Kochan <vadym.kochan@plvision.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
mbedtls (former polarssl) support was dropped with commit
3380da69c5
Put it back as openvpn supports mbedtls 2.x since version 2.4.0 and
86d8cd6860
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 23a79ddb45 updated md5 and sha1 for
imlib2_loaders-1.6.1.tar.bz2 instead of imlib2-1.6.1.tar.bz2
Fix this mistake and, while at it, update indentation to two spaces
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Busybox is mainly licensed under the GPL-2.0, but the bzip2 part is a
modified copy of the bzip2/libbzip2 project, which comes with its own
license.
Update the licensing information accordingly.
Add the hash for the new license file, and fixup indentation (2 spaces).
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For grub-efi we can align the rootfs to start at exactly 16MB from the
beginning of the disk. This can be done by reducing the vfat partition to
be 32 KB smaller than its 16MB size, just like the offset of the vfat
partition.
Signed-off-by: Florian La Roche <Florian.LaRoche@gmail.com>
[Peter: drop redundant offset/size settings, add comment]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In order to simplify the usage of a buildroot toolchain within
the buildroot shell, a "cmake" alias is provided to call cmake
with the correct toolchain file and options.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In order to simplify the usage of a buildroot toolchain within
the buildroot shell, a "configure" alias is provided to call
./configure with the correct flags.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The meson options were in some semi-sorted order with no logic in it.
Sort them alphabetically instead.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since we don't enable sysv any support, it makes no sense to set the
path to telinit either.
The path we were setting was anyway wrong: we set a path into
TARGET_DIR, but this path is only used at runtime, on the target, where
TARGET_DIR doesn't exist (it should have been /usr/sbin/telinit).
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
If paths are not set, then meson will search the host system for the
binaries (or the target, where those binaries are not yet installed).
So add the missing paths.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Reviewed-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
As we many times by now discussed that - some ARC cores might
not have atomic instructions implemented. Namely that's ARC700
w/o explicitly added atomics during design creation/configuration.
Because of that when GCC gets configured for ARC700, i.e. via
"--with-cpu=arc700" atomic ops are assumed disabled.
Usually it's not a problem as we add "-matomics" in the wraper for
building all packages if targets CPU has atomis (BR2_ARC_ATOMIC_EXT).
But when bulding target's binaries which are essential parts of
the GCC itself we don't use the wrapper. Instead xgcc is being used.
That way we lose that important part of system's configuration about
atomics and:
1. Atomic ops won't be used where otherwise they could have been used.
2. Some configuration checks might end-up thinking there're no atomics
In particular (2) leads to pretty obscure failure on bulding of some
packages which use C++, for example:
log4cplus: http://autobuild.buildroot.net/results/a7732fdb2ba526a114d9fb759814236c5332f8d7
------------------------>8--------------------
./.libs/liblog4cplus.so: undefined reference to `std::__atomic_futex_unsigned_base::_M_futex_notify_all(unsigned int*)'
collect2: error: ld returned 1 exit status
------------------------>8--------------------
bitcoin: http://autobuild.buildroot.net/results/f73/f73d4c77e5fd6223abdbc83e344addcfc93227b8
------------------------>8--------------------
(.text+0x110c): undefined reference to `std::__atomic_futex_unsigned_base::_M_futex_wait_until(unsigned int*, unsigned int, bool, std::chrono::duration<long long, std::ratio<1ll, 1ll> >, std::chrono::duration<long long, std::ratio<1ll, 1000000000ll> >)'
collect2: error: ld returned 1 exit status
------------------------>8--------------------
apcupsd: http://autobuild.buildroot.net/results/7a2/7a2cc7a4ac2237c185817f75e55e05d144efd100
------------------------>8--------------------
/tmp/instance-0/output-1/host/lib/gcc/arc-buildroot-linux-uclibc/9.3.1/../../../../arc-buildroot-linux-uclibc/bin/ld: eh_throw.cc:(.text._ZL23__gxx_exception_cleanup19_Unwind_Reason_CodeP17_Unwind_Exception+0x24): undefined reference to `__gnu_cxx::__exchange_and_add(int volatile*, int)'
collect2: error: ld returned 1 exit status
------------------------>8--------------------
...and many more.
Interesting enough that was not seen earlier because "-matomic"
used to be added in TARGET_{C|CXX}FLAGS via TARGET_ABI,
but later "-matomic" was moved to ARCH_TOOLCHAIN_WRAPPER_OPTS, see
https://git.buildroot.org/buildroot/commit/?id=c568b4f37fa6d7f51e6d14d33d7eb75dfe26d7bf
and since then we started to see that new breakage which we now
attempt to fix right where it hapens on GCC configuration.
In contrast ARC HS family has atomic ops enabled by default thus
we never spotted that kind of problem for it.
More datails with analysis of what really happens under the hodd and
how do error messages above are related to libs of GCC configuration could
be found here: http://lists.busybox.net/pipermail/buildroot/2020-October/293614.html
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Romain Naour <romain.naour@gmail.com>
[Peter: simplify conditional]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with optee-client 3.11.0 and gcc 4.8:
/home/giuliobenetti/autobuild/run/instance-2/output-1/build/optee-client-3.11.0/libckteec/src/pkcs11_processing.c: In function 'ck_create_object':
/home/giuliobenetti/autobuild/run/instance-2/output-1/build/optee-client-3.11.0/libckteec/src/pkcs11_processing.c:22:9: error: missing initializer for field 'buffer' of 'struct serializer' [-Werror=missing-field-initializers]
struct serializer obj = { };
^
Build failure is raised since version 3.10.0 and
c3279f4243e88c264ba385a7ea7861
Fixes:
- http://autobuild.buildroot.org/results/a3d663adb943aee814180f01d6e153b3309be962
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* add a comment about the kernel header dependencies when bumping
versions
* set url to kernel.org as github is unmaintained and outdated
* use two spaces in hash-file
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit bumps ARC toolchain to arc-2020.09-release.
ARC GNU tools of version arc-2020.09-release bring some quite significant
changes like:
* Binutils 2.34.50 with additional ARC patches
* GCC 10.0.2 with additional ARC patches
* GDB 10.0.50 with additional ARC patches
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- harfbuzz is mandatory since
f3e2c97e18
- Fix CVE-2020-26682 (In libass 0.14.0, the `ass_outline_construct`'s
call to `outline_stroke` causes a signed integer overflow.) through
676f9dc5b5
which does not apply cleanly over version 0.14.
It should be noted that version 0.15 also fixes other integer
overflows (which have no CVE assigned)
- Update indentation in hash file (two spaces)
https://github.com/libass/libass/releases/tag/0.15.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 2acaa86ce6 replaced util-linux by
util-linux-libs but this raises the following build failure:
Makefile:585: *** util-linux-libs is in the dependency chain of libglib2 that has added it to its _DEPENDENCIES variable without selecting it or depending on it from Config.in. Stop.
To fix this build failure, use util-linux or util-linux-libs depending
on BR2_PACKAGE_UTIL_LINUX_LIBS
Fixes:
- http://autobuild.buildroot.org/results/8bf6360a343edd10c73a756ab86cdba727f9ea43
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
opencv 2.x has seen no release since July 2018 and all buildroot
packages are already compatible with opencv3 so drop it to ease the
addition of opencv4 which is not fully backward compatible with opencv3
as "a lot of C API from OpenCV 1.x has been removed.":
https://opencv.org/opencv-4-0.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The GCC-7.x compiler series was the last to officially support PowerPC
SPE CPUs. Now that GCC-8.x is the default compiler used by Buildroot,
some defconfigs, notably the arcturus_ucp1020_defconfig and
freescale_p1025twr_defconfig ones started to fail building, as they
are PowerPC SPE platforms.
In fact, the GCC-8.x compiler series continues to support PowerPC SPE
CPU cores, but only as an --enable-obsoleted instruction set. This
patch enables the use of GCC-8.x and asserts the required option to
enable the PowerPC SPE instruction set.
This patch passes compilation and run tests with the
arcturus/ppc-ucp1020 board.
This patch should address a noted job failure on GitLab CI
https://gitlab.com/buildroot.org/buildroot/-/jobs/805461732
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/805461732
Signed-off-by: Michael Durrant <mdurrant@ArcturusNetworks.com>
Signed-off-by: Oleksandr G Zhadan <Oleks@ArcturusNetworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Last commit fixed eglfs_kms support for i.MX8 platforms that required to
declare imx-gpu-viv as the gbm provider.
However, this broke the eglfs "fbdev" imx6 support as gbm isn't provided
in this case. So limit the gbm option to imx-gpu-viv when wayland
backend is used only.
Fixes: 82fb51d3b5 ("package/qt5/qt5base: allow to use imx-gpu-viv as GBM
provider")
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump OP-TEE Test package version to OP-TEE release 3.11.0.
Add dependency on BR2_INSTALL_LIBSTDCPP since C++ support is needed
to build some OP-TEE test trusted applications.
Remove local patch files since issues addressed since.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump OP-TEE Client package version to OP-TEE release 3.11.0.
Remove local patch file since issue addressed since.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump OP-TEE OS package version to OP-TEE release 3.11.0.
Remove patches since merged in OP-TEE OS 3.11.0
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As we are about to bump the optee-test package to 3.11.0, which
requires C++ support, let's enable C++ support in the
qemu_arm_vexpress_tz_defconfig, which uses optee-test.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
receive.c in fastd before v21 allows denial of service (assertion
failure) when receiving packets with an invalid type code.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
pax-utils uses asprintf() since version 1.2.4 (commit
9c0ec154d782795daa3b7d2ae273bbda2b36ae83), and recent versions of
gnulib make use of wctomb() in their implementation of asprintf(),
causing a build failure.
While it seems to be an issue in gnulib, let's for now mark pax-utils
as being not available with !wchar toolchains.
Fixes:
http://autobuild.buildroot.org/results/613840edba8ea161bb900f3b56d8d3605961c78f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
wine was bumped to 5.12 in commit
6daf15db41, but a few changes in
optional dependencies were not taken into account:
- A new optional dependency on libusb exists
- The option name to use libv4l has been changed
Signed-off-by: André Hentschel <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libtac in pam_tacplus through 1.5.1 lacks a check for a failure of
RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a
non-random/predictable session_id.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As it doesn't seem to be needed any longer. Also it was agreed to fix
packages not using pkgconfig properly instead of doing this sed.
Tested on i.MX6 platform with Qt5, no more issues.
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The commit 7e6f4e5 introduces a new bug when building the gst-omx package
for the raspberry.
GST_OMX_VARIANT variable in gst-omx.mk was shadowed to 'generic' after being
set well for raspberry. It results having the gstomx.conf not being installed,
and thus having gst-omx installed but none of its features available.
Signed-off-by: Augustin Thiercelin <augustin.thiercelin@outlook.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The official repo pointed by https://ltrace.org/ hasn't seen any
updates in 5 years, so this commit switches to
https://github.com/dkogan/ltrace from Dima Kogan that includes some
bug fixes, in particular the following commit to avoid a crash:
192e0a6 void struct members are now ignored
The previous ltrace version gave a crash on a ARMv7 device, showing
this error:
"Assertion `field_info->type != ARGTYPE_VOID' failed."
Using this commit ltrace shows a '<void>' return value in such cases,
but at least avoids the crash.
Signed-off-by: Mauro Meneghin <mauro.meneghin@youview.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Julien's e-mail @cotds.org is no longer working:
<juju@cotds.org>: host mail.cotds.org[194.117.244.136] said: 451 4.3.5 Server
configuration problem (in reply to RCPT TO command)
Use his @free.fr e-mail address instead.
Cc: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: adjust email address after Julien's review]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
His/her e-mail address is bouncing:
VMSDVM9.POK.IBM.COM unable to deliver following mail to recipient(s):
<mamatha4@linux.ibm.com>
VMSDVM9.POK.IBM.COM received negative reply:
550 5.1.1 <mamatha4@linux.ibm.com>: Recipient address rejected: User unknown in local recipient table
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add missing space for the cross-compilation.conf.in cpu_family
entry.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Source package of newest release does not contain license file, so
PKG-INFO is used for now. Missing LICENSE file was added to master
branch of xmodem repository ([1]), so hopefully it will replace PKG-INFO
check after new xmodem release.
[1] https://github.com/tehmaze/xmodem/pull/42
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix CVE-2020-14382: A vulnerability was found in upstream release
cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code,
that is effectively invoked on every device/image presenting itself as
LUKS2 container. The bug is in segments validation code in file
'lib/luks2/luks2_json_metadata.c' in function
hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
where the code does not check for possible overflow on memory allocation
used for intervals array (see statement "intervals = malloc(first_backup
* sizeof(*intervals));"). Due to the bug, library can be *tricked* to
expect such allocation was successful but for far less memory then
originally expected. Later it may read data FROM image crafted by an
attacker and actually write such data BEYOND allocated memory.
https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.3/v2.3.4-ReleaseNotes
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
mosquitto nowadays works correctly with libressl, so allow that as the
openssl backend as well.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add optional gst1-rtsp-server dependency as checked for in
gst1-devtools-1.18.0/validate/tools/meson.build.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- remove patches that are already upstrem
- modified and renumbered existing patch
- add CROSS_COMPILE make arg
- update hashfile for new version
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Refresh first patch
- Drop second patch, not needed since
5c725d5050
- Drop BR2_PACKAGE_GEOIP dependency as suricata switched to GeoIP2, see
a291209e47
- jansson is now a mandatory dependency, see
e49c40428e
- rustc is now a mandatory dependency, see
75429bbe3e
EOL date of 4.1 branch is December 31st, 2020.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a follow-up to 4027ba29f4 ("package/nginx: use /run for
PIDFile"), in which we missed that nginx is still built with /var/run
paths.
This commit changes the compile options to use /run instead of
/var/run for pid and lock file to make it consistent.
Further dropping the passing of the pid option in the service file as
this isn't neccessary. Neither debian nor nginx default .service does
it.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
go1.15.3 (released 2020/10/14) includes fixes to cgo, the compiler, runtime, the
go command, and the bytes, plugin, and testing packages.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add missing semicolon for linux kernel verson < 5.6.x compile introduced
by patch 0006-rtw_proc-convert-file_operations-to-proc_ops-for-5.6.patch.
Fixes:
os_dep/linux/rtw_proc.c:195:1: error: expected ‘,’ or ‘;’ before ‘int’
195 | int rtw_drv_proc_init(void)
| ^~~
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
WebKit's JavaScriptCore does not support using JIT nor the LLint
interpreter on ARMv5 and ARMv6, so add those two cases when checking
for target CPUs which need to use the CLoop interpreter.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The ENABLE_C_LOOP option conflicts with ENABLE_SAMPLING_PROFILER, so
the WebKit CMake build system will emit an error when both are enabled
at the same time. To avoid hitting that situation, explicitly disable
ENABLE_SAMPLING_PROFILER as needed.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
WebKit's JavaScriptCore does not support using JIT nor the LLint
interpreter on ARMv5 and ARMv6, so add those two cases when checking
for target CPUs which need to use the CLoop interpreter.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The ENABLE_C_LOOP option conflicts with ENABLE_SAMPLING_PROFILER, so
the WebKit CMake build system will emit an error when both are enabled
at the same time. To avoid hitting that situation, explicitly disable
ENABLE_SAMPLING_PROFILER as needed.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The Docker developers appear to no longer be tagging releases on the
docker/engine repository on GitHub, but are tagging releases on the main
moby/moby repository, which still is the true home of "dockerd."
This commit changes the upstream repo to moby/moby with no changes required.
Signed-off-by: Christian Stewart <christian@paral.in>
v1 -> v2:
- updated hash
- changed upstream to moby/moby
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The hash of the NOTICE file has changed due to the following minor update:
-Exceptions to the Apache 2.0 License:
-=====================================
+(Optional) Exceptions to the Apache 2.0 License:
+================================================
Also update hash file formatting (2 spaces)
See changelog https://github.com/michaelrsweet/mxml/releases/tag/v3.2
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
zlib is required to build s390-tools and cannot be disabled for now
due to libvmdump.
Fixes:
$BUILD_DIR/host/bin/s390x-buildroot-linux-gnu-g++ ... -c vmdump_convert.cpp -o vmdump_convert.o
lkcd_dump.cpp:15:10: fatal error: zlib.h: No such file or directory
15 | #include <zlib.h>
| ^~~~~~~~
compilation terminated.
Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* removed patch 0003 as it is now in upstream
* removed patch 0002 as the logic has been reworked
* adjusted patch 0001 offset
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When we savedefconfig, we remove BR2_DEFCONFIG (f71a621d91, savedefconfig:
Remove BR2_DEFCONFIG from saved defconfig file) and BR2_DL_DIR (36edacce9c,
Makefile: exclude BR2_DL_DIR from savedefconfig), because their meaning
is only valid locally.
However, we were not careful to really match the exact variables, so we
could match arbitrary options.
For example, these config options would all be dropped:
BR2_DEFCONFIG="toto"
BR2_DL_DIR="titi"
BR2_PACKAGE_SABR2_DEFCONFIG="tutu"
BR2_PACKAGE_SABR2_DL_DIR=y
While the first two are indeed the ones we want to drop, the last two
are options (whatever their meaning or how poorly named they are) of the
hypothetical 'sabr2' package, and we want to keep those in a defconfig.
When cleaning the just-saved defconfig, be sure to anchor the patterns to
the beginning of the line.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Sven Oliver Moll <buildroot@svol.li>
Cc: Herve Codina <Herve.CODINA@celad.com>
Acked-by: Herve Codina <Herve.CODINA@celad.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump package to the latest version 1.3.10, and remove the two patches
which are not needed anymore.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
LICENSE diff:
-This software is copyright (c) 2014 by Christopher J. Madsen.
+This software is copyright (c) 2020 by Christopher J. Madsen.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Running "make savedefconfig" with BR2_DL_DIR set also saves that
variable, which is only useful in local context.
Signed-off-by: Sven Oliver Moll <buildroot@svol.li>
[yann.morin.1998@free.fr: wrap line]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since version 2.34 binutils enables debuginfod support by default if the
debuginfod library is found to be available at build time.
On Fedora 32, libdebuginfod may be present on the system, and the
dependency chain of interest is then:
libdebuginfod.so
-> libcurl.so
-> libk5crypto.so
-> libcrypto.so
If the Buildroot configuration ever needs to build host-openssl, which
may happen when building the kernel to sign modules for example, this
leads to an inconsistency between the system-provided libcrypto and
ours, leading to missing symbols:
$ make defconfig
$ make host-binutils
$ ./output/host/bin/i686-buildroot-linux-uclibc-objdump --help
[--snip some help text--]
$ make host-openssl
$ ./output/host/bin/i686-buildroot-linux-uclibc-objdump --help
./output/host/bin/i686-buildroot-linux-uclibc-objdump: symbol lookup
error: /lib64/libk5crypto.so.3: undefined symbol: EVP_KDF_ctrl, version
OPENSSL_1_1_1b
EVP_KDF_ctrl comes from libcrypto:
$ nm -D /usr/lib64/libcrypto.so.1.1 |grep EVP_KDF_ctrl
0000000000176000 T EVP_KDF_ctrl
$ nm -D output/host/lib/libcrypto.so.1.1 |grep EVP_KDF_ctrl
[--empty--]
So, if host-binutils tools, like objdump et al., are called after our
host-openssl is built, then when run, the system-provided libk5crypto.so
is used, but our libcrypto.so is used, because of the RPATH we set on
our host tools.
And boom.
Note that there is also a latent similar issue if we were to build our
host-libcurl too...
Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
[yann.morin.1998@free.fr: rewrite commit log with a bit more info]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
OPENCV3_WARNINGS_ARE_ERRORS option does not exist so rename it to
OPENCV_WARNINGS_ARE_ERRORS (even if it is already disabled by default)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Update first patch to fix build of transmission 3.00 with UTP. Since
upstream commit f27596238d37 (Include stdbool.h unconditionally),
upstream no longer ever defines HAVE_STDBOOL_H, so we always fallback to
manually defining 'bool' which conflicts with the type used elsewhere in
the code.
Drop our workaround, to always include stdbool.h unconditionally.
Fixes:
- http://autobuild.buildroot.org/results/bbfb61cf911fb29dcc02626f6eb47fff9e5e64f5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- expand commit log
- drop commented-out code
- restore CR-LF line endings in replacement code, as used by upstream
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit b6b5981f70 (package/mksh: update to R59b) forgot to update the
hash of mksh.1 which is used as the license file. Although the manpage
has changed to accomodate changes in mksh, the licensing blurb has not
changed.
Fixes:
- http://autobuild.buildroot.org/results/1291917e4b17e087455a6698c4b82e4ff783600d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- expand commit log to state the license has not changed
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Don't build shared library with BR2_SHARED_LIBS=OFF to avoid the
following build failure:
[100%] Linking CXX shared library libpistache.so
make[3]: Leaving directory `/home/buildroot/autobuild/run/instance-1/output-1/build/pistache-f2f5a50fbfb5b8ef6cf1d3d2a9d442a8270e375d'
[100%] Built target pistache_static
/home/buildroot/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-musl/8.3.0/../../../../x86_64-buildroot-linux-musl/bin/ld: /home/buildroot/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-musl/8.3.0/crtbeginT.o: relocation R_X86_64_32 against hidden symbol `__TMC_END__' can not be used when making a shared object
Fixes:
- http://autobuild.buildroot.org/results/6cc/6cc76b3e76defa9b8154568a6ebcd6bf4cadd334/build-end.log
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: update upstream status now they merged it]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
snmpd loudly complains every 3 seconds about a failure reading
/proc/net/if_inet6 if the system does not have IPv6 support:
Jan 1 00:00:12 buildroot daemon.err snmpd[92]: ipaddress_linux: could not open /proc/net/if_inet6: No such file or directory
Jan 1 00:00:15 buildroot daemon.err snmpd[92]: ipaddress_linux: could not open /proc/net/if_inet6: No such file or directory
Jan 1 00:00:18 buildroot daemon.err snmpd[92]: ipaddress_linux: could not open /proc/net/if_inet6: No such file or directory
Jan 1 00:00:21 buildroot daemon.err snmpd[92]: ipaddress_linux: could not open /proc/net/if_inet6: No such file or directory
Add an upstream patch to only print this warning once, rather than on every
poll iteration.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The brcmfmac drivers now load settings files for BCM434xx devices and
fail if they're missing on the Raspberry Pi:
brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43455-sdio.raspberrypi,3-model-b-plus.txt failed with error -2
This commit copies the missing settings files over to the firmware
directory with the other files.
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The python-argon2-cffi package can be used with the system libargon2,
we should use that instead of the embedded version.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Extract from bug report:
"Code line 120 to line 128 is to check whether the patch containing
"rename from" and "rename to". But it directly use grep to find,
ignoring the patch may be a tar file or else. It can only work on patch
of textfile form."
Fixes:
- https://bugs.buildroot.org/show_bug.cgi?id=11931
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Version 2.5.0 enables the new libmpdec++ library by default:
http://www.bytereef.org/mpdecimal/changelog.html#version-2-5-0
Adapt the existing patch, to allow static build of this C++ library.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- meld the C++-enabling and the static-patch commits into one
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
There are two groups of chipsets in the BCM4366 family requiring two
different firmware files. Each is quite big (over 1 MiB) so use
separated options for them.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: split to a separate condition]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This will fix the following build failure with
gstreamer1-editing-services which optionally depends on gst1-devtools
since commit 08a213c1a5:
Run-time dependency gst-validate-1.0 found: NO (tried pkgconfig and cmake)
Looking for a fallback subproject for the dependency gst-validate-1.0
../output-1/build/gstreamer1-editing-services-1.18.0/meson.build:101:0: ERROR: Subproject directory not found and gst-devtools.wrap file not found
Fixes:
- http://autobuild.buildroot.org/results/e9d96a63861737d82734559db5e5ffbf5996ffde
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 391c448acb (package/kernel-module-imx-gpu-viv: bear the kernel
options munging) improperly named the macro, including a superfluous
'MODULE' in the middle of the macro name, which meant it was totally
unused.
Fix that.
Reported-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Refresh second patch
- Drop third patch (already in version)
- An external mbedtls can be used since version 1.12.0 and
5be7fc9c90
so use it with an upstream patch and drop
MONGREL2_POST_CONFIGURE_HOOKS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
ipcalc is an ancient and venerable tool for manipulating IP addresses,
networks, & interfaces from shell scripts. There is a subtool in busybox,
but it does not support everything the upstream tool [1] supports.
[1] https://gitlab.com/ipcalc/ipcalc
Signed-off-by: Derrick Lyndon Pallas <derrick@meter.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- change home page url to https
- convert to meson build
- drop all libav extra options as the internal libav is
gone since commit [1]
- meson options: add doc=disabled
[1] ca478e7546
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- change home page url to https
- change download url to https
- download source renamed from gstreamer-editing-services to
gst-editing-services
- convert to meson build
- use BR2_PACKAGE_GST1_DEVTOOLS/gst1-devtools instead of legacy
BR2_PACKAGE_GST1_VALIDATE/gst1-validate
- drop examples support
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As resizing the rootfs partition using a partition manager can result
in a non booting image due to the firmware's location, removal of the
size limit for the rootfs allows better match size-wise.
Signed-off-by: Dagg Stompler <daggs@gmx.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop all patches (not needed anymore)
- Update help message of Config.in: kismet does not support only WiFi
but also Bluetooth, SDR ...
- Remove ncurses dependency
- libnl is now optional
- Drop --with-netlink-version (not available anymore)
- Add protobuf, protobuf-c, sqlite and zlib mandatory dependencies
- kismet_client and kismet_drone have been dropped since version 2019-04-R1
- Select libmicrohttpd for kismet_server
- Add optional libusb and lm-sensors dependencies
- Use --{enable,disable}-{libcap,pcre} options
- Use the new LICENSE file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix CVE-2020-26159: In Oniguruma 6.9.5_rev1, an attacker able to supply
a regular expression for compilation may be able to overflow a buffer by
one byte in concat_opt_exact_str in src/regcomp.c.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Use official tarball instead of github helper
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
U-Boot 2020.10 no longer provides boot command in default environment for
Udoo Quad/Dual board. Boot script needs to be added to the image. In order
to keep using common infrastructure for freescale boards, move boot files
to root filesystem and add boot script there. Also switch Udoo Neo board
to common freescale infrastructure to simplify maintenance.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
After BSP update Udoo Quad/Dual board once again hangs on boot. On a
new kernel disabling CONFIG_USB option is not enough to work around
the troublesome usb host on Udoo Quad/Dual board. So in order to be
future-proof it makes sense to disable usbh1 block in device tree
rather than fine-tune kernel configuration after BSP updates.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump ATF, U-Boot and kernel to the NXP BSP 5.4.24_2.1.0 versions.
On 5.4.24_2.1.0 the revC board is supported by default.
In case an older revB board is used, then the following step in U-Boot is
needed:
=> setenv fdt_file imx8mm-evk-revb.dtb
=> saveenv
=> reset
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When using the imx8 NXP kernel, it is preferred to use the imx_v8_defconfig
instead of the generic arm64 defconfig, as the NXP defconfig selects more
imx8 specific drivers.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- 0001-Temporary-fix-for-build-without-C.patch, AC_PROG_CXX line
number changed.
- Makefile-fuzz-generated.am now in size zero.
- json-c, libcurl: new (FAPI) dependencies since tpm2-tss version 2.4.0
Signed-off-by: Yair Ben-Avraham <yairba@protonmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use a fixed kernel version to have a reproducible and tested
configuration.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The 2020.08-1 release of Bootlin toolchains has brought support for 3
additional architecture variants, so let's support them.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bootlin toolchains in version 2020.08-1 have just been released, so
let's update the toolchain-external-bootlin package to those new
toolchains.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When building iputils for powerpc with BR2_PIC_PIE enabled, the
arping/rdisc/tftpd binaries will segfault at runtime. This can be
traced back to a few bugs in patchelf corrupting the ELFs when
resizing the RPATH to replace "$ORIGIN/" with "/usr/sbin".
This patch pulls in upstream fixes to prevent the binaries from being
needlessly inflated, prevent the startPage from always being adjusted,
fix a few minor bugs, and fix incorrect endianness handling.
Signed-off-by: Conrad Ratschan <conrad.ratschan@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
[yann.morin.1998@free.fr:
- move before skeletons
- select the custom 'mine' skeleton, not the sysv one
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Some externals may wish to provide custom init systems for tightly
integrated boot. This has been supported through the BR2_INIT_NONE,
however a downside to the BR2_INIT_NONE is it forces the custom init
system to use either skeleton-custom and roll a custom skeleton for
each target, or skeleton-init-none which isn't a complete skeleton.
Allowing br2-external to define custom BR2_INIT_* means they can now
safely 'select' the BR2_PACKAGE_SKELETON_INIT_*, and re-use any of the
skeletons in Buildroot, or one from a br2-external tree.
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In preparation for supporting br2-external inits, move the 'select' for
the BR2_PACKAGE_SKELETON_INIT_* to their respective init systems. This
will allow a br2-external init to 'select' which skeleton it needs as a
default skeleton.
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
[yann.morin.1998@free.fr:
- add comment to init choice, to remind why selecting skeletons is OK
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
[yann.morin.1998@free.fr:
- alphabetical order (skeleton before toolchain)
- leave the list of choices 'open'
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Today, the BR2_ROOTFS_SKELETON_CUSTOM is the only way to build a custom
skeleton. But it's limiting as users must provide a pre-built skeleton
for each target. Supporting a br2-external package allows users to build
up a skeleton and customize it with their own KConfig options.
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Some packages have their own waf copy, but not located at the
top-level directory. In order to support those packages, we allow
packages to override the default <pkg>_WAF location.
Signed-off-by: David GOUARIN <dgouarin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The -Dremote=true flag enables three tools: systemd-journal-gatewayd,
systemd-journal-remote and systemd-journal-upload.
It is not possible with simple means to install them seperately. So use
the systemd-journal-remote option to enable or disable them all together.
Drop systemd-journal-gatewayd option and add it to legacy.
Fixes: #12301
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
systemds libqrencode support is independent from journal-gatewayd. In
v247 it will additionally be used in homectl for recovery key
generation.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is compatible with release-monitoring.org, so it allows easier
tracking of update status.
There appears to be no easy way to use anything other than tag/commit
for _VERSION with the git download method. git.ti.com offers snapshot
download over https, so use use that instead. As added bonus, the https
download method is more firewall friendly.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This version adds wrappers for getgroups and statx, the latter is used
by coreutils 8.32.
Removed patches that are now in upstream.
Added a patch to fix failure when installing.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit changes the stm32mp1 configurations to use the TF-A ->
U-Boot boot flow (called "trusted boot flow" by ST) instead of the
U-Boot SPL -> U-Boot boot flow. ST recommands this trusted boot, and
it's also the only one that allows to use the STM32 Cube Programmer
for reflashing devices.
As part of this, the genimage configuration file is now generated, as
it contains some file names that depend on the platform. Removing
partition-type from genimage.cfg is mandatory, since it would cause a
hybrid MBR partition table to be created, which itself would prevent
ATF from finding the ssbl parition.
Signed-off-by: Shlomi Vaknin <shlomi.39sd@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add `.stm32` binary format that U-Boot generates for the trusted
configuration of STM32MP platforms.
Signed-off-by: Shlomi Vaknin <shlomi.39sd@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop patch (already in version)
- libbsd is an optional dependency since version 1.21b and
0380a4309f
- libconfig is optional since version 1.21c and
2c93a015ea
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Starting with linux kernel v5.9 all required configuration options are
available in the default config.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update the chromebook elm configuration to use v5.9 instead of an
intermediate release candidate.
At the latter stages of the v5.9 release, a patch was added which
broke the Chromebook Elm HDMI. Therefore add a revert patch to get rid
of this problem. The fix (and the revert) are already on the mailing
list (https://lkml.org/lkml/2020/10/10/32) and should become available
with v5.10
Signed-off-by: Bilal Wasim <bilal.wasim@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop patch that is not upstreamable and replace it by using
--{dis,en}able-threads option
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch bumps apparmor and libapparmor to version 3.0.0
Of all our patches, one was already a backport, one is no longer
applicable (file largely rewritten), and the four others have been
applied upstream now.
The hash for the tarball is available on the homepage, so use that
as a reference.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
- expand commit log to explain why we drop all the patches
- add a reference for the hash for the source tarball
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This reverts commit 6afc5eb696. This should
not have been applied yet, but got pushed by accident.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
sentry-sdk has a set of optional "integrations", some of which use asyncio.
pycompile unfortunately errors out on these files when running under Python
2.x:
../scripts/pycompile.py ..
error: File "/usr/lib/python2.7/site-packages/sentry_sdk/integrations/sanic.py", line 64
async def sentry_handle_request(self, request, *args, **kwargs):
^
SyntaxError: invalid syntax
As a workaround, simply drop the unusable files from TARGET_DIR if building
for python 2.x.
Fixes:
http://autobuild.buildroot.net/results/9e4/9e47ee2a56153379e4e7bc839be5972a2302ba9f/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a regression introduced in patch level 16.
Rename the 2 uClibc patches so the upstream patch numbering matches ours.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Pymodbus has optional support for asyncio. Pycompile unfortunately errors
out on these files when running under Python 2.x:
../scripts/pycompile.py ..
error: File "/usr/lib/python2.7/site-packages/pymodbus/client/asynchronous/asyncio/__init__.py", line 257
yield from self._connect()
^
SyntaxError: invalid syntax
As a workaround, simply drop the unusable files from TARGET_DIR if building
for python 2.x.
Fixes:
http://autobuild.buildroot.net/results/cc4/cc48927cbe9ae6c2d8b12d65467ec40df82febf6/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also dropping upstream patch.
With this release quazip drops the qmake build in favour of cmake.
It still ships the pkgconfig .pc file, so it's possible to link to
it by using CMake's find_package() or with pkgconfig.
Signed-off-by: Zoltan Gyarmati <zgyarmati@zgyarmati.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop unneeded CC variable which is not recognized by cmake:
CMake Warning:
Manually-specified variables were not used by the project:
BUILD_DOC
BUILD_DOCS
BUILD_EXAMPLE
BUILD_EXAMPLES
BUILD_TEST
BUILD_TESTING
BUILD_TESTS
CC
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fix CVE-2020-25862: In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and
2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in
epan/dissectors/packet-tcp.c by changing the handling of the invalid
0xFFFF checksum.
- Fix CVE-2020-25863: In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and
2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was
addressed in epan/dissectors/packet-multipart.c by correcting the
deallocation of invalid MIME parts.
- Fix CVE-2020-25866: In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13,
the BLIP protocol dissector has a NULL pointer dereference because a
buffer was sized for compressed (not uncompressed) messages. This was
addressed in epan/dissectors/packet-blip.c by allowing reasonable
compression ratios and rejecting ZIP bombs.
https://www.wireshark.org/docs/relnotes/wireshark-3.2.7.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
TimescaleDB is an open-source database designed to make SQL scalable
for time-series data. It is engineered up from PostgreSQL and
packaged as a PostgreSQL extension, providing automatic partitioning
across time and space (partitioning key), as well as full SQL support.
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some external packages call pg_config to determine the installed
PostgreSQL server includedir and configure options. Add this output to
Buildroots own pg_config, so these packages correctly compile.
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes (reproducible):
http://autobuild.buildroot.net/results/50f/50f199bfe06d054cc6770760e73ac0de594a0670/diffoscope-results.txt
Fail2ban installs the fail2ban-python symlink pointing to the host python
intepreter used to run setup.py, which is naturally not valid at runtime and
breaks the reproducible tests as shown in the diffoscope results:
│ -lrwxrwxrwx 0 0 0 0 2020-10-04 10:50:38.000000 ./usr/bin/fail2ban-python -> /home/naourr/work/instance-0/output-1/host/bin/python
│ +lrwxrwxrwx 0 0 0 0 2020-10-04 10:50:38.000000 ./usr/bin/fail2ban-python -> /home/naourr/work/instance-0/output-2/host/bin/python
As a workaround, update the symlink after installation to point to the
correct target python.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
engineio has conditional logic to load asyncio files when running under
Python 3.x:
if sys.version_info >= (3, 5): # pragma: no cover
from .asyncio_server import AsyncServer
from .asyncio_client import AsyncClient
from .async_drivers.asgi import ASGIApp
try:
from .async_drivers.tornado import get_tornado_handler
except ImportError:
get_tornado_handler = None
else: # pragma: no cover
AsyncServer = None
AsyncClient = None
get_tornado_handler = None
ASGIApp = None
pycompile unfortunately errors out on these files when running under Python
2.x:
../scripts/pycompile.py ..
error: File "/usr/lib/python2.7/site-packages/engineio/asyncio_socket.py", line 13
async def poll(self):
^
SyntaxError: invalid syntax
As a workaround, simply drop the unusable file from TARGET_DIR if building
for python 2.x.
Fixes:
http://autobuild.buildroot.net/results/72c/72cfdffeb4d0fb7c3032b52f0a26a4758eea6762/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
socketio has conditional logic to load asgi/asyncio files when running under
Python 3.x:
if sys.version_info >= (3, 5): # pragma: no cover
from .asyncio_client import AsyncClient
from .asyncio_server import AsyncServer
from .asyncio_manager import AsyncManager
from .asyncio_namespace import AsyncNamespace, AsyncClientNamespace
from .asyncio_redis_manager import AsyncRedisManager
from .asyncio_aiopika_manager import AsyncAioPikaManager
from .asgi import ASGIApp
else: # pragma: no cover
AsyncClient = None
AsyncServer = None
AsyncManager = None
AsyncNamespace = None
AsyncRedisManager = None
AsyncAioPikaManager = None
pycompile unfortunately errors out on these files when running under Python
2.x:
../scripts/pycompile.py ..
error: File "/usr/lib/python2.7/site-packages/socketio/asyncio_server.py", line 84
async def emit(self, event, data=None, to=None, room=None, skip_sid=None,
^
SyntaxError: invalid syntax
As a workaround, simply drop the unusable file from TARGET_DIR if building
for python 2.x.
Fixes:
http://autobuild.buildroot.net/results/455f3e09a590f7a6724ab8cd1b86bdf2bba8071a/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that binutils 2.35.1 has been released, it is time to move to
binutils 2.34 as the default binutils version, instead of 2.33.1.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch sets the --with-xattr option when generating an image with
mkfs.jffs2, so that SELinux security contexts and other extended
attributes will be kept and available in jffs2 images.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When compiling the host version of mtd, --with-jffs and --with-ubifs are
always set, meaning --with-xattr is set by default. The xattr support
only work if 'sys/acl.h' is available, otherwise the feature is silently
dropped (a warning is shown during the configuration step).
This patch adds a dependency on host-acl for host-mtd, so that the xattr
feature is correctly supported. Logic to have xattr support is already
there and working for the non-host flavour.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop gdlib-config and use pkg-config to find gd because gdlib-config
has been dropped from version 2.3.0
gdlib.pc is available since version 2.1.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
gawk can't be selected when busybox is not available as gawk needs
wchar:
WARNING: unmet direct dependencies detected for BR2_PACKAGE_GAWK
Depends on [n]: BR2_USE_WCHAR [=n] && BR2_USE_MMU [=y] && BR2_PACKAGE_BUSYBOX_SHOW_OTHERS [=y]
Selected by [y]:
- BR2_PACKAGE_CUKINIA [=y] && !BR2_PACKAGE_BUSYBOX [=n]
So replace this "select" by a "depends on", as already done by
BR2_PACKAGE_APPARMOR_UTILS_EXTRA
Fixes:
- http://autobuild.buildroot.org/results/66dacfe7b0783c7df29052fff20f3e79ecbcf054
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There is a typo between 'N' (for Firstname Lastname <email>) & 'F'
(for file pattern or directory)
$: ./utils/get-developers outgoing/*
WARNING: 'Sven Fischer <sven@leiderfischer.de>' doesn't match any file
Fixes: e7ebc7cd09 ("package/qt5/qt5remoteobjects: new package")
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
For defconfigs that create a boot envimage, add the host package
uboot-tools and update the script variable names.
Add BR2_PACKAGE_HOST_UBOOT_TOOLS=y just before the existing
BR2_TARGET_UBOOT_ENVIMAGE option. Note that for the defconfigs that are
not manually formatted (i.e. just the result of 'make savedefconfig'),
this puts them in the wrong place. However, it's easier this way, and
it's more consistent in general to have the definition of the envimage
close to BR2_TARGET_UBOOT itself.
Related to 78559d699a
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
For defconfigs that create a boot script, add the host package
uboot-tools and update the script variable names.
Add BR2_PACKAGE_HOST_UBOOT_TOOLS=y just before the existing
BR2_TARGET_UBOOT_BOOT_SCRIPT option. Note that for the defconfigs that
are not manually formatted (i.e. just the result of 'make
savedefconfig'), this puts them in the wrong place. However, it's easier
this way, and it's more consistent in general to have the definition of
the script close to BR2_TARGET_UBOOT itself.
Special cases:
- nanopi_* had the definition of the _SCRIPT variable in a weird place.
These are moved to close to BR2_TARGET_UBOOT.
- Same for orangepi_plus.
- orangpi_pc_* already had BR2_PACKAGE_HOST_UBOOT_TOOLS=y so it's not
added there.
Related to db2b684126
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
apply-patches currently blindly removes *.orig / .*.orig files as GNU patch
by default writes these as backup files when patches only apply with fuzz.
This is unfortunate as package sources may contain files ending in .orig as
well, breaking the build. Luckily GNU patch can be told to not write these
backup files using the --no-backup-if-mismatch option, so used that instead
of the .orig removal step.
--no-backup-if-mismatch is supported since GNU patch 2.3.8 (1997-06-17) and
busybox patch if built with CONFIG_DESKTOP, but E.G. isn't supported by the
BSD patch, so add logic to dependencies.sh to error out if patch doesn't
support the flag.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Normally the kconfig stings would end up empty and cause a build
error. This patch provides test files to allow testing the creation
of uboot environment and script bin files from user provided txt files.
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
For consistancy and dependencies between uboot and uboot-tools,
this patch migrates the script creation over in a similar way as
the env image creation.
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Migrating the support for this feature to uboot-tools to gain the
ability to build env files when BR2_TARGET_UBOOT isn't selected.
When _ENVIMAGE_SOURCE is not set, we generate a default environment.
However, this default depends on the U-Boot configuration. Therefore,
this can only be done if uboot itself is built as well, and
host-uboot-tools needs to depend on uboot.
For the same reason, the commands for creating the environment have to
be adapted a little. Take this occasion to drastically simplify them.
Note: This patch creates a circular dependency with uboot until the
similar migration patch is merged for uboot scripts
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
uclibc-ng supports the RISC-V architecture since version 1.0.31, so
let's allow selecting this C library when RISC-V is used.
There was a previous attempt in commit
bd9810e176, which was reverted in
e7d631c0df, due to uClibc-ng not
implementing the __riscv_flush_icache() which is needed by
gcc. However this function has been implemented in upstream uClibc-ng
as of 1.0.35, so we can now safely re-enable uClibc-ng on RISC-V.
Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
For 9 years the recommended mount point for selinuxfs has been
/sys/fs/selinux, as stated in Linux kernel commit 7a627e3b9a2b:
"""
For selinuxfs, this mount point should be in /sys/fs/selinux/
"""
As other projects follow this convention, not doing so result in
potential issues. One of them is the refpolicy not correctly labelling
and supporting the mount point.
Fix this by using /sys/fs/selinux as of now in Buildroot.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Qt 5.12 added a library for IPC, so let's have a package for it. The
dependency on qtdeclarative is optional.
Signed-off-by: Sven Fischer <sven@leiderfischer.de>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This partially reverts commit a3aac6d847,
just dropping the atomic dependency.
That dependency would introduce a "recursive dependency" chain in
Kconfig.
However, r100 is only available on i386 and x86-64, and they both have
sync4, which means libdrm's HAS_ATOMICS is always 'y' when r100 is
available.
So, like we did in 00c1a8c34f (package/mesa3d: propagate missing
libdrm-freedreno deps), we just add a fat comment that explains why the
dependency is not propagated.
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: James Hilliard <james.hilliard1@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
To allow easier installation of ebtables-legacy-save from the config
menu, select BR2_PACKAGE_BASH. All dependencies of bash are met
already by ebtables depending on BR2_USE_MMU.
Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
Tested-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With the version bump to 2.0.11, ebtables switch to autotools build
system. In addition, ebtables-{restore/save} moved to being installed
as ebtables-legacy-{restore/save}.
Changes to support this version bump include:
* Remove dependency on !BR2_STATIC_LIBS for ebtables-restore as the
switch to autotools supports compiling with static libraries.
* Update ebtables-save script patch to use /usr/sbin/ebtables-legacy
* Remove 0001-*-ethernetdb*.patch as it was merged with commit:
http://git.netfilter.org/ebtables/commit/?id=f8079671326e9fd079391d24911a9a8a77f1d6fd
* Remove 0002-*-musl-*.patch as support was added with commit:
http://git.netfilter.org/ebtables/commit/?id=9fff3d5f9da00255463d28b38d688c25025b7fb1
Tested with test-pkg with BR2_PACKAGE_EBTABLES=y:
br-arm-full [1/6]: OK
br-arm-cortex-a9-glibc [2/6]: OK
br-arm-cortex-m4-full [3/6]: SKIPPED
br-x86-64-musl [4/6]: OK
br-arm-full-static [5/6]: OK
sourcery-arm [6/6]: OK
Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
Tested-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Curently, host-kmod has no option to enable it, because only
the kernel depends on it, and this is unconditional (because
we can't know if modules will be enabled in the kernel config).
But we're soon to add options to enable various features of
kmod, so we'll need a place where to show those features.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Cc: Lucian Buga <lucianbuga@gmail.com>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cukinia is a test framework designed to help Linux-based embedded
systems developers run simple system-level validation tests on their
firmware.
It is designed to integrate well with embedded Linux systems
generation tools, and can be run manually (providing a quick
colourized summary to eye-catch regressions), or any of continuous
available integration framework, by generating Junit-XML or CSV test
reports.
Signed-off-by: Jérôme Oufella <jerome.oufella@savoirfairelinux.com>
Signed-off-by: Shyam Saini <shyam.saini@savoirfairelinux.com>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, we handle three kinds of tests: basic, defconfig, and
runtime, and we treat them totally independently ones from the others.
Except for the basic tests that are ignored when defconfig or runtime
tests are explicitly requested.
The basic tests are also run systematically on all our reference
branches: master, next (when it exists), and the maintenance branches:
YYYY.MM.x.
Furthermore, we can see that the conditions to run each set of tests
are very similar, with only the explicit queries differing by name.
Rework the script so that the conditions are expressed only once, and
each set of tests is decided for each condition. This makes it easier
to decide what tests should run under what conditions.
Using GitLab-CI's schedules, with a variable expressing the actual test
to run, would seem the obvious choice to trigger the pipelines. However,
a schedule is configured for a specific branch, which means we would
need one schedule per branch we want to build per test cases we want to
run, *and* that we update those schedules when we add/remove branches
(e.g. when we open/close 'next', or a maintenance branch). This is not
very nice, as it requires some manual tweaking and twiddling on the web
UI.
Instead, we resort to using triggers, that will be triggered from a
cronjob on some server. Using a cronjiob allows us to more easily manage
the branches we want to test and test cases we want to run, to more
easily spread the load over the week, etc...
Note: triggering a pipeline can be done with a simple curl invocation:
$ curl -X POST \
-F "token=${YOUR_TOKEN}" \
-F "ref=${BRANCH_TO_TEST}" \
-F "variables[BR_SCHEDULE_JOBS]=${TEST_TO_RUN}" \
"https://gitlab.com/api/v4/projects/${YOUR_PROJECT_ID}/trigger/pipeline"
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add tests to ensure the packages SELinux functionalities (being able to
select an extra SELinux module in the refpolicy, and being able to
provide a custom SELinux module) are working as expected.
We use a BR2_EXTERNAL folder, provided in the tests, to use a custom
SELinux enabled package.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a test for BR2_PACKAGE_REFPOLICY_CUSTOM_GIT (which allows to select
a custom location for the SELinux refpolicy). The test uses the official
refpolicy as a test (we only want to test the functionality is working,
not that another refpolicy is correctly building; that is an user
problematic).
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a test for the BR2_REFPOLICY_EXTRA_MODULES_DIRS functionality (which
allows to provide custom SELinux modules).
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch adds a test for the BR2_REFPOLICY_EXTRA_MODULES
functionality (which allows to select extra modules within the SELinux
refpolicy using Kconfig).
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a test called 'SELinuxSystemdSquashfs' which will perform the same
tests as the Ext4 version, but using a Squashfs filesystem. Thanks to
this, we'll have a test on a real only filesystem.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This adds a test called 'SELinuxSystemdExt4'. This test will build an
SELinux enabled image with systemd, boot it, and perform a few runtime
tests to check SELinux related capabilities.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
REFPOLICY_EXTRA_MODULES_DIRS contains
$(PACKAGES_SELINUX_EXTRA_MODULES_DIRS) which is filled in by
package/pkg-generic.mk with the list of packages that have a selinux/
sub-directory. Due to how variable expansion works, if there is an
ifeq/ifneq test of REFPOLICY_EXTRA_MODULES_DIRS, it will only see the
value of REFPOLICY_EXTRA_MODULES_DIRS with the list of packages
*before* refpolicy in alphabetic ordering. This means that packages
after refpolicy in alphabetic ordering would not be taken into
account.
To fix this, we switch to an $(if ...) test, which allows the variable
to really be evaluated during the refpolicy build. This makes sures
the expansion is correct.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The buildroot custom bareboxenv compile command misses the additional
include path 'scripts/include' to gain access to the local copy of the
kernel header files (which leads to compile error when using an older
toolchain).
This could be fixed by enhancing the custom bareboxenv compile command
(see [1]) or by using the barebox build system by simply enabling the
CONFIG_BAREBOXENV_TARGET option (available since April 2012, see [2])
instead (as suggested by Yann E. MORIN).
Fixes (with BR2_TARGET_BAREBOX_BAREBOXENV enabled):
build/barebox-2019.12.0/scripts/bareboxenv.c💯10: fatal error: linux/list.h: No such file or directory
[1] http://lists.busybox.net/pipermail/buildroot/2020-January/270942.html
[2] https://git.pengutronix.de/cgit/barebox/commit/?id=afb03d7a554a2911a3742e316f011319fcb416f1
Note: a user who would previously provide a barebox config file which
had CONFIG_BAREBOXENV_TARGET=y, but a Buildroot config file which did
not have BR2_TARGET_BAREBOX_BAREBOXENV=y, would have bareboxenv-target
built, but it would not be installed in the target. Now, and unset
BR2_TARGET_BAREBOX_BAREBOXENV will not even build it, but his is not a
regression: it was anyway previously not installed.
Reported-by: Frederick Gotham <cauldwell.thomas@gmail.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
- also explicitly disable it when not selected
- rewrap commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Default value of MinTLSversion set to 1.2.
- mbed TLS updated to 2.23.0.
- Small bugfixes.
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop patches (already in version) and so autoreconf
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2020-7069: In PHP versions 7.2.x below 7.2.34, 7.3.x below
7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with
openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the
IV is actually used. This can lead to both decreased security and
incorrect encryption data.
- Fix CVE-2020-7070: In PHP versions 7.2.x below 7.2.34, 7.3.x below
7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP
cookie values, the cookie names are url-decoded. This may lead to
cookies with prefixes like __Host confused with cookies that decode to
such prefix, thus leading to an attacker being able to forge cookie
which is supposed to be secure. See also CVE-2020-8184 for more
information.
https://www.php.net/ChangeLog-7.php#7.4.11
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
All the python packages are inside a
if BR2_PACKAGE_PYTHON || BR2_PACKAGE_PYTHON3
conditional, so no need to repeat it in the Config.in.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 9e4ffdc8cf modified the output of
'setlocalversion' so that the Buildroot version tag is included in the
output, the version part was added in Makefile.
Due to differences in behavior of the used git and Mercurial commands, this
caused different output for the Mercurial case, in BR2_VERSION_FULL and thus
/etc/os-release and 'make print-version'. Assuming the official Buildroot
releases are tagged and no project-specific tags are present, the output
after commit 9e4ffdc8cf is:
-hg<commit>
whereas it is expected to be something like:
2020.02.6-hg<commit>
Change the Mercurial case in setlocalversion to behave similar to git,
looking up the latest tag if the current revision is not itself tagged.
The number of commits after the latest tag is not added, unlike in git, as
this value is not commonly present in Mercurial output, and its added value
can be disputed in this context. Even one commit could bring a huge change
to the sources, so in order to interpret the number one has to look at the
repository anyhow, in which case the commit ID can just be used.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The content of the license file (doc/readme.html) differs between lua 5.3
and 5.4, so we cannot use a shared .hash file for all versions.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Peter: extend commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since Qemu 5.1, this defconfig doesn't boot due to the to small SD card image size (60MB).
qemu-system-arm: sd_init failed: Invalid SD card size: 60 MiB
SD card size has to be a power of 2, e.g. 64 MiB.
You can resize disk images with 'qemu-img resize <imagefile> <new-size>'
(note that this will lose data if you make the image smaller than it currently is).
qemu-system-arm: sd_init failed
From [1]:
"While the possibility to use small SD card images has been seen as
a feature, it became a bug with CVE-2020-13253, where the guest is
able to do OOB read/write accesses past the image size end."
Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/766482935
[1] https://git.qemu.org/?p=qemu.git;a=commitdiff;h=a9bcedd15a5834ca9ae6c3a97933e85ac7edbd36
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/72e0cc78194a1b93bf26a50742e59a1e93bde1d1/
fire has conditional logic to load test_components_py3.py when running under
Python 3.x:
if six.PY3:
from fire import test_components_py3 as py3
pycompile unfortunately errors out on it:
../scripts/pycompile.py ..
error: File "/usr/lib/python2.7/site-packages/fire/test_components_py3.py", line 18
def identity(arg1, arg2: int, arg3=10, arg4: int = 20, *arg5,
^
SyntaxError: invalid syntax
As a workaround, simply drop the unusable _py3 file from TARGET_DIR if
building for python 2.x.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/4ca459d54545c0e20b0f0cdc63bd81844ecd7f36/
aenum has conditional logic to load python 3.x code located in test_v3.py:
if pyver >= 3.0:
from aenum.test_v3 import TestEnumV3, TestOrderV3, TestNamedTupleV3
And contains logic in setup.py to drop that file during setup.py install if
building for python 2.x:
py3_only = ('aenum/test_v3.py', )
..
if __name__ == '__main__':
if 'install' in sys.argv:
import os, sys
..
if sys.version_info[0] != 3:
for file in py3_only:
try:
os.unlink(file)
But this doesn't work in Buildroot as pkg-python.dk first does setup.py
build (which copies test_v3.py to the build directory) before setup.py
install, so test_v3.py gets installed, leading to errors from pycompile:
error: File "/usr/lib/python2.7/site-packages/aenum/test_v3.py", line 12
class MagicAutoNumberEnum(Enum, settings=AutoNumber):
^
SyntaxError: invalid syntax
As a workaround, add a hook to drop it from the target directory when
building for python 2.x.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion
Affected Node.js versions converted carriage returns in HTTP request
headers to a hyphen before parsing. This can lead to HTTP Request
Smuggling as it is a non-standard interpretation of the header.
Impacts:
All versions of the 14.x and 12.x releases line
- CVE-2020-8252: fs.realpath.native may cause buffer overflow
libuv's realpath implementation incorrectly determined the buffer size
which can result in a buffer overflow if the resolved path is longer than
256 bytes.
Impacts:
All versions of the 10.x release line
All versions of the 12.x release line
For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/
Adjust license hash for the addition of the BSD-3c licensed highlight.js:
6f8b7a85d2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We used to have a conditional patch applied on PowerPC soft-float, but
this logic was dropped in commit
0c82f3f635 ("package/gcc: remove powerpc
conditional patching logic"). However, we still have some related
leftovers in the calculation of the hashes for ccache, which can now
be dropped.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Acked-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The logic in libbacktrace/configure.ac to detect if __sync builtins
are available assumes they are as soon as target_subdir is not
empty, i.e when cross-compiling. However, some platforms do not have
__sync builtins, so help the configure script a bit.
"libbacktrace_cv_sys_sync=no" is lost when it is added to
HOST_GCC_COMMON_CONF_ENV because the environment is not exported
when executing the libbacktrace configure script.
Use target_configargs to force "libbacktrace_cv_sys_sync=no" when
executiong the libbacktrace configure script.
Fixes:
https://gitlab.com/bootlin/toolchains-builder/-/jobs/729359681
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Romain: use target_configargs="libbacktrace_cv_sys_sync=no"]
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We dropped the CodeBench 2012.09 toolchain for SuperH a long time,
and with recent toolchains, Ruby at -Os builds perfectly fine, so
there's no reason to keep this work-around.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: slight rewording in the commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit f89ca996b6 enabled linux-pam on
musl however rlogind fails to build on musl because it uses logwtmp:
/home/giuliobenetti/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-musl/8.3.0/../../../../x86_64-buildroot-linux-musl/bin/ld: rlogind.c:(.text.startup+0x9ec): undefined reference to `logwtmp'
As this package is unmaintained, just disable back rlogind on musl
Fixes:
- http://autobuild.buildroot.org/results/f2eb1c0bab7c6c32d6c561da0f85a530bd419206
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
DEPS_DIR is a new CLI option introduced by the version 3.4.0,
which avoids the use of `external_deps_dirs` in the config files.
now, the host config doesn't need to be altered.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When gdb is built from sources fetched from Git, it contains both the
gdb and the binutils code base. In order to really build only gdb, we
disable a number of binutils components in the
GDB_DISABLE_BINUTILS_CONF_OPTS variable: --disable-binutils,
--disable-ld, --disable-gas, etc. However, gprof was still being
built, so disable it as well.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The GDB version used on ARC is based on a recent gdb code base, post
gdb 9.2. This recent gdb code base, which pre-figures what will be in
gdb 10, has a significant change: gdbserver is not longer in
gdb/gdbserver, but at the top-level, and the mechanism to build
gdbserver only has changed. Due to this change, a build of ARC GDB for
gdbserver only fails with:
/bin/bash: line 0: cd: /opt/output/build/gdb-arc-2020.03-release-gdb/gdb/gdbserver: No such file or directory
This commit adjusts gdb.mk to support four cases:
- "old" gdb, gdbserver only
- "old" gdb, with the gdb debugger (and optionally gdbserver as well)
- "new" gdb, gdbserver only
- "new" gdb, with the gdb debugger (and optionally gdbserver as well)
A boolean GDB_GDBSERVER_TOPLEVEL is introduced to differentiate
between the old and new gdb, it is set to "y" for gdb versions that
have the gdbserver code at the top-level. For now, only the ARC
version sets it, but in the future, upstream gdb version 10 will also
have to set it.
Here is the behavior, for each case:
(1) "old" gdb, gdbserver only
We set GDB_SUBDIR to gdb/gdbserver, so only the configure script
in this folder gets called.
--enable-gdbserver --disable-gdb are passed in CONF_OPTS.
(2) "old" gdb, with the gdb debugger (and optionally gdbserver as well)
We set GDB_SUBDIR to build/, an empty directory which allows to
do an out of tree build, which is mandatory for a full gdb build
since gdb 9.x.
--enable-gdb is passed in CONF_OPTS as well as --enable-gdbserver
or --disable-gdbserver depending on whether gdbserver is enabled
as well.
(3) "new" gdb, gdbserver only
We set GDB_SUBDIR to build/, an empty directory which allows to
do an out of tree build, which is mandatory for a full gdb build
since gdb 9.x.
--enable-gdbserver --disable-gdb are passed in CONF_OPTS.
(4) "new" gdb, with the gdb debugger (and optionally gdbserver as well)
We set GDB_SUBDIR to build/, an empty directory which allows to
do an out of tree build, which is mandatory for a full gdb build
since gdb 9.x.
--enable-gdb is passed in CONF_OPTS as well as --enable-gdbserver
or --disable-gdbserver depending on whether gdbserver is enabled
as well.
In addition to these changes, some related changes are done as well:
- We re-enable building both gdb and gdbserver on ARC, as it works
again.
- We only pass --with-curses when curses is really provided, i.e when
the full debugger is being built.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
From release note:
Version 3.1 - September 2020
This release offers substantial new functionality. Users are encouraged
to upgrade. The most notable changes are as follows.
* Fixes non-functional NMEA mode of the ts2phc program (since 3.0)
* Improves system time synchronization via the PTP_SYS_OFFSET_PRECISE
and PTP_SYS_OFFSET_EXTENDED ioctls.
* Supports implementing a PTP GM clock by using a GPS radio or other
PPS time source.
* Provides per-port statistics via the management interface.
* Implements IEEE 1588 v2.1 slave event monitoring.
* Adds Automotive Profile support.y
utils/test-pkg -p linuxptp
br-arm-full [1/6]: OK
br-arm-cortex-a9-glibc [2/6]: OK
br-arm-cortex-m4-full [3/6]: OK
br-x86-64-musl [4/6]: OK
br-arm-full-static [5/6]: OK
sourcery-arm [6/6]: OK
6 builds, 0 skipped, 0 build failed, 0 legal-info failed
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Upstream repository has been dead for quite a while now, and in fact
we are using s.b.o as the "official" location now.
There however exists a Github repository, which is still alive. That
repository has not been touched in a looooong while, but it's still
up, and there is a revision which actually gives the exact same
content (although the hash changes, because the directory name has
changed, from open2300-12/ to open2300-f2198.../).
Also fix spaces in hash file.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The whole arch/Config.in.s390x file is only included by arch/Config.in
if BR2_s390x=y, so having "depends on" conditions on each options of
the choice doesn't make much sense.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: drop first, empty line]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Refreshed patch #1 and disable debuginfod.
The debuginfod tools needs to hook into serverinfrastructure,
this currently only exists for Fedora.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
http://autobuild.buildroot.net/results/76b580000e6311e88584874f942517badd6fadf6/
python-txtorcon DOES support python 2.x, but it contains some optional
python 3 / async code in controller_py3.py which is conditionally used from
controller.py:
try:
from .controller_py3 import _AsyncOnionAuthContext
HAVE_ASYNC = True
except Exception:
HAVE_ASYNC = False
pycompile unfortunately errors out on the async code:
../scripts/pycompile.py ..
error: File "/usr/lib/python2.7/site-packages/txtorcon/controller_py3.py", line 13
async def __aenter__(self):
^
SyntaxError: invalid syntax
As a workaround, simply drop the unusable _py3 file from TARGET_DIR if
building for python 2.x.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The host-zstd-build step was not actually compiling the library:
make[1]: Entering directory '/buildroot/output/build/host-zstd-1.4.5/lib'
make[1]: Nothing to be done for 'default'.
make[1]: Leaving directory '/buildroot/output/build/host-zstd-1.4.5/lib'
and the actual compilation was part of the install step.
This is not how other Buildroot packages work.
Make sure to specify which library targets we want instead. The total amount
of compiled files does not change with this patch.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit a2830f0dad (support/gnuconfig: bump version) carried
spurious, uncommited local changes to config.sub, that were not
part of upstream commit d7a4dee7cc25e332b990d0a6d9f0ddd42cb33cf5.
Fix that by actually using the code as it is upstream.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- squash the revert and the new bump into this commit
- ammend commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
fixes following in the generated cross-complation.conf file:
pkg_config_static = '$(if $(BR2_STATIC_LIBS),true,false)'
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The fakeroot script does not appear to be used in any of the checked
in defconfig targets, but it seems that most often the post
fakeroot script should be done after all the packages rules have
been applied instead of before.
Given that a change in systemd moved the SYSTEMD_PRESET_ALL hook to
a ROOTFS_PRE_CMD_HOOKS, there was no way to use a FAKEROOT script
to disable a service or fixup a systemd configuration. The systemd
move makes sense, and this just tries to preserve the same ability
to fixup a rootfs after all the cmd hooks are processed.
Refer to commit 65b63785a6 for
the change that instigated this reordering.
Signed-off-by: Charles Hardin <ckhardin@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When one GPL-licensed plugin was enabled, the license of
gst1-plugins-ugly would be "LGPL-2.1+ GPL-2.0", but licenses should be
comma separated, not space separated. So let's fix that to get the
expected value of "LGPL-2.1+, GPL-2.0".
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
[yann.morin.1998@free.fr:
- don't force network range
- don't forward TCP port
- drop post-build script to add tty1
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
[yann.morin.1998@free.fr: drop supperfluous depends on s390x in choice]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit adds supports for building buildroot kernel + rootfs
for MT8173 Elm board, also known as Chromebook Elm
(https://www.acer.com/ac/en/US/content/series/acerchromebookr13).
Though Chrome-OS is officially supproted on this board, the
mainline kernel works as well (benchmarks + conformance), and so
the 5.9 kernel is used. As the 5.9 kernel isn't yet released, we
use the 5.9-rc5 for now, which will be up-revd to 5.9 once its
released.
Using the mainline kernel means that we have to apply certain patches
to get the HDMI screen working. These patches are lying in the
"drm-misc-next" list and will make it to the kernel after 5.9. At that
time, we will remove the patches and point Buildroot to use the latest
kernel (hopefully, 5.10).
This commit also adds an ITS file (for creating FIT images), an ARGS
file (for providing kernel args) and a "sign.sh" script to generate
signed kernel images. Though the "sign.sh" is very similar to the
coresponding file under board/chromebook/snow, it cannot be shared
between both boards, as the script requires access to the board
specific its / args file.
Additionally a readme & defconfig is added to help the user get started.
Signed-off-by: Bilal Wasim <bilalwasim676@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The same script is going to be used by the Chromebook Elm to generate
a bootable SD / USB image. Therefore, move the script out of the snow
folder to one level above (board/chromebook/snow -> board/chromebook).
Update the chromebook_snow_defconfig to reflect the new location of
the script.
Signed-off-by: Bilal Wasim <bilalwasim676@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
PowerPC has two PLT models: BSS-PLT and Secure-PLT. BSS-PLT uses
runtime code generation to generate the PLT stubs. Secure-PLT was
introduced with GCC 4.1 and Binutils 2.17 (base has GCC 4.2.1 and
Binutils 2.17), and is a more secure PLT format, using a read-only
linkage table, with the dynamic linker populating a non-executable
index table.
References to other distro/BSD transitions:
https://patchwork.openembedded.org/patch/106621/https://reviews.freebsd.org/D20598
Fixes a bug observed when creating SELinux policy where all apps
require execmem because the heap requires execute before this change.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
While the imagemagick C++ support requires wchar, it is not the case
for the graphicsmagick C++ support, so we can drop the BR2_USE_WCHAR
condition when deciding whether or not GraphicsMagick++-config should
be tweaked.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
qprint is a small utility that handles encoding and decoding arbitrary
binary data in the Quoted-Printable format, which was introduced along
MIME.
As stated in the package description, although MUAs nowadays usually
take care of doing this encoding themselves, there are some use cases
where doing it manually is needed, and providing a command-line program
to do it is amenable to shell scripts.
Signed-off-by: Alejandro González <alejandro.gonzalez.correo@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The CMake based build system will be eventually removed by upstream
so it seems like a good idea to switch over to Meson already before
that happens.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When multiple conditions match simultaneously, even though that should
not happen in practice, we want the more "important" one to win over
the less "important" ones. For example, a tag is more important than a
branch name or a trigger.
Currently, the latest condition to match takes precendence over any
previous one, while we want the exact opposite.
Fix that with proper fallbacks in else-blocks.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
According to the original patch message:
Some Broadcom set-top-box boards have PCI busses, but the GPU is
still probed through DT. We would dereference a null busid here
in that case.
Fixes a segfault on at least the RPi 4 w/ xserver 1.20.9, probably
others as well.
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Current version does not run on imx6 and fails like this:
Error: eglCreateWindowSurface failed with error: 0x3009
Error: eglCreateWindowSurface failed with error: 0x3009
Error: CanvasGeneric: Invalid EGL state
Error: main: Could not initialize canvas
Bumping to the latest version fixes this problem.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
RFC3442 specifies a DHCP extension to provide the client with a list of
static routes to use. This is already handled by udhcpc and exposed as the
"staticroutes" environment variable, but currently not handled by the action
script.
Extend the script to do so. The RFC specifies that if this option is
provided by the server then the normal "routes" (3) option should be
ignored, so ensure that is done.
As we may now have more than just a default route on the interface, extend
the route cleanup logic to handle all routes for the interface (except for
the implied local 0.0.0.0 one).
Notice that this option is only sent by servers if explicitly requested by
the client, E.G. using the -O staticroutes option to udhcpc.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add support for imx8mqevk_defconfig that allows booting a mainline
kernel.
This defconfig still relies on NXP ATF and U-Boot, but in the long term
the plan is to switch to mainline ATF and U-Boot as well.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
http://autobuild.buildroot.net/results/d2d/d2d73f3c7075ca6e9782b9bb591dae40ab56b6a2/
ffmpeg configure prints: "ERROR: fontconfig not found using pkg-config"
Please note that the ffmpeg build error was reproducible but with a
different error message in ffbuild/config.log:
sysroot/usr/lib/libfontconfig.a(fccache.o): in function `lock_cache':
fccache.c:(.text+0xcd8): undefined reference to `pthread_mutex_init'
arm-buildroot-linux-gnueabi/bin/ld: fccache.c:(.text+0xcf8):
undefined reference to `pthread_mutex_destroy'
arm-buildroot-linux-gnueabi/bin/ld: fccache.c:(.text+0xd00):
undefined reference to `pthread_mutex_lock'
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Use github helper
- Drop first patch (not needed since version 0.30.0 and
9fd90c549c)
- vapoursynth-lazy has been dropped since version 0.30.0 and
fb8d240c4d
- mali-fbdev has been dropped since version 0.30.0 and
83d7123dc3
- libdvread has been dropped since version 0.30.0 and
6229404985
- libv4l2 has been dropped since version 0.30. and
b30e85508a
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
http_upstream and stream_upstream random modules are available since
version 1.15.1 and
0c4ccbea23
and are enabled by default, add two options to be able to disable them
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix CVE-2020-14342: It was found that cifs-utils' mount.cifs was
invoking a shell when requesting the Samba password, which could be used
to inject arbitrary commands. An attacker able to invoke mount.cifs with
special permission, such as via sudo rules, could use this flaw to
escalate their privileges.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The ARC glibc port was merged upstream in 2.32, so use that instead of
the one available from Synosys's Github.
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflow
vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- change download url to https (as redirected by the original http url)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 82442b54b6 removed
0001-no-wchar.patch but without importing an upstream patch that
"should" have been equivalent to our patch but resulted in a build
failure on toolchains with wchar but without mbsrtowcs
So add a bunch of upstream patches and a new patch to fix this build
failure
While at it, also put back 0003-glob-detection.patch which, again, has
been upstreamed but is not in version 1.18 ...
Fixes:
- http://autobuild.buildroot.org/results/27f184af35468941173628e5e847a284c0b80d73
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- updated hashes
- explicitly advise to update hash in python-protobuf
- changed link in python-protobuf to point to the protobuf site
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
patch release with two bugfixes
- fixes the list of dependencies of absl::Cord in the CMake build
- bug fix for absl::Status::ErasePayload
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Disable static building of external/squirrel to fix the following build
failure with RELRO:
/home/peko/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-musl/8.3.0/../../../../x86_64-buildroot-linux-musl/bin/ld: CMakeFiles/sq_static.dir/sq.c.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be used when making a PIE object; recompile with -fPIC
/home/peko/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-musl/8.3.0/../../../../x86_64-buildroot-linux-musl/bin/ld: final link failed: nonrepresentable section on output
collect2: error: ld returned 1 exit status
Fixes:
- http://autobuild.buildroot.org/results/46e8f5e622ce450a89bc6d70f4bfd38182557901
- http://autobuild.buildroot.org/results/a43720492d817e4555d728546da9114e3ccba952
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use dhcpdump target to avoid building dhcpdump.8 as it will raise the
following build failure if pod2man is not available:
pod2man --section 8 \
--date "23 June 2008" \
--name "DHCPDUMP" \
--center "User Contributed Software" \
dhcpdump.pod dhcpdump.8
/bin/sh: pod2man: command not found
make[1]: *** [Makefile:11: dhcpdump.8] Error 127
Fixes:
- http://autobuild.buildroot.org/results/db3be149ec71de8376f685a6a9f027191d9bccc9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This release adds support for ambient capabilities and V3 filesystem
capabilities.
A bug in the python bindings was also fixed which prevented use of
capng_updatev.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Do not build examples to avoid a build failure on rtop example which
depends on ncurses and has been added in version 4.11.0 with
7d1ec562dd
/tmp/instance-0/output-1/host/bin/arm-linux-gcc -I. -I/tmp/instance-0/output-1/build/libpfm4-4.11.0/perf_examples/../include -DCONFIG_PFMLIB_DEBUG -DCONFIG_PFMLIB_OS_LINUX -I. -D_GNU_SOURCE -pthread -o rtop rtop.o perf_util.o /tmp/instance-0/output-1/build/libpfm4-4.11.0/perf_examples/../lib/libpfm.a -lpthread -lncurses -ltinfo -lm
/tmp/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-gnueabihf/9.2.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: cannot find -ltinfo
Fixes:
- http://autobuild.buildroot.org/results/8ad23a82bcf32cd22256f9984a8f4cfa45951eee
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- rename pidfile from htpdate to htpdate.pid
Fixes:
PIDFile= references a path below legacy directory /var/run/, updating
/var/run/htpdate.pid → /run/htpdate.pid; please update the unit file
accordingly.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add gentoo patch to fix bison-3.7.1 related compile failure and
an additional one doing a similare change for another bison call
in Source/WebCore/DerivedSources.pri.
Fixes:
generated/XPathGrammar.tab.c:124:10: fatal error: XPathGrammar.tab.h: No such file or directory
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
netcalc is a slimmed down clone of sipcalc, using the popular output
format of ipcalc (perl). It is written in C and only depends on a
POSIX compliant C library. Both IPv4 and IPv6 are supported.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Reviewed-by: Michael Nosthoff <buildroot@heine.tech>
Tested-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following check-package warning:
package/makedumpfile/makedumpfile.mk:24: consecutive empty lines
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
MAKEDUMP_MAKE_OPTS contains an important option to enable LZO support,
but it was not passed at build time.
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- update home page URL
- change download to new location
- remove old patches (first release since 2010)
- autoreconf now useless
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
micropython uses -Wfloat-conversion since version 1.13 and
30840ebc99
This will result in the following build failure with gcc 4.8:
arm-none-linux-gnueabi-gcc: error: unrecognized command line option '-Wfloat-conversion'
To avoid this build failure, set CWARN to an empty value moreover, while
at it, move some duplicated variables under MICROPYTHON_MAKE_OPTS
Fixes:
- http://autobuild.buildroot.org/results/6fe5a5ab91a5d235147e74461bb165ec2cfdc967
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The CMake based build system will be eventually removed by upstream
so it seems like a good idea to switch over to Meson already before
that happens.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changes:
* Coding style has been unified
* SCRAM-SHA-256 and SCRAM-SHA-512 support
* c-ares support
* LibreSSL support
* Introduced global timed handlers that fire periodically regardless
of connections status, such a handler can be used to implement
deferred re-connection
* examples/register implements XEP-0077
* Fixed issue with IPv6 on Windows (#153)
* Improved portability across systems such as Haiku, Windows
* New API:
- xmpp_stanza_get_child_by_name_and_ns()
- xmpp_conn_is_connecting()
- xmpp_conn_is_connected()
- xmpp_conn_is_disconnected()
- xmpp_stanza_new_from_string()
- xmpp_stanza_add_child_ex()
- xmpp_stanza_get_context()
- xmpp_stanza_reply_error()
- xmpp_global_timed_handler_add()
- xmpp_global_timed_handler_delete()
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
CMake offers the BUILD_SHARED_LIBS flag as a default parameter
and most packages honor them.
Similar to pkg-autotools.mk build host packages always with
BUILD_SHARED_LIBS=ON.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is similar to the llvm package which also disables shared libs
for the host variant.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
doxygen fails to build with BUILD_SHARED_LIBS=ON as it only
for some targets honors this flag and links the rest static.
So enforce BUILD_SHARED_LIBS=OFF for this package.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Analog audio is enabled by default in sunxi_defconfig since commit 5d2408c6
(ARM: configs: sunxi: Add sun8i analog codec), so drop from fragment.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The previous commit to this package
(37c5e903a7) introduced a bunch of patches
to fix a CVE. Unfortunatly only applying of the patches was tested but
not building the package.
This commit replaces a define that was introduced in a previous patch
upstream and caused the build failure.
Tested:
br-arm-full [1/6]: OK
br-arm-cortex-a9-glibc [2/6]: OK
br-arm-cortex-m4-full [3/6]: SKIPPED
br-x86-64-musl [4/6]: OK
br-arm-full-static [5/6]: OK
sourcery-arm [6/6]: OK
Fixes:
- http://autobuild.buildroot.net/results/3f7fe8ad181318153c459ba5e1afbbc8b49d541c/
- and more
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
wlconf is build and installed as a host utility to be able to tweak
the wl18xx firmware configuration at build time.
Signed-off-by: Miken Valabdas <mvalabdas@distech-controls.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Brings a number of fixes and audio support. The aarch64 defconfig has
grown, so bump the ext4 size to make it fit.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add patch from upstream that fixes build with Bison 3.7.
There are no autobuilder failures for this issue, but the following
defconfig:
BR2_arm=y
BR2_cortex_a8=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_INIT_NONE=y
BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV=y
BR2_SYSTEM_BIN_SH_NONE=y
BR2_PACKAGE_QT5=y
BR2_PACKAGE_QT5WEBENGINE=y
BR2_PACKAGE_RPI_USERLAND=y
Failed with:
/home/thomas/buildroot/buildroot/output/build/qt5webengine-5.15.0/src/core/release/gen/third_party/blink/renderer/core/xpath_grammar.cc:124:10: fatal error: xpath_grammar.hh: No such file or directory
124 | #include "xpath_grammar.hh"
| ^~~~~~~~~~~~~~~~~~
compilation terminated.
With this patch applied, it builds fine.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: add url to upstream commit, provided by Peter]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
>From the release notes
See: https://github.com/redis/redis/blob/6.0.8/00-RELEASENOTES
================================================================================
Redis 6.0.7 Released Fri Aug 28 11:05:09 IDT 2020
================================================================================
Upgrade urgency MODERATE: several bugs with moderate impact are fixed,
Specifically the first two listed below which cause protocol errors for clients.
================================================================================
Redis 6.0.8 Released Wed Sep 09 23:34:17 IDT 2020
================================================================================
Upgrade urgency HIGH: Anyone who's using Redis 6.0.7 with Sentinel or
CONFIG REWRITE command is affected and should upgrade ASAP, see #7760.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Alteras Jam STAPL Bytecode Player with 64-bit support.
This is a user-space port of the altera-stapl driver from the linux kernel.
The source released by Altera wasn't 64-bit compatible.
Additionally, the linux version is much cleaner and old cruft was removed.
Signed-off-by: Jochen Baltes <jochen.baltes@gmail.com>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
[yann.morin.1998@free.fr: use the latest HEAD of the repository]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Currently, the cross-compilation.conf installed in
$(HOST_DIR)/etc/meson/cross-compilation.conf for use by the SDK is
generated in a post-install-staging hook of the toolchain package.
With per-package directory support enabled, this means that the
generated cross-compilation.conf contains references to the
per-package directory of the toolchain/ package, which is not want we
want:
[binaries]
c = '/home/thomas/projets/buildroot/output/per-package/toolchain/host/bin/arm-linux-gcc'
cpp = '/home/thomas/projets/buildroot/output/per-package/toolchain/host/bin/arm-linux-g++'
ar = '/home/thomas/projets/buildroot/output/per-package/toolchain/host/bin/arm-linux-ar'
strip = '/home/thomas/projets/buildroot/output/per-package/toolchain/host/bin/arm-linux-strip'
pkgconfig = '/home/thomas/projets/buildroot/output/per-package/toolchain/host/usr/bin/pkg-config'
So instead, we generate this file in TOOLCHAIN_TARGET_FINALIZE_HOOKS,
so that the global paths are used:
[binaries]
c = '/home/thomas/projets/buildroot/output/host/bin/arm-linux-gcc'
cpp = '/home/thomas/projets/buildroot/output/host/bin/arm-linux-g++'
ar = '/home/thomas/projets/buildroot/output/host/bin/arm-linux-ar'
strip = '/home/thomas/projets/buildroot/output/host/bin/arm-linux-strip'
pkgconfig = '/home/thomas/projets/buildroot/output/host/usr/bin/pkg-config'
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add several upstream patches that are made to fix this CVE. Since there
is still no dated plan to release a new version add this bunch of
patches.
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Just like glibc, host-localedef needs python3 on the host to
build... since host-localedef is basically using the sources of glibc.
Fixes:
checking if /build/build/per-package/host-localedef/host/bin/ccache
/usr/bin/gcc is sufficient to build libc... yes
checking for x86_64-pc-linux-gnu-nm... /usr/bin/nm
checking for python3... no
checking for python... python
checking version of python... 2.7.18, bad
configure: error:
*** These critical programs are missing or too old: python
*** Check the INSTALL file for required versions.
As reported at:
http://lists.busybox.net/pipermail/buildroot/2020-September/291929.html
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Major updates:
- AMD Zen1 core PMU updates
- AMD Zen2 core PMU support
- Intel Icelake core PMU support
- support to report if events are speculative
- support for Extended PEBS events on Icelake
- Intel Tremont core PMU support
- ARM Neoverse N1 core PMU support
- s390 event table updates
- Marvell TX2 core and uncore updates
- Intel CascadeLakeX uncore PMU support
- Various other event table updates and bug fixes
http://perfmon2.sourceforge.net/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use --with-openssl=pkg-config otherwise sofia-sip will fail to retrieve
openssl dependencies resulting in the following build failure:
/srv/storage/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: ../libsofia-sip-ua/.libs/libsofia-sip-ua.a(tport_type_ws.o): in function `tport_ws_deinit_primary':
tport_type_ws.c:(.text+0x2c): undefined reference to `SSL_CTX_free'
/srv/storage/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: ../libsofia-sip-ua/.libs/libsofia-sip-ua.a(tport_type_ws.o): in function `tport_ws_init_primary_secure':
pkg-config option has been added to freeswitch sofia-sip since 2007 and
044ac9d8fa
Fixes:
- http://autobuild.buildroot.org/results/8a0c9dbad74a3b358f90c7a3b56b638c4bdb8045
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Use tar.gz as SHA512SUMS does not contain the hash for tar.xz
- Fix CVE-2020-15900: A memory corruption issue was found in Artifex
Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator
can allow overriding of file access controls. The 'rsearch'
calculation for the 'post' size resulted in a size that was too large,
and could underflow to max uint32_t.
https://www.ghostscript.com/doc/9.53.0/News.htm
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
re2 unconditionally uses -pthread and add it to re2.pc
Moreover, it fails to buid without threads on:
In file included from /home/peko/autobuild/instance-0/output-1/per-package/re2/host/opt/ext-toolchain/arm-buildroot-linux-uclibcgnueabihf/include/c++/8.3.0/arm-buildroot-linux-uclibcgnueabihf/bits/os_defines.h:39,
from /home/peko/autobuild/instance-0/output-1/per-package/re2/host/opt/ext-toolchain/arm-buildroot-linux-uclibcgnueabihf/include/c++/8.3.0/arm-buildroot-linux-uclibcgnueabihf/bits/c++config.h:508,
from /home/peko/autobuild/instance-0/output-1/per-package/re2/host/opt/ext-toolchain/arm-buildroot-linux-uclibcgnueabihf/include/c++/8.3.0/bits/stl_algobase.h:59,
from /home/peko/autobuild/instance-0/output-1/per-package/re2/host/opt/ext-toolchain/arm-buildroot-linux-uclibcgnueabihf/include/c++/8.3.0/memory:62,
from /home/peko/autobuild/instance-0/output-1/build/re2-2020-08-01/re2/filtered_re2.h:24,
from /home/peko/autobuild/instance-0/output-1/build/re2-2020-08-01/re2/filtered_re2.cc:5:
/home/peko/autobuild/instance-0/output-1/per-package/re2/host/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/include/features.h:218:5: warning: #warning requested reentrant code, but thread support was disabled [-Wcpp]
# warning requested reentrant code, but thread support was disabled
^~~~~~~
In file included from /home/peko/autobuild/instance-0/output-1/build/re2-2020-08-01/re2/prog.h:22,
from /home/peko/autobuild/instance-0/output-1/build/re2-2020-08-01/re2/bitstate.cc:28:
/home/peko/autobuild/instance-0/output-1/build/re2-2020-08-01/re2/re2.h:768:16: error: 'once_flag' in namespace 'std' does not name a type
mutable std::once_flag rprog_once_;
^~~~~~~~~
/home/peko/autobuild/instance-0/output-1/build/re2-2020-08-01/re2/re2.h:768:11: note: 'std::once_flag' is defined in header '<mutex>'; did you forget to '#include <mutex>'?
/home/peko/autobuild/instance-0/output-1/build/re2-2020-08-01/re2/re2.h:218:1:
+#include <mutex>
Fixes:
- http://autobuild.buildroot.org/results/7d7c6dcac3cb8ea6deb753178e85eb1c5c74c8e3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Drop patches (already in version)
- Fix CVE-2020-16135: libssh 0.9.4 has a NULL pointer dereference in
tftpserver.c if ssh_buffer_new returns NULL.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Buildroot generates Linux systems, so there is no need to have
MS Windows executables in there.
This reduces the target filesystem size by about 600kB:
$ du -hcs usr/lib/python2.7/distutils/command/wininst-*.exe
60K usr/lib/python2.7/distutils/command/wininst-6.0.exe
64K usr/lib/python2.7/distutils/command/wininst-7.1.exe
60K usr/lib/python2.7/distutils/command/wininst-8.0.exe
192K usr/lib/python2.7/distutils/command/wininst-9.0.exe
220K usr/lib/python2.7/distutils/command/wininst-9.0-amd64.exe
596K total
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Buildroot generates Linux systems, so there is no need to have
MS Windows executables in there.
This reduces the target filesystem size by about 2MB:
$ du -hcs usr/lib/python3.8/distutils/command/wininst-*.exe
60K usr/lib/python3.8/distutils/command/wininst-6.0.exe
64K usr/lib/python3.8/distutils/command/wininst-7.1.exe
60K usr/lib/python3.8/distutils/command/wininst-8.0.exe
192K usr/lib/python3.8/distutils/command/wininst-9.0.exe
220K usr/lib/python3.8/distutils/command/wininst-9.0-amd64.exe
188K usr/lib/python3.8/distutils/command/wininst-10.0.exe
220K usr/lib/python3.8/distutils/command/wininst-10.0-amd64.exe
448K usr/lib/python3.8/distutils/command/wininst-14.0.exe
576K usr/lib/python3.8/distutils/command/wininst-14.0-amd64.exe
2,0M total
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add an upstream patch that disable -Werror to avoid the following build
failure:
lttng-live.c: In function 'lttng_live_msg_iter_next':
lttng-live.c:1226:15: error: 'stream_iter' may be used uninitialized in this function [-Werror=maybe-uninitialized]
int ret = common_muxing_compare_messages(
^
lttng-live.c:1198:38: note: 'stream_iter' was declared here
struct lttng_live_stream_iterator *stream_iter;
^
lttng-live.c: At top level:
cc1: error: unrecognized command line option '-Wno-cast-function-type' [-Werror]
cc1: all warnings being treated as errors
Fixes:
- http://autobuild.buildroot.org/results/ff41326f913e71f982b3d5cbaf054f8be47913aa
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 4e60247be6 ("package/xerces: fix
coding style in Config.in") introduced a silly typo in the xerces
package depends on... which effectively made it impossible to enable
this package as the "USE_WCHAR" option does not exist.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop default dependencies, haveged needs nothing but local sockets and
/dev/random.
The service file now mostly matches the upstream Fedora file, except a
lot of isolation options have been dropped. The benefit for a
completely controlled system is small, and those option would pull in
dependencies, delaying entropy being filled up.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes issues with the triple on IBM s390x and Z machines.
Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
[yann.morin.1998@free.fr: update both, using the update script]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add a new option that prints the (runtime) path of compiled .py files
when VERBOSE=1 is set.
Signed-off-by: Robin Jarry <robin.jarry@6wind.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When generating a .pyc file, the original .py source file path is
encoded in it. It is used for various purposes: traceback generation,
.pyc file comparison with its .py source, and code inspection.
By default, the source path used when invoking compileall is encoded in
the .pyc file. Since we use paths relative to TARGET_DIR, we end up with
paths that are only valid when relative to '/' encoded in the installed
.pyc files on the target.
This breaks code inspection at runtime since the original source path
will be invalid unless the code is executed from '/'.
Unfortunately, compileall cannot be forced to use the proper path. It
was not written with cross-compilation usage in mind.
Rework the script to call py_compile.compile() directly with pertinent
options:
- The script now has a new --strip-root argument. This argument is
optional but will always be specified when compiling py files in
buildroot.
- All other (non-optional) arguments are folders in which all
"importable" .py files will be compiled to .pyc.
- Using --strip-root=$(TARGET_DIR), the future runtime path of each .py
file is computed and encoded into the compiled .pyc.
No need to change directory before running the script anymore.
The trickery used to handle error reporting was only applicable with
compileall. Since we implement our own "compileall", error reporting
becomes trivial.
Previously, we had a --force option to tell compileall.compiledir() to
forcibly recompile files if they had changed. Now, we would have to
handle it ourselves. It turns out to not be easy and would need us to
delve into the format of bytecompiled files to extract metadata and
compare it with the expected values, that being even dependent on the
python version being used (fortunately, only two for us: python 2.7 and
the latext 3.x).
Still, this is deemed too complex, and byte-compiling is pretty fast, so
much so that it should be eclipsed by the build duration anyway.
So we just drop support for --force, and instead we always byte-compile.
Signed-off-by: Julien Floret <julien.floret@6wind.com>
Signed-off-by: Robin Jarry <robin.jarry@6wind.com>
[yann.morin.1998@free.fr:
- always byte-compile
- drop --force
- expand commit log to state so and explain why
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Now that upstream supports this board add buildroot support for it,
too.
This supports:
- latest upstream linux kernel. Since the support for this board and
its SoC is still in active development, we want to follow the
upstream kernel releases for now.
- building an image which can be installed to eMMC, SD card or USB
thumb drive.
- upstream u-boot patches are pending, therefore no support for
building a bootloader for now.
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Heiko Thiery <heiko.thiery@gmail.com>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Babeltrace 2 is a trace manipulation toolkit.
The Babeltrace 2 project offers a library with a C API, Python 3
bindings, and a command-line tool which makes it very easy for mere
mortals to view, convert, transform, and analyze traces.
See <https://babeltrace.org/> for more details.
Babeltrace 2 is a major update of Babeltrace 1 (Buildroot package
`lttng-babeltrace`). Both projects are coinstallable. Except for the
command-line tool (named `babeltrace2`), the Babeltrace 2 project is not
backward compatible with Babeltrace 1.
I'm naming this package `babeltrace2` instead of `lttng-babeltrace2`
because, although it can read LTTng traces, the two projects are
independent. All major distributions use `babeltrace2` as the
Babeltrace 2 package's name.
I'm keeping the `lttng-babeltrace` package because, as of this date, we
still add bug and security fixes from time to time, therefore the
project is not in EOL stage. Some external, custom packages could still
depend on the Babeltrace 1 library, for example.
As with `lttng-babeltrace`, you can build and install the host version
of Babeltrace 2 for the workflow where you trace the target, download
the resulting trace (or receive it during the tracing process), and then
read and analyze it with Babeltrace 2.
If you enable the `elfutils` package (`BR2_PACKAGE_ELFUTILS`), then
support for Babeltrace 2's debugging information filter component
class is enabled.
Tested with glibc, uClibc-ng, and musl.
Signed-off-by: Philippe Proulx <eeppeliteloop@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- the package couldn't be selected with vivante backend anyway since
the split
- the package couldn't be updated to newer versions as it would imply
forking libdrm and wayland-protocols for it to build
- drawback of not using NXP weston is the lack of G2D support, let's
have it as a known issue for Buildroot but use standard weston
package
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- add defaults for all meson options (and order according to
meson_options.txt file)
- drop pthread linking flags previously needed for the test
programs (maybe not needed by meson, tests disabled by option)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update nginx-upload to a newer Git commit which adds upload support over
HTTP2 as well as other fixes.
Remove a patch which is no longer required in the current version.
Signed-off-by: Robert Hancock <hancock@sedsystems.ca>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
First patch is not needed since version 1.8.0 and
f071ec0c26
Indeed, as spotted by upstream when sending them this patch, the
original expressions will not mangle '-mfloat-gprs=double' because the
patterns contain a trailing space.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit adds a patch that passes -fno-builtin to fix the build
with gcc 10. The patch has been submitted upstream.
There are no autobuilder failures, since it's a bootloader package,
and therefore not tested by the autobuilders. However, a build failure
was detected when building toolchains and a minimal ARMv7-M system at
https://gitlab.com/bootlin/toolchains-builder/-/jobs/729359529.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since the bump of libcap to 2.42, host-libcap unconditionally tries to
build a shared library, which fails on build machines where the static
version of the C library is not available.
This issue was reported upstream, who fixed it by two different
commits, which are backported as patches 0001 and 0002. They require
passing a DYNAMIC= value, which should be "yes" to enable dynamic
linking, or empty when not using dynamic linking.
However, other upstream changes broke our logic to support static-only
linking for the target. So we introduce a 0003 patch which extends how
the DYNAMIC flag is used to disable the build of the shared library in
the libcap/ folder. This allows to greatly simplify libcap.mk.
Note that the refactoring is mixed with the fix: the two are hardly
splitable. We need to be able to pass the same options at all steps, and
especially the staging step, otherwise some code gets compiled with the
host compiler, installed in staging, and thus fails the architecture
check later on.
Fixes:
host-libcap build failure on system without a static libc
http://autobuild.buildroot.net/results/4b14458014e420ffe088f118e7d0261e67f2d551/
libcap build failure on static only systems
http://autobuild.buildroot.net/results/8961759067c4639ae697b6ee5db606f098b7c7e8/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr:
- also pass DYNAMIC=yes at host-install step
- extend commit log to explain why we refactor and fix together
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Stop trying to enable the xcb-errors Meson option and always disable it:
there is no xcb-util-errors package in Buildroot. The build recipe was
wrongly assuming that the XCB errors library would be installed as part
of the xcb-util package, which is not the case.
Fixes the following autobuilder failure:
http://autobuild.buildroot.net/results/1891aa624b29e4bbcbbe6bc752a1cc90c316024e/
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since commit efa95b19ae
("package/libxml-parser-perl: make host build use correct compiler"),
we pass $(HOST_CONFIGURE_OPTS) when building host-libxml-parser-perl,
in order to use the correct host compiler.
However, this means that LD="$(HOSTLD)" is passed. However, the
host-libxml-parser-perl passes compiler arguments to LD, so it really
assumes that LD is gcc, not ld. For example, it tries to pass
-mtune=generic.
So, let's tell host-libxml-parser-perl that LD is "$(HOSTCC)".
Fixes:
http://autobuild.buildroot.net/results/2ed2e5ccefe9047c597f84d5880de2e8de2bdd94/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
GCC 10 with -std=c++20 breaks boost library due to allocator changes.
https://github.com/boostorg/bimap/issues/23
We need boost 1.74.0 to fix build with gcc-10 -std=c++20. Note that none
of the Buildroot packages that use boost set -std=c++20, so no in-tree
failures.
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Reviewed-by: Michael Nosthoff <buildroot@heine.tech>
Tested-by: Michael Nosthoff <buildroot@heine.tech> for arm
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Only run code when the script is executed directly (not imported).
Factorize command description by using the script's __doc__ variable.
Fix typo in --force help message.
Signed-off-by: Robin Jarry <robin.jarry@6wind.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In commit c2009e9f75
("package/linux-headers: license files hashes only valid for latest
version"), we introduced BR2_KERNEL_HEADERS_LATEST, which should only
be set for the most recent kernel headers versions.
Indeed, the COPYING file of Linux has changed before/after Linux 5.6,
causing its hash file to be different. Since linux-headers uses
linux/linux.hash as the hash file, and this hash file contains the
COPYING hash of Linux >= 5.6, we cannot use that hash for Linux
versions older than 5.6.
When newer versions of the headers than 5.4 were added, this
BR2_KERNEL_HEADERS_LATEST was not moved as it should have been. We fix
this, which fixes a legal-info failure happening when Linux kernel
headers 5.4 are used:
>>> linux-headers 5.4.63 Patching
>>> linux-headers 5.4.63 Collecting legal info
ERROR: COPYING has wrong sha256 hash:
ERROR: expected: fb5a425bd3b3cd6071a3a9aff9909a859e7c1158d54d32e07658398cd67eb6a0
ERROR: got : ee5808b032a67f587d3541099d46de34f5bec8cd5976114ba07f1299ee6001ff
ERROR: Incomplete download, or man-in-the-middle (MITM) attack
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, the check of defconfigs is run for all branches, even those
that are pushed only to run runtime tests. This is very inconvenient.
In fact, we only want to check the defconfigs on standard branches, that
is master, next, and the maintenance branches.
This will also decrease drastically the number gitlab-ci minutes used
when one pushes their repo to gitlab.com, where the number of CI minutes
are now going to be pretty severely restricted.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Note that those tests were so far ignored only when requesting a single
defconfig build, or a single runtime test build; everything else
was trigerring thoses tests.
However, it feels more natural that they are also ignored when all
defconfigs build. or all runtime tests, are explictly requested.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- CVE-2020-15166: Denial-of-Service on CURVE/ZAP-protected servers by
unauthenticated clients.
If a raw TCP socket is opened and connected to an endpoint that is fully
configured with CURVE/ZAP, legitimate clients will not be able to exchange
any message. Handshakes complete successfully, and messages are delivered
to the library, but the server application never receives them. For more
information see the security advisory:
https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m
- Stack overflow on server running PUB/XPUB socket (CURVE disabled).
The PUB/XPUB subscription store (mtrie) is traversed using recursive
function calls. In the remove (unsubscription) case, the recursive calls
are NOT tail calls, so even with optimizations the stack grows linearly
with the length of a subscription topic. Topics are under the control of
remote clients - they can send a subscription to arbitrary length topics.
An attacker can thus cause a server to create an mtrie sufficiently large
such that, when unsubscribing, traversal will cause a stack overflow. For
more information see the security advisory:
https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8
- Memory leak in PUB server induced by malicious client(s) without CURVE/ZAP.
Messages with metadata are never processed by PUB sockets, but the
metadata is kept referenced in the PUB object and never freed. For more
information see the security advisory:
https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw
- Memory leak in client induced by malicious server(s) without CURVE/ZAP.
When a pipe processes a delimiter and is already not in active state but
still has an unfinished message, the message is leaked.
For more information see the security advisory:
https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87
- Heap overflow when receiving malformed ZMTP v1 packets (CURVE disabled).
By crafting a packet which is not valid ZMTP v2/v3, and which has two
messages larger than 8192 bytes, the decoder can be tricked into changing
the recorded size of the 8192 bytes static buffer, which then gets
overflown by the next message. The content that gets written in the
overflown memory is entirely decided by the sender.
For more information see the security advisory:
https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6
Drop now upstreamed patches, autoreconf and reformat hash file with 2 space
delimiters.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit [1] in U-Boot upstrea, there is no necessity to pass extra
metadata_csum option due to changed env location in U-Boot so we can
drop it completely.
[1] 76db1681da52342ca9f4fb7e6787bd83cc82f429:
stm32mp1: use a specific SD/eMMC partition for U-Boot enviromnent
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
[yann.morin.1998@free.fr: 76db1681d referecnes a U-Boot commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
kbd uses _Generic since version 2.2.90 and
da5feb8fd9
However, _Generic is not available until gcc 4.9:
https://gcc.gnu.org/wiki/C11Status
As a result, build with gcc 4.8 fails on:
setleds.c:352:3: warning: implicit declaration of function '_Generic' [-Wimplicit-function-declaration]
ndefflags = BITMASK_SET(BITMASK_UNSET(odefflags, ndef), nval);
^
setleds.c:22:2: error: expected expression before 'unsigned'
unsigned char: (unsigned char)(~(x)) \
^
Fixes:
- http://autobuild.buildroot.org/results/b74ecdda44543da1d47fa2c027fb046a3ca1e2d1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: propagate the MMU dependency to the comment]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
IPython-enabled pdb.
This package can be very helpful when someone wants to debug
a Python application on the board itself.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
On aarch64 With the config option "--enable-mpers=check" the configure.ac
script searchs for a 32bit compiler. When a matching compiler is found
in the PATH some compatiblity checks are done. This can fail when the
available kernel headers on host and buildroot target does not match.
Since buildroot does not support 32bit binaries when building for 64bit
architecture (no -m32 option) we can disable this option unconditionally.
When disabling unconditionally also the configuration for toolchain using
MUSL can be removed.
Cc: Baruch Siach <baruch@tkos.co.il>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Force GIT_VERSION to avoid git version logic that takes the Buildroot
git commit id.
Update LICENSE hash; copyright year update.
Format hashes file with two space delimiters.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package uses gcc filename without absolute path, which breaks
the host build if host and target compiler have the same filename.
(Can happen with an external toolchain).
This patch adds the variables for the host as overrides,
as they are otherwise not picked up from the environment.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fix CVE-2020-15503: LibRaw before 0.20-RC1 lacks a thumbnail size
range check. This affects decoders/unpack_thumb.cpp,
postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example,
malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without
validating T.tlength.
- zlib is an optional dependency since
b63f017b06
Also update indentation in hash file (two spaces) as well as README.md
hash, no license changes:
- d1975cb0e0
- d38361b76e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Both patches are now upstream and can be dropped:
- 7cfaa9dede0f7f711a0fb961559e9629e7c7a259 is "MakeHeader.py: Fix for
non-utf8 environments"
- dfd9279f87791e36a5212726781c31fbe7110361 is "Resolve complation
issues with -fno-common (default from gcc-10)"
The license file hash is changed due to the removal of one empty line:
@@ -353,4 +353,3 @@
applicable licenses of the version of PLPA used in your combined work,
provided that you include the source code of such version of PLPA when
and as the GNU GPL requires distribution of source code.
-
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Easyframes uses fork when capturing frames in a pcap file, therefore
add the dependency BR2_USE_MMU.
Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Contains fixes for overflows when input chunks are larger than 2 GiB,
an uninitialized data access, and minor correctness and performance
improvements. There does not seem to be any CVEs filed, but there is
a security notice in the release notes at:
https://github.com/google/brotli/releases/tag/v1.0.9
Patch "0001-CMake-Allow-using-BUILD_SHARED_LIBS-to-choose-static.patch"
is rebased against the latest upstream changes.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
graphical is equivalent to the sysvinit runlevel 5
multi-user is equivalent to a runlevel between 2 and 4
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update hash of COPYING and add CREDITS to license files as most of the
original COPYING content moved to CREDITS and COPYING now contains
GPL-2.0+ text since version 2.0.90 and
1304c0c11c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
opcua-asyncio is an asyncio-based asynchronous OPC UA client
based on python-opcua, removing hacks for support of
python < 3.6.
Asynchronous programming allows for simpler code (e.g. less need
for locks) and potentially performance gains.
More information is available at :
https://github.com/FreeOpcUa/opcua-asyncio.
Signed-off-by: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Ordinary local file IO is blocking, and cannot easily and
portably made asynchronous.
This means doing file IO may interfere with asyncio applications,
which shouldn’t block the executing thread. aiofiles helps
with this y introducing asynchronous versions of files
that support delegating operations to a separate thread pool.
More information is available at :
https://pypi.org/project/aiofiles.
Signed-off-by: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
janus-gateway comes with an example website to test its features.
Since the bump to 0.10.3, this website takes 1.8MiB uncompressed on
the target, among which is a 1MiB video sample which does not compress
well.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This will avoid the following build failure with openpgm 5.3:
In file included from /home/fabrice/buildroot/output/host/bin/../arm-buildroot-linux-gnueabihf/sysroot/usr/include/pgm-5.3/pgm/skbuff.h:39,
from /home/fabrice/buildroot/output/host/bin/../arm-buildroot-linux-gnueabihf/sysroot/usr/include/pgm-5.3/pgm/msgv.h:33,
from /home/fabrice/buildroot/output/host/bin/../arm-buildroot-linux-gnueabihf/sysroot/usr/include/pgm-5.3/pgm/pgm.h:44,
from src/ip.cpp:67:
/home/fabrice/buildroot/output/host/bin/../arm-buildroot-linux-gnueabihf/sysroot/usr/include/pgm-5.3/pgm/socket.h:207:1: error: ‘const char* pgm_family_string(int)’ defined but not used [-Werror=unused-function]
207 | pgm_family_string (
| ^~~~~~~~~~~~~~~~~
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
No MINIDLNA_IGNORE_CVES entry is added as no CVE has been assigned to
minidlna. Indeed, CallStranger vulnerability affect(ed) most of the UPnP
stacks (e.g. gupnp, libupnp)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Per-package build of apparmor with apache fails on:
/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apparmor/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/apxs -c mod_apparmor.c -L/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apparmor/host/bin/../x86_64-buildroot-linux-musl/sysroot/usr/lib -lapparmor
/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/../../usr/build-1/libtool --silent --mode=compile /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/bin/x86_64-linux-gcc -prefer-pic -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g2 -I/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/include -I/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/../../usr/include/apr-1 -I/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/../../usr/include/apr-1 -I/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/../../../../x86_64-buildroot-lin
ux-musl/sysroot/usr/include -c -o mod_apparmor.lo mod_apparmor.c && touch mod_apparmor.slo
mod_apparmor.c:28:10: fatal error: sys/apparmor.h: No such file or directory
#include <sys/apparmor.h>
^~~~~~~~~~~~~~~~
The issue is that sys/appamor.h is not installed in the apache
per-package directory which is mangled by
APACHE_FIX_STAGING_APACHE_CONFIG, i.e.
/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/include
So implement the same workaround made on apache to replace those wrong
apache paths by apparmor paths in apxs binary and its configuration file
(i.e. config_vars.mk) as suggested by Thomas Petazzoni and Yann E. Morin
during review of the first iteration of this patch
Fixes:
- http://autobuild.buildroot.org/results/ef1fcd57e0c09a2806bf2272bb21df6d3300b45b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in
ReadMNGImage in coders/png.c.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing.
The server sending a "no_renegotiation" alert in an unexpected timing,
followed by an invalid second handshake was able to cause a TLS 1.3
client to crash via a null-pointer dereference. The crash happens in the
application's error handling path, where the gnutls_deinit function is
called after detecting a handshake failure (#1071).
[GNUTLS-SA-2020-09-04, CVSS: medium]
https://lists.gnupg.org/pipermail/gnutls-help/2020-September/004669.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
CVE-2020-25125: Importing an OpenPGP key having a preference list for AEAD
algorithms will lead to an array overflow and thus often to a crash or other
undefined behaviour (affected: 2.2.21 / 2.2.22)
For more details, see the announcement:
https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
certutil is a command-line utility for managing keys and certificate in
both NSS databases and other NSS tokens.
Signed-off-by: Julien Floret <julien.floret@6wind.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cherry-pick a patch from upstream project that fixes the build when used
with a uClibc based toolchain.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop patches that are now upstream.
Pipewire now requires renderer-gl, only enable pipewire when
renderer-gl is also enabled.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The libcamera project has moved to C++17, therefore also update the
toolchain requirements accordingly.
Signed-off-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
[yann.morin.1998@free.fr: s/\t/ / in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The ControlValue structure is currently defined with a 16-bit hole
(causing unaligned access to the numElements_ field, though that's a
separate topic).
This structure has a static assertion to ensure that its size does not
change without due care, as it forms part of our ABI and is used in
Serialisation between the pipeline handlers and IPA components.
The m68k architecture is the only target which fails this assertion,
which is likely because it can pack the structure more efficiently,
producing a different binary size.
This is likely an area we will tackle before stabilising our ABI, but
until then, disable m68k builds as libcamera is not expected to be
supported on this target.
Fixes;
- http://autobuild.buildroot.net/results/9dce26e94299a2c61bba60cbc7803926e2f85e29/
Signed-off-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
[yann.morin.1998@free.fr, suggestions from Thomas:
- introduce BR2_PACKAGE_LIBCAMERA_ARCH_SUPPORTS
- propagate that to the comment
- add autobuilder reference
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When both BR2_REFPOLICY_EXTRA_MODULES_DIRS and
PACKAGES_SELINUX_EXTRA_MODULES_DIRS are empty, we expect
REFPOLICY_EXTRA_MODULES_DIRS to also be empty. However, due to spaces,
this is not the case. This commit adds a $(strip ...) call to ensure
it is the case.
Thanks to this, the check on whether REFPOLICY_EXTRA_MODULES_DIRS is
empty later on will really work as it should.
Reported-by: Antoine Ténart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Extract from bug report:
"In usb_modeswitch Makefile dispatcher-script, dispatcher-dynlink and
dispatcher-statlink are .PHONY targets. The result is that sources are
compiled also when install targets are called.
USB_MODESWITCH_INSTALL_TARGET_CMDS calls $(MAKE) which is a call to
parallel make eg. make -j9. So the install phase can install empty
usb_modeswitch binary (happened once) if the compiler have just cleared
the binary and install command installs it before compiler writes the
binary. USB_MODESWITCH_INSTALL_TARGET_CMDS should call $(MAKE1)."
Instead of disabling parellel install, use install-common target instead
of install-{dyn,stat}link targets. Indeed, the dynamic or static
usb_modeswitch_dispatcher binary will be built by
all-with-{dyn,stat}link-dispatcher targets, there is no need to rebuild
it during the install step
Fixes:
- https://bugs.buildroot.org/show_bug.cgi?id=12911
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
tinyhttpd is affected by CVE-2002-1819 and is not maintained anymore
(no release since 2001) so remove it
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If BR2_TARGET_ROOTFS_UBIFS is selected, enable the following kernel options:
- CONFIG_UBIFS_FS_XATTR
- CONFIG_UBIFS_FS_SECURITY
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If BR2_TARGET_ROOTFS_SQUASHFS is selected, enable the following kernel options:
- CONFIG_SQUASHFS_XATTR
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If BR2_TARGET_ROOTFS_JFFS2 is selected, enable the following kernel options:
- CONFIG_JFS_SECURITY
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If BR2_TARGET_ROOTFS_F2FS is selected, enable the following kernel options:
- CONFIG_F2FS_FS_XATTR
- CONFIG_F2FS_FS_SECURITY
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If BR2_TARGET_ROOTFS_EXT2_4 is selected, enable the following kernel options:
- CONFIG_EXT4_FS_SECURITY
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If BR2_TARGET_ROOTFS_EXT2_3 is selected, enable the following kernel options:
- CONFIG_EXT3_FS_SECURITY
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If BR2_TARGET_ROOTFS_EXT2 is selected, enable the following kernel options:
- CONFIG_EXT2_FS_XATTR
- CONFIG_EXT2_FS_SECURITY
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If BR2_TARGET_ROOTFS_EROFS is selected, enable the following kernel options:
- CONFIG_EROFS_FS_XATTR
- CONFIG_EROFS_FS_SECURITY
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, the libselinux package sets the CONFIG_DEFAULT_SECURITY_SELINUX
kernel option. However, as of kernels >= 5.1, this option is superseded in
favor of the CONFIG_LSM option, a comma-separated list of LSMs the kernel
should initialize in order.
As the previous behavior of this package sets the kernel's default and only
LSM to initialize to SELinux, it is safe to set this string to just selinux.
If the user wants additional LSM's, they may do so with a custom kernel config.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add documentation about how to use SELinux in Buildroot, and what are
the available mechanisms to extend and customize the SELinux policy.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
[Thomas: misc improvements.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The refpolicy configure and build step were not correctly defined. The
configuration was split between the configure and build step, while
both the compilation and the installation were done in the install
step. Fix this by moving all the configuration within the
configuration step and by adding a call to make in the build step to
compile the policy.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Allow packages to have an 'selinux' subfolder containing SELinux modules
(sources) to be synced and compiled within the refpolicy, if the package
is selected.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add support for the user to provide a fully custom refpolicy. When
this is used, modules aren't disabled anymore and packages do not
select refpolicy available modules either. The custom refpolicy must
define the full policy explicitly, and must be a fork of the original
refpolicy, to have the same build system.
This is added to allow users to fully control an SELinux policy, by
providing a complete custom policy.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Allow users to select additional modules available in the refpolicy, to
be built in the binary policy. This will allow non-base modules to be
selected based on the user use-case and to select extra module
dependencies when providing out-of-tree modules.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Allow users to provide custom SELinux modules to be part of the final
policy. A new configuration variable is added, pointing to list of
directories containing the custom modules.
SELinux modules do require a metadata.xml file to be well integrated
in the refpolicy build. If this file isn't provided, it will be
automatically created.
For now, this option requires the extra modules to be directly into
the BR2_REFPOLICY_EXTRA_MODULES directory, and subfolders aren't
supported. They may never be, as having subfolders could introduce
issues when two different modules have the same name (which isn't
supported by the refpolicy).
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Select the fstools SELinux module when e2fsprogs binaries are compiled
and installed in the target filesystem, so that they'll be supported by
the SELinux policy.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Select the fstools SELinux module to be compiled in the policy for the
relevant binaries of util-linux.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Select the dbus SElinux module so that it will be compiled in the
refpolicy. This way, if an SELinux policy is generated, dbus will be
supported.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Select the systemd and udev SELinux modules so that they will be
compiled in the refpolicy. This way, if an SELinux policy is generated,
Systemd will be supported.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add support for packages to enable SELinux modules already supported by
the refpolicy, but not selected by default in its policy.
With this commit, packages will be able to do something like:
SYSTEMD_SELINUX_MODULES = systemd udev
to enable additional SELinux modules.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The refpolicy is configured to use a monolithic build, compiling all the
available modules (whether they're 'base' or 'modules' ones) in the
binary policy. The result is a quite big SELinux policy, with a lot more
rules than what would be needed in a Buildroot image.
Refactor the refpolicy build configuration to enable less modules by
default. To achieve this, all the modules marked as being part of the
'base' policy are kept but all the modules marked as being only
'modules' are disabled. Then a static list of modules (in addition to
the already selected 'base' ones) are enabled. The result is a much
smaller refpolicy: tests showed a reduction of the binary policy from
2.4M to 249K (~90% smaller).
This minimal set of SELinux modules should allow to boot a system in
enforcing mode in the future. It currently does not work, not because
extra modules are needed, but because of required changes within the
selected modules.
This patch would break backward compatibility as the refpolicy will no
longer have all the modules provided by the project, but only those
selected. This should not be an issue as this configuration was not
suitable directly for a real system. Modifications had to be done. If we
still find out later that this is an issue for someone, we'll have the
ability to mimic what was done previously thanks to other mechanisms
(such as providing the upstream policy as a "custom" policy location).
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Set the SELinux file security contexts using setfiles when generating
root filesystem images.
Without such security contexts created at build time, they need to be
setup at first boot by running the restorecon utility on the target.
This has two drawbacks:
- You have to special case the first boot, which cannot be done in
enforcing mode, and will have to run restorecon, then reboot.
- You cannot support read-only filesystems.
By setting up the security contexts at build time, we can have a
filesystem image that is immediately ready to boot an SELinux system
in enforcing mode, including if the root filesystem is read-only.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The mke2fs binary copies the xattrs of the source directory when
creating an image, but this logic did not include the root directory of
the resulting image. A patch was sent upstream to fix this. Include the
patch in Buildroot to allow creating SELinux ready images at build time.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mg is a small Emacs-like editor with no external dependencies except a
standard C library. It weighs in at 130 kiB and is one of a select few
completely free (public domain) text editors suitable for small and
embedded systems.
This version is based on the OpenBSD Mg, but with more features, one of
which being the no-ncurses/termcap support, which heavily reduces the
impact on a resource constrained system.
Upstream: https://github.com/troglobit/mg/
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
GraphicsMagick is the swiss army knife of image processing.
It provides a robust and efficient collection of tools
and libraries which support reading, writing,
and manipulating an image in over 89 major formats
including important formats like DPX, GIF, JPEG, JPEG-2000,
PNG, PDF, PNM, TIFF, and WebP.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that RISC-V 32-bit (RV32) support has been merged into mainline
glibc, we can use the Linux 5.4 kernel.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
By default, the iputils build script might build binaries which are
useless for certain applications, like tftpd or ninfod. Those binaries
will add to the target filesystem size unless a post-build script removes
them manually, which is cumbersome and doesn't shorten build times.
In particular, in a certain aarch64 Buildroot project with musl selected
as a C library, this patch allowed to shrink the full iputils package from
219 KiB (if every option is selected) to 63 KiB (with only the ping
binary selected) - a 71.2% relative size decrease.
Moreover, upstream recently introduced a commit that disabled tftpd from
building by default, like rarpd. In the current state of things, this change
will introduce inconveniences for Buildroot users which prefer to use the
tftpd implementation provided by this package. With this patch, however, that
decision and similar future ones won't be a concern, because they will
have complete control of what binaries are built.
These changes add Kconfig options which let the user select what
binaries are built with ease.
Signed-off-by: Alejandro González <alejandro.gonzalez.correo@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The apu2 by PC Engines is a 64 bit single board computer with coreboot
BIOS. It only has serial output, but no graphics chip. With its 2–4
ethernet ports, it is often used to build a firewall or router.
The provided defconfig configures busybox and isolinux. It will output
a hybrid ISO image that can be written to a USB stick or burned to a
CD.
Configuration based on a blogpost by Tony Arkles:
http://www.better-bsp.com/blog/2017/03/02/buildrooting-for-apu2/
Signed-off-by: Danilo Bargen <mail@dbrgn.ch>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Examples and tests are not needed especially because of them fails on
some architectures because it wrongly tries to use wc_Sha256FinalRaw:
CCLD tests/unit.test
/tmp/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/aarch64-none-linux-gnu/9.2.1/../../../../aarch64-none-linux-gnu/bin/ld: tests/tests_unit_test-api.o: in function `test_wc_Sha256FinalRaw':
/tmp/instance-0/output-1/build/wolfssl-4.5.0-stable/tests/api.c:6504: undefined reference to `wc_Sha256FinalRaw'
Fixes:
- http://autobuild.buildroot.org/results/d5b6f97f7510874fe28c675e599be08cb8a78c7b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
"mkdir" (without "-p") fails if the target directory exists, which means
that if alsa-utils is being reinstalled or if other files have
previously been installed in the alsa-state.d or alsa-restore.d
directories the installation will fail.
Switch to "$(INSTALL) -d" which allows us to be explicit about the
permissions and handles the case of a pre-existing directory correctly.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The AmLogic Odroid C2 boards use an ATF version for which the source
code is not available. The mainline U-Boot documentation at
doc/board/amlogic/odroid-c2.rst details how to build a bootable U-Boot
image for this platform: it requires fetching the ATF binary files
from https://github.com/hardkernel/u-boot.git as well as a tool called
fip_create from the same repository.
This commit therefore implements a simple Buildroot package that
retrieves this repository, installs the firmware files, and
builds/installs the host fip_create utility.
This package really installs target images (firmware files) and one
host utility, so we had to take an arbitrary decision on whether it
should be a target package or a host package, and we've chosen to make
it a target package.
Signed-off-by: Dagg Stompler <daggs@gmx.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The manual has a section on adding board support to upstream buildroot,
but it fails to mention some of the things we expect. Add more of them.
- Internal toolchain.
- Beautify defconfig file.
- Fixed versions for components.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Adam Duskett <Aduskett@gmail.com>
Reviewed-by: Adam Duskett <aduskett@gmail.com>
[yann.morin.1998@free.fr:
- use +monospace+ for the variables
- use _italic_ for sections in defconfig
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch is based on patch from the rockchip tree:
commit c8a337593660f27379c30248a11bf08dc8712113
Author: Jeffy Chen <jeffy.chen@rock-chips.com>
Date: Tue Nov 13 18:59:43 2018 +0800
package: cups: Add udev rules to assign usb printers' group to lp
Change-Id: Ieae17deaa7d3623e1f0e1cc826871f1719d98d88
Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com>
but removes a hardcoded device usb vendor/id and keps only the usb
printer class.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch is a backport from the rockchip tree.
Author: Jeffy Chen <jeffy.chen@rock-chips.com>
Date: Tue Nov 13 18:25:34 2018 +0800
package: cups: Add lp user as default cups user
Change-Id: Ic7434fe0a7b41b86b5b8b097fa29dd9718e29aa5
Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com>
User lp is necessary for running the cups spooler.
Groups lpadmin grants administrative privileges to users.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
A defconfig for the friendlyarm nanopc-t4 was added in
c23895f06e, but then removed
in 8efd4463f7 because an ARM32
compiler was needed to build ATF, and this was not supported
back then.
Now, since package/arm-gnu-a-toolchain/ has been added, this
defconfig can be re-introduced.
Following new changes are introduced in comparision with the
older changeset:
- updated readme
- GPT partition layout is being used
- update defconfig to build ATF
- bump u-boot to 2020.07
- bump linux to 5.8.2
Signed-off-by: Suniel Mahesh <sunil@amarulasolutions.com>
Reviewed-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: fixate U-Boot version; remove blind BR2_TARGET_UBOOT_NEEDS_PYTHON]
A defconfig for the friendlyarm nanopi-m4 was added in
493c3979a4, but then removed
in a24bd8936f because an ARM32
compiler was needed to build ATF, and this was not supported
back then.
Now, since package/arm-gnu-a-toolchain/ has been added, this
defconfig can be re-introduced.
Following new changes are introduced in comparision with the
older changeset:
- readme updated
- GPT partition layout
- update defconfig to build ATF
- bump u-boot to 2020.07
- bump linux to 5.8.2
Signed-off-by: Suniel Mahesh <sunil@amarulasolutions.com>
Reviewed-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: fixate U-Boot version; remove blind BR2_TARGET_UBOOT_NEEDS_PYTHON]
A defconfig for the rockpro64 was added in
59e1077b4e, but then removed
in 10f49213b7 because an ARM32
compiler was needed to build ATF, and this was not supported
back then.
Now, since package/arm-gnu-a-toolchain/ has been added, this
defconfig can be re-introduced.
Following new changes are introduced in comparision with the
older changeset:
- renamed defconfig from pine64_rockpro64 to rockpro64
- updated readme
- using a GPT partition layout
- update defconfig to build ATF
- bump u-boot to 2020.07
- bump linux to 5.8.2
Signed-off-by: Suniel Mahesh <sunil@amarulasolutions.com>
Reviewed-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: fixate U-Boot version; remove blind BR2_TARGET_UBOOT_NEEDS_PYTHON]
Move the code to run check-flake8 into the Makefile, like we have for
check-package, so that it is easy to run locally (and not wait for
someone to report a failure from their Gitlab pipelines).
Compared to the existing check from gitlab-ci.yml, the Makefile check
differs in this respect:
- don't explicitly find *.py files: they are supposed to also be found
as a result of running 'file' on them;
- use git ls-tree instead of find: this is supopsedly faster as it
uses the index rather than readdir();
- don't output the count of warnings or errors: the output is a single
integer, which is confusing when there are errors, and even more so
when there are no, when it is simply '0';
- don't sort: the output is already stable and independent from the
locale;
- don't report the number of processed files: this information is
rather useless, and getting a hold of it would be more challenging
in this new code.
Note: ideally, we would want to use --null, --zero, or similar options,
with utilities that generates or parses a files listing. While git
ls-tree and xargs do support it, it becomes a little bit tricky to use
the --print0 option of file, and then grep in that output (it is not
undoable, but would requires replacing grep+cut with some sed trickery).
Since we do not expect our scripts names to contain funky chars (like
\n or a colon), we just hand-wave away that issue (and the old code was
doing the same assumption too).
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The variables for the "docker version" output are located at
$(DOCKER_CLI_GOMOD)/cli/version - correct the path to these in the ldflags to
fix the following "unknown" lines in "docker version" output:
Client:
Version: unknown-version
Git commit: unknown-commit
Built: unknown-buildtime
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Upstream does not maintain these older versions anymore. Due to security
fixes not being backported to these versions anymore we remove these old
X server versions.
Move current patches from version-specific directory to package directory.
No legacy handling is added for the old versions, since it's simply a
version bump. THe old packages and features (AIGLX) that depend on the
old versions do have legacy handling.
Remove legacy handling for 1.19.*
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Current X.org X server is incompatible with this driver.
We no longer support unmaintainted versions of X.org X server.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Current X.org X server is incompatible with this driver.
We no longer support unmaintainted versions of X.org X server.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
boost-thread needs std::current_exception since version 1.71.0 and
386f5507cb
std::current_exception depends on !BR2_TOOLCHAIN_HAS_GCC_BUG_64735 as a
result, uhd fails to build on:
In file included from /home/buildroot/autobuild/run/instance-2/output-1/build/uhd-3.15.0.0/host/include/uhd/error.h:74:0,
from /home/buildroot/autobuild/run/instance-2/output-1/build/uhd-3.15.0.0/host/include/uhd/types/metadata.h:12,
from /home/buildroot/autobuild/run/instance-2/output-1/build/uhd-3.15.0.0/host/lib/types/metadata_c.cpp:8:
/home/buildroot/autobuild/run/instance-2/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/boost/exception/diagnostic_information.hpp: In function 'std::__cxx11::string boost::current_exception_diagnostic_information(bool)':
/home/buildroot/autobuild/run/instance-2/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/boost/exception/diagnostic_information.hpp:54:26: error: 'current_exception' is not a member of 'std'
else if (auto* p=std::current_exception().__cxa_exception_type())
^
In file included from /home/buildroot/autobuild/run/instance-2/output-1/build/uhd-3.15.0.0/host/include/uhd/error.h:74:0,
from /home/buildroot/autobuild/run/instance-2/output-1/build/uhd-3.15.0.0/host/include/uhd/types/ranges.h:12,
from /home/buildroot/autobuild/run/instance-2/output-1/build/uhd-3.15.0.0/host/lib/types/ranges_c.cpp:8:
/home/buildroot/autobuild/run/instance-2/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/boost/exception/diagnostic_information.hpp: In function 'std::__cxx11::string boost::current_exception_diagnostic_information(bool)':
/home/buildroot/autobuild/run/instance-2/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/include/boost/exception/diagnostic_information.hpp:54:26: error: 'current_exception' is not a member of 'std'
else if (auto* p=std::current_exception().__cxa_exception_type())
So add a dependency to !BR2_TOOLCHAIN_HAS_GCC_BUG_64735
Fix:
- http://autobuild.buildroot.net/results/0cdbf01df174648cf0dfb34d9506eb80570e99c0/
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
When it was applied, commit 243d500f8d (support/testing: add openssh
runtime test) was amended to not provide a NIC to the emulated machine,
as the test did not require access to the outer world: it only uses the
lo interface. Also, there was a discrepancy between the NIC name in the
Buildroot configuration, and the drivers available in our default kernel
image, making the boot hang for a while whaiting for a NIC that would
never come.
However, that tweak was tested locally with a qmeu version more recent
than the one available in our buidroot/base Docker image. As a
consequence, that test fails to run in gitlab-ci.
Revert to using the old way of specifying no network: it works on
gitlab-ci, and qemu versions in standard distros still support it.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issues:
CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+
On Python 3.7+, FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to
intermediate-level directories created in the process of uploading files and
to intermediate-level collected static directories when using the
collectstatic management command.
You should review and manually fix permissions on existing
intermediate-level directories.
CVE-2020-24584: Permission escalation in intermediate-level directories of
the file system cache on Python 3.7+
On Python 3.7+, the intermediate-level directories of the file system cache
had the system’s standard umask rather than 0o077 (no group or others
permissions).
https://docs.djangoproject.com/en/dev/releases/3.0.10/
In addition, 3.0.8..10 contains a number of bugfixes.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Don't install an incorrect libtool file when building a static library
to fix the following build failure with harfbuzz:
arm-linux-g++.br_real: error: /home/buildroot/autobuild/run/instance-3/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libgraphite2.so: No such file or directory
make[5]: *** [main] Error 1
Fixes:
- http://autobuild.buildroot.org/results/9ebe1d11e80755d59190ef2aae82bbba5cc45e44
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When using a combination of udhcpc and avahi-autoipd in case of receiving IP
from a DHCP server, the following message can be seen:
"Failed to kill daemon: No such file or directory".
Add a check for a running avahi-autoipd to fix this issue.
Signed-off-by: Lukasz Tekieli <tekieli.lukasz@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
zlib is not mandatory with mbedtls, only optional, however as mbedtls
does not provide a pkg-config file, we assume that if zlib is
available, we must link with it to avoid a build failure when linking
statically with a zlib-enabled mbedtls.
This change was pushed upstream with
7b8efe11db
and is in buildroot since the bump to version 7.1.4 with commit
0c80245ddb.
However, this change will raise a build failure if ZLIB_LIBRARIES is
used when zlib is not found. This patch is fixing this build failure.
However, it should be noted that the compression support in mbedtls is
only enabled if BR2_PACKAGE_MBEDTLS_COMPRESSION=y. So we can have a
situation where mbedtls is enabled, zlib is enabled, but mbedtls is not
using zlib and as a result, since version 7.1.4, rttyt will needlessly
link with zlib in such a situation.
The only sane way to fix this is to use pkg-config, but as mbedtls
apparently doesn't provide any .pc file, we leave it as it is.
Fixes:
- http://autobuild.buildroot.org/results/a0ebffe58bbf14cab74b7d2111d4d88a9c725273
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream changed the variables used when outputting version / git commit
info in docker version since:
commit 04b5f44230162de40741acaa0f94c7af6f2fa1d5
Author: Ian Campbell <ijc@docker.com>
Date: Tue Jan 8 15:03:51 2019 +0000
Move versioning variables to a separate package.
This helps to avoid circular includes, by separating the pure data out from the
actual functionality in the cli subpackage, allowing other code which is
imported to access the data.
Signed-off-by: Ian Campbell <ijc@docker.com>
Upstream-commit: 20c19830a95455e8562551aad52c715ad0807cc6
Component: cli
Which is included in docker-cli 19.3.x - So adjust the _CLI_LDFLAGS to match
to get proper docker version output:
Client:
Version: 19.03.11
API version: 1.40
Go version: go1.13.14
Git commit: 19.03.11
vs:
Client:
Version: unknown-version
API version: 1.40
Go version: go1.13.14
Git commit: unknown-commit
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2019-17547: In ImageMagick before 7.0.8-62, TraceBezier in
MagickCore/draw.c has a use-after-free.
- Fix CVE-2019-18853: ImageMagick before 7.0.9-0 allows remote attackers
to cause a denial of service because XML_PARSE_HUGE is not properly
restricted in coders/svg.c, related to SVG and libxml2.
- Update hash of LICENSE file (update in year with
f775a5cf27)
- Update indentation in hash file (two spaces)
- Switch to github helper - it has always been an autogenerated archive.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: use github helper]
HOSTCC may contain spaces, so needs to be quoted.
Most of the places where it is already quoted use double-quotes, so we
use that.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- Switch site to github, here is an extract of
https://sourceforge.net/projects/silgraphite:
"This project has been deprecated. Graphite2, a new version of the
Graphite engine, is available at: https://github.com/silnrsi/graphite
with its own bug tracker."
- graphite2 can be built statically since version 1.3.11 and
2f143c04da
- Update indentation in hash file (two spaces)
Extract from ChangeLog:
1.3.14
. Bug fixes
. Allow features to be hidden (for aliases)
. Move to python3
. Rename doc files from .txt to .asc
1.3.13
. Resolve minor spacing issue in rtl non-overlap kerning
. python3 for graphite.py
. Better fuzzing
. Better building on windows
1.3.12
. Graphite no longer does dumb rendering for fonts with no smarts
. Segment caching code removed. Anything attempting to use the segment cache gets given a regular face instead
. Add libfuzzer support
. Builds now require C++11
. Improvements to Windows 64 bit builds
. Support different versions of python including 32 bit and python 3
. Various minor bug fixes
1.3.11
. Fixes due to security review
. Minor collision avoidance fixes
. Fix LZ4 decompressor against high compression
The fixes due to security review are a little bit vague, a quick search
on github seems to indicate that those issues could be related to
segcache which has been removed since version 1.3.12:
https://github.com/silnrsi/graphite/search?q=security&type=Issuesb0f77e4a9d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Use UDEV_USERS, now that it's suported by virtual packages.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Use LUAINTERPRETER_TARGET_FINALIZE_HOOKS, now that it's suported by
virtual packages.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: don't remove relevant comment]
Virtual packages are not built but it's useful to allow them to have
permission/device/user tables and target-finalize/rootfs-pre-cmd hooks.
With this change we don't need to duplicate data as currently done in
eudev and systemd user tables, or test if the package is selected to add
a target-finalize hook as in luainterpreter.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reformat the dependency on libcap-ng same as other dependencies: in one
line, preceded by a comment that it is used only by setpriv.
This also makes it clear why it's not included in util-linux-libs.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
There was a private variable UTIL_LINUX_LIBS that is used by the
util-linux package. With the addition of the util-linux-libs package,
this is a bit confusing. Therefore, rename the variable to
UTIL_LINUX_LINK_LIBS.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The different tools and libraries in util-linux have a lot of optional
dependencies. When we want to support those optional dependencies, we
can easily generate dependency cycles. For instance, findmount and lsblk
need udev to work correctly, but eudev and systemd both depend libblkid,
which comes from util-linux.
Normal distros (e.g. Debian) solve this by first building a minimal
package that has no dependencies at all, then build the packages that
depend on util-linux, and finally rebuild util-linux with all bells and
whistles. Solve it in Buildroot by means of the following changes:
- Split util-linux into two packages:
- util-linux-libs, providing lib{blkid,fdisk,mount,smartcols,uuid}.
- util-linux, providing both the aforementioned libs and the programs.
- Add a blind selection for util-linux-libs, i.e. it is indirectly
selected according to the util-linux options.
- Make host and target util-linux have a build dependencies on the -libs
packages.
- Make eudev and systemd have build dependencies on util-linux-libs.
This can be extended to other packages in the future but is not needed
right now because the configuration options are backward-compatible.
- Make util-linux have an optional build dependency on the package that
provides libudev (either eudev or systemd), if it is selected.
Installing util-linux overrides files installed by util-linux-libs but
this is not a problem: it's allowed for a package to overwrite files
from another package, as long as there is a dependency between the two.
util-linux-libs has a Config.in symbol for the package as a whole, but
not for the individual libraries: it simply reuses the symbols of the
full package.
The build dependency of util-linux on util-linux-libs ensures that
util-linux overwrites the files installed by util-linux-libs and not
vice versa. In practice this dependency shouldn't be needed: the only
reason for util-linux-libs to be built is to break a circular
dependency. In that case, there is already a transitive dependency of
util-linux on util-linux-libs, so adding it explicitly is redundant.
Still, better safe than sorry.
host-util-linux-libs is not needed at the moment. It can be added if we
have a dependency cycle problem later.
With this approach we don't need to patch configuration files neither
change packages other than eudev and systemd.
Other packages that require util-linux libraries and whose libraries may
be used by util-linux programs can be updated later. We also don't need
to change any existing defconfig, since all configuration options are
kept in the util-linux package.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=11811
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch makes the upcoming udisks2 version bump patch easier to
read, and also fixes the udisks.mk, so it follows Buildroot's package
guidelines.
Host packages are placed on top of the dependency list, followed by
target dependencies.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch makes the upcoming udisks2 version bump patch easier to
read, and also fixes the Config.in, so it follows Buildroot's package
guidelines.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
uclibc is part of the toolchain, and as such does not have a dependency
on it. As a consequence, it does not have a dependency on host-ccache,
when this is needed.
Usually, host-ccache is built before uclibc, as part of the dependency
of gcc-initial, host-binutils, and a few other host packages that are
built before uclibc.
However, during top-level parallel builds, this ordering is only ever
guaranteed at the beginning of the configure step, and not before.
But for kconfig-packages, the moment we apply the configuration to
prepare the .config file is a pseudo step that happens somewhere in
limbo between the patch step and the configure step. As such, the
build ordering that is otherwise guaranteed by the _DEPENDENCIES is not
applicable yet.
And so, with top-level parallel builds with ccache enabled, there is
nothing that guarantees host-ccache to be built and installed by the
time we are trying to generate uclibc's .config file, which can be quite
early in the build process, and thus the build fails:
/home/raphael/github/ftcommunity-TXT/buildroot-rootfs/output/per-package/uclibc/host/bin/ccache /usr/bin/gcc /home/raphael/github/ftcommunity-TXT/buildroot-rootfs/output/build/uclibc-1.0.34/extra/config/conf.c -c -o ../../extra/config/conf.o -Os -I/usr/include/ncursesw -DCURSES_LOC="<curses.h>" -DNCURSES_WIDECHAR=1 -DLOCALE -DKBUILD_NO_NLS -DCONFIG_='""' -I/usr/include/ncursesw -DCURSES_LOC="<curses.h>" -DNCURSES_WIDECHAR=1 -DLOCALE -DKBUILD_NO_NLS -DCONFIG_='""'
/bin/sh: 1: /home/raphael/github/ftcommunity-TXT/buildroot-rootfs/output/per-package/uclibc/host/bin/ccache: not found
make[2]: *** [Makefile:64: ../../extra/config/conf.o] Error 127
make[1]: *** [Makefile.in:475: extra/config/conf] Error 2
make[1]: Leaving directory '/home/raphael/github/ftcommunity-TXT/buildroot-rootfs/output/build/uclibc-1.0.34'
make: *** [package/uclibc/uclibc.mk:458: /home/raphael/github/ftcommunity-TXT/buildroot-rootfs/output/build/uclibc-1.0.34/.stamp_dotconfig] Error 2
make: *** Waiting for unfinished jobs....
The root cause is that uclibc sets;
UCLIBC_KCONFIG_OPTS = $(UCLIBC_MAKE_FLAGS) [...]
with:
UCLIBC_MAKE_FLAGS = [...] HOSTCC="$(HOSTCC)"
And then the kconfig-package infra calls to the configurators,
menuconfig, xconfig et al, but also olddefconfig et al.. with:
[...] $($(1)_MAKE) [...] $(PKG_KCONFIG_COMMON_OPTS) $($(1)_KCONFIG_OPTS) [...]
with (note a latent bug in there, will be fixed in another patch):
PKG_KCONFIG_COMMON_OPTS = HOSTCC=$(HOSTCC_NOCCACHE)
So, a HOSTCC as set by a package will always win onver the one set by
the infra, which is exactly what we want.
But in this case, uclibc sets HOSTCC so that it can build its host tools
needed during the build, and in doing so uses the ccache-enabled host c
compiler. Which might not yet be available for the kconfig-package infra
to generate the .config file.
We had a similar (non-)issue for the linux package, which was fixed in
commit 71a31b2357 (linux: use HOSTCC_NOCCACHE as kconfig HOSTCC).
But here, uclibc does not have the toolchain in its dependencies (as said
earlier, uclibc *is* part of the toolchain).
Since the host compiler is only used to build very few files to generate
the simple executable needed to generate the .config file, doing without
the ccache-enabled host compiler will be amply enough.
So, we override HOSTCC in UCLIBC_KCONFIG_OPTS, to use the non-cached
host compiler.
Note that, in a first approximation, one would be tempted to change the
ordering in the kconfig-package infra:
$($(1)_KCONFIG_OPTS) $(PKG_KCONFIG_COMMON_OPTS)
so that the non-cached HOSTCC always wins over the cached one. But this
would be incorrect, in cases where the package really needs to override
HOSTCC; indeed we want the package-provided values to always win over
the default ones providing by the infra.
Reported-by: Raphael Jacob <r.jacob2002@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Acked-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Extract from ChangeLog:
- In release 1.6.1 the version number in CMakeLists.txt wasn't
updated, affecting the installed cmake and pkgconfig files. The
version number has been bumped to 1.6.2 in all relevant files now.
- "KaxBlockAddIDValue" class: this class is no longer marked as
"mandatory" in order to coincide with the latest specification.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update indentation in hash file (two spaces)
Extract from NEWS:
- Fix unlikely memory leak in idna_to_unicode_4z4z().
- Check codepoint validity in punycode_decode() and punycode_decode().
- tld: Add U+00EF to .nl TLD table.
- Indent code.
- Translation fixes.
- Update gnulib files.
- API and ABI is backwards compatible with the previous version.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop patch (already in version) and so autoreconf
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update indentation in hash file (two spaces)
Extract from NEWS:
- mkdir: fixed exit code with -f option.
- ftp: made ftp:use-pret setting tri-boolean.
- get/mget/put/mput: don't try next files after error if cmd:fail-exit
is true.
- get/mget: fixed -O option with remote URL and xfer:use-temp-file being
true.
- mirror: disallow empty patterns; don't delete "..".
- mirror: fixed --on-change with --reverse.
- sftp: fixed a bug with truncated files when packets are reordered
(finally).
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Upstream removed spandsp and sofia-sip from source and now uses external
packages, removed patch 0001 which fixed a bug in the internal sofia-sip
code, removed insecure md5 and sha1 hashes.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Extract from NEWS:
- Fix subscription check on V6 link-local addresses
- Add autofree function for GUPnPServiceProxyAction
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
>From https://github.com/PurpleI2P/i2pd/releases/tag/2.33.0:
- UDP tunnels through ECIES-X25519-AEAD-Ratchet
- Shared transient addresses
- ECIES-X25519-AEAD-Ratchet and multiple encryption keys through I2CP
- Pre-calculated x25519 ephemeral keys
- crypto.ratchet.inboundTags parameter
- Don't save invalid address to AddressBook
- Correct ECDSA signatures names in SAM
- New webconsole layout
- Shared routing path for datagram session
- Change datagram routing path if nothing comes back in 10 seconds
- Updated reseed servers list
- Don't connect through terminated SAM destination
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 25b1dc4613 disabled parted on
uClibc due to the following build failure:
atari.c:221:9: error: dereferencing pointer to incomplete type 'struct __uclibc_locale_struct'
return isalnum_l(part->id[0], atr_c_locale)
This was fixed in upstream uClibc-ng as of upstream commit
d1a3ca7ca56630fddde7311a0474eed4a21335a7, which was part of the 1.0.33
uClibc-ng release. On the Buildroot side, even though Buildroot
2020.02 was using uClibc-ng 1.0.32, we already had this patch
backported.
So we can now safely re-enable parted for uClibc-ng toolchains, as
well as its reverse dependencies.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In 4fc62e1eb6, we removed arch/toolchain
dependencies from the mosquitto library (MMU, !STATIC, SYNC4), and moved
them to the mosquitto broker only.
All the packages modified here only need the mosquitto library, so they
shouldn't have those depends anymore; but this was never done before.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
[Peter: leave mmu/!static dependency for domoticz as it uses fork()/looks
for libmosquitto.so]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable audit for host package to avoid getting the following error if
it is found on host:
[84/662] Generating audit_type-list.txt with a meson_exe.py custom command
In file included from <command-line>:32:
./../src/basic/missing_audit.h:7:10: fatal error: libaudit.h: No such file or directory
7 | #include <libaudit.h>
| ^~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/67782c225c08387c1bbcbea9eee3ca12bc6577cd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build with cryptsetup and without libblkid will fail on:
../src/shared/dissect-image.c:1336:34: error: 'N_DEVICE_NODE_LIST_ATTEMPTS' undeclared (first use in this function)
1336 | for (unsigned i = 0; i < N_DEVICE_NODE_LIST_ATTEMPTS; i++) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
This bug has been reported upstream:
https://github.com/systemd/systemd/pull/16901
and is not an issue for the target variant as libblkid is select by
BR2_PACKAGE_UTIL_LINUX_MOUNT
As cryptsetup does not seem needed for host-systemd, just disable it
Fixes:
- http://autobuild.buildroot.org/results/67782c225c08387c1bbcbea9eee3ca12bc6577cd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As 18f6c26118 just did to silence the file lists commands, switch to
using $(Q) instead of a plain @, to silence the commands.
Using $(Q) will allow to debug the commands with V=1.
We keep @ for the calls to MESSAGE, though.
The commands that are not currently silenced are left as-is, and they
can be converted to being silent in a followup patch, if need be,
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If the modules directory that corresponds to the version of the kernel
being built has been deleted, don't try to run depmod, which will
obviously fail.
This can happen for instance when the modules are stripped from the main
root filesystem, and placed into a separate filesystem image, so that
the root filesystem and the kernel can be updated separately.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Libbytesize is a small library providing a C "class" for working with
arbitrary big sizes in bytes.
The mdraid plugin for libblockdev depends on this package, which newer
versions of udisks require when building with the udisks daemon
enabled.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 98a6f1fc02 (fs/cpio: make initramfs init script survive 'console='
kernel argument) dropped the explicit /dev/console execs for fd 0,1,2, as
they fail when booted with console= and aren't really needed as the kernel
will setup fd 0,1,2 from /dev/console before executing the initramfs anyway.
Not doing this unfortunately confuses glibc's ttyname_r(3) implementation
(used by E.G. busybox/coreutils 'tty'), causing it to fail with ENOENT as
it does a fstat on fd 0 and tries to match up st_ino / st_dev against the
entries in /dev (since glibc 2.26):
commit 15e9a4f378c8607c2ae1aa465436af4321db0e23
Author: Christian Brauner <christian.brauner@canonical.com>
Date: Fri Jan 27 15:59:59 2017 +0100
linux ttyname and ttyname_r: do not return wrong results
If a link (say /proc/self/fd/0) pointing to a device, say /dev/pts/2, in a
parent mount namespace is passed to ttyname, and a /dev/pts/2 exists (in a
different devpts) in the current namespace, then it returns /dev/pts/2.
But /dev/pts/2 is NOT the current tty, it is a different file and device.
Detect this case and return ENODEV. Userspace can choose to take this as a hint
that the fd points to a tty device but to act on the fd rather than the link.
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
The reason it fails is that we manually mount devtmpfs on /dev in /init, so
the /dev/console used by the kernel (in rootfs) is not the same file as
/dev/console at runtime (in devtmpfs).
Notice: Once logged in, tty does work correctly. Presumably login reopens
stdin/stdout/stderr.
To fix this, re-add the exec of /dev/console for fd 0,1,2, but only do so if
possible. Because of the above mentioned shell behaviour (specified by
POSIX [0]), perform this check in a subshell.
[0] https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_20_01
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
libblockdev is a C library supporting GObject introspection for
manipulation of block devices. It has a plugin-based architecture
where each technology (like LVM, Btrfs, MD RAID, Swap,...) is
implemented in a separate plugin, possibly with multiple
implementations.
gobject-introspection is not a strict dependency and may be disabled
via a configure flag.
This is the base package with everything disabled, the subsequent
patches in this series will add more options necessary to bump udisks
to the latest.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fix CVE-2020-14349: It was found that PostgreSQL versions before 12.4,
before 11.9 and before 10.14 did not properly sanitize the search_path
during logical replication. An authenticated attacker could use this
flaw in an attack similar to CVE-2018-1058, in order to execute
arbitrary SQL command in the context of the user used for replication.
- Fix CVE-2020-14350: It was found that some PostgreSQL extensions did
not use search_path safely in their installation script. An attacker
with sufficient privileges could use this flaw to trick an
administrator into executing a specially crafted script, during the
installation or update of such extension. This affects PostgreSQL
versions before 12.4, before 11.9, before 10.14, before 9.6.19, and
before 9.5.23.
https://www.postgresql.org/docs/12/release-12-4.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit adds the new test cases generated automatically by the
bl-toolchains-gen script, to test the integration of the Bootlin
toolchains.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit wires-up the toolchain-external-bootlin package into
Buildroot by:
- Adding
toolchain/toolchain-external/toolchain-external-bootlin/Config.in,
which is not generated by the bl-toolchains-gen script as it is a
static file that does not depend on the list and characteristics of
available Bootlin toolchains.
- Including that file, as well as the Config.in.options file, from
toolchain/toolchain-external/Config.in.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Titouan Christophe <titouan.christophe@railnova.eu>
Tested-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit adds the contents of the
toolchain/toolchain-external/toolchain-external-bootlin/ files
generated by bl-toolchains-gen, unmodified.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
https://toolchains.bootlin.com/ has been providing for a few years a
number of ready-to-use pre-built toolchains, for a wide range of
architectures (which it turns out, are all built using Buildroot).
While toolchains.bootlin.com provides Buildroot config fragments to
easily use those toolchains with Buildroot (see [0] for example), this
is not visible anywhere. So instead, we would like to add support for
these toolchains in Buildroot just like we have existing support for
Linaro, ARM, Synopsys, etc. toolchains.
[0] https://toolchains.bootlin.com/downloads/releases/toolchains/aarch64/fragments/aarch64--glibc--bleeding-edge-2020.02-2.frag
However, the number of toolchains provided by toolchains.bootlin.com
is really large, and they are regularly updated. Maintaining that
manually would be time consuming and error-prone. So instead, this
commit introduces a script that automatically generates:
- toolchain/toolchain-external/toolchain-external-bootlin/Config.in.options
- toolchain/toolchain-external/toolchain-external-bootlin/toolchain-external-bootlin.mk
- toolchain/toolchain-external/toolchain-external-bootlin/toolchain-external-bootlin.hash
- support/testing/tests/toolchain/test_external_bootlin.py
We create a single external toolchain package, with a Kconfig "choice"
as a sub-option to select the toolchain variant to be used. The script
contains a Python dict that provides the mapping between the
toolchains provided by toolchains.bootlin.com, and the architecture
options/variants they are applicable to.
The test cases allow to verify that the toolchain configuration is
correct, and that it is able to build a Busybox based system. It
doesn't do any runtime testing as such testing is already done by
toolchains.bootlin.com: the test cases here are only meant to verify
that the toolchain-external-bootlin package works as expected.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Titouan Christophe <titouan.christophe@railnova.eu>
Tested-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since the go.mod integration, the <pkg>_WORKSPACE variable is useless,
so drop it.
Reported-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that we have switched to the go.mod integration, all Go packages
are built with -mod=vendor, so there's no need to have custom GOFLAGS
in mender-artifact.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With the go.mod integration, the <pkg>_WORKSPACE variable has become
useless, drop it.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With the go.mod integration, the DOCKER_ENGINE_SRC_SUBDIR has become
useless, drop it.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With the go.mod integration, the <pkg>_WORKSPACE variable is no longer
needed, drop it.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With the go.mod integration, the <pkg>_WORKSPACE variable has become
useless, so drop it.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The Go compiler needs to know the "import path" to the root of package
source repositories. Previously, this was done by creating a fake
_gopath in the build directory and symlinking the package source into
that path.
Go has deprecated the GOPATH mechanism in favor of a new approach -
Modules - which specifies the root import path (and dependencies) in a
"go.mod" file. This commit moves Buildroot to use the new go.mod
approach, which requires:
- Passing GO111MODULE=on when building host or target Go packages.
- Passing GOPROXY=off and -mod=vendor to prevent the Go module system
from downloading by itself sources from the Internet. We currently
only support Go packages that have all their dependencies in their
source tree in "vendor" directories.
- Specifying a <pkg>_GOMOD variable, which is used both to create a
minimal go.mod file in the package source tree if it exists, and to
invoke the right build targets. Indeed, all elements in
<pkg>_BUILD_TARGETS are now relative to <pkg>_GOMOD.
Reference: https://github.com/golang/go/wiki/Modules
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In preparation for the go.mod integration, define the DOCKER_CLI_GOMOD
variable.
We also use it as a handy shortcut when defining DOCKER_CLI_LDFLAGS.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In preparation for the go.mod integration, define the
DOCKER_ENGINE_GOMOD variable.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In preparation for the go.mod integration, define the
DOCKER_CONTAINERD_GOMOD variable.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that GO_TARGET_ENV and GO_HOST_ENV are just aliases to
HOST_GO_TARGET_ENV and HOST_GO_HOST_ENV, drop the former two, and use
the latter two directly.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There is no point in having some common Go env variables defined in
pkg-golang.mk:GO_COMMON_ENV, and some in
package/go/go.mk:HOST_GO_COMMON_ENV. Let's move all of them to
package/go/go.mk:HOST_GO_COMMON_ENV.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
HOST_GO_HOST_ENV is explicitly specifying
HOST_CGO_{CFLAGS,CXXFLAGS,LDFLAGS}, so let's do the same for target
packages.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
A few variables are common between HOST_GO_TARGET_ENV and
HOST_GO_HOST_ENV, so let's introduce a HOST_GO_COMMON_ENV variable for
those few common ones (which will increase in follow-up commits).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/go/go.mk provides a HOST_GO_TARGET_ENV which provides a useful
set of environment variables needed to build target Go packages.
For host packages, we simply have package/pkg-golang.mk defining
GO_HOST_ENV to specify CFLAGS/LDFLAGS, but that's it: we don't pass an
explicit path to the compiler, we don't pass GO111MODULE, GOCACHE,
GOROOT, etc.
This commit introduces a HOST_GO_HOST_ENV variable that provides the
appropriate set of environment variables to use when building host
golang packages.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The upstream tarball provides an already generated configure script,
which works fine, so there's no need to AUTORECONF.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit 0e2be4db8a
("package/pkg-generic: make file list logic parallel build
compatible"), the commands executed at the every end of the build
to assemble the list of files installed by the different packages
are visible in the make output. They are quite noisy, and clutter
the output.
The other commands in target-finalize are also hidden using "@",
so we should also do the same for those commands. But that hurts
debuggability, so we use $(Q) (the existing '@'s can be changed
in a followup patch).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: use '$(Q)', not '@']
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
watchdog is a flexible watchdog daemon that improves on the already
available Busybox watchdog daemon by providing more advanced features,
like defining custom system status checks and executing repair scripts
to react upon invariants that don't hold.
Due to "watchdog" being also provided by Busybox, we need to make that
package/watchdog installs the watchdog binary in the same place as
Busybox (i.e in /sbin), and need to add a dependency of Busybox on
this new watchdog package.
Signed-off-by: Alejandro González <alejandro.gonzalez.correo@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
By default, go will attempt to download needed modules before building, which
is not desirable. This behavior also causes permission issues when cleaning,
as go downloads modules as read-only by default. Because mender-artifact
includes the modules in the vendor directory, mod=vendor prevents the package
from downloading the go modules during the build process and prevents
permission issues when cleaning.
Fixes:
http://autobuild.buildroot.net/results/d5bcaca73ae74fe8b0ebd39b6331564cd639fb66
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
wolfSSL version 4.5.0 contains 6 vulnerability fixes: 2 fixes for TLS 1.3,
2 side channel attack mitigations, 1 fix for a potential private key leak
in a specific use case, 1 fix for DTLS including those 3 CVEs:
- Fix CVE-2020-12457: An issue was discovered in wolfSSL before 4.5.0.
It mishandles the change_cipher_spec (CCS) message processing logic
for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a
crafted way involving more than one in a row, the server becomes stuck
in the ProcessReply() loop, i.e., a denial of service.
- Fix CVE-2020-15309: An issue was discovered in wolfSSL before 4.5.0,
when single precision is not employed. Local attackers can conduct a
cache-timing attack against public key operations. These attackers may
already have obtained sensitive information if the affected system has
been used for private key operations (e.g., signing with a private
key).
- Fix CVE-2020-24585: An issue was discovered in the DTLS handshake
implementation in wolfSSL before 4.5.0. Clear DTLS application_data
messages in epoch 0 do not produce an out-of-order error. Instead,
these messages are returned to the application.
Also update hash of LICENSING as well as WOLF_LICENSE due to later
verbage update with
970391319bhttps://www.wolfssl.com/docs/security-vulnerabilities/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Also separate the fields in the hash file by two spaces and add pgp
signature check.
Since we're now using the default value for POWERTOP_SOURCE, drop this
variable definition.
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mainline Linux now has basic s500/roseapplepi support, so switch to that to
get rid of the dependency on gcc7. Add two patches for the dts / fix that
didn't make it for kernel 5.7.
The mainline kernel does not yet have support for the mmc interface, so
change to initramfs for now. Patches for mmc support have been posted
recently, so this can be reverted once they show up in a stable kernel:
https://lore.kernel.org/lkml/cover.1593124368.git.cristian.ciocaltea@gmail.com/
The owl serial port is called ttyOWLn in mainline, so adjust the bootargs to
match. Also drop the unneeded execute permission on uEnv.txt.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issue:
CVE-2016-10228: An infinite loop has been fixed in the iconv program when
invoked with the -c option and when processing invalid multi-byte input
sequences. Reported by Jan Engelhardt.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Many of the mender CLI commands use systemctl commands to get information about
the daemon, such as the PID (IE: systemctl show -p MainPID mender-client).
As seen above, these commands expect the service file to be named
"mender-client" instead of "mender."
As such, in the current state, running a forced update check in the CLI will
result in the following error:
failed to force updateCheck: could not find the PID of the mender daemon.
Changing the name of mender.service to mender-client.service fixes the issue.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On Ubuntu 18.04, make-4.1 emits spurious, incorrect "entering/leaving"
messages, which end up in the LINUX_VERSION_PROBED variable:
printf 'probed linux version: "%s"\n' "$(LINUX_VERSION_PROBED)"
probed linux version: "make[1]: Entering directory '/home/buildroot'
4.19.78-linux4sam-6.2
make[1]: Leaving directory '/home/buildroot/output/build/linux-linux4sam_6.2'"
First, the messages are displayed even though we do explicitly pass
--no-print-directory -s.
Second, the entering and leaving messages are not about the same
directory!
This *only* occurs in the following conditions:
- the user has the correct 0022 umask,
- top-level parallel is used (with or without PPD),
- initial -C is specified as well.
$ umask 0022
$ make -j16 -C $(pwd)
[...]
depmod: ERROR: Bad version passed make[1]:
[...]
(yes, 'make[1]:' is the string depmod is trying, and fails, to parse as
a version string).
If any of the three conditions above is removed, the problem no longer
occurs. Here's a table of the MAKEFLAGS:
| 0002 | 0022 |
----+-------+------------------------------------------------+--------------------------+
| no-j | --no-print-directory -- | |
noC | +------------------------------------------------+--------------------------+
| -j16 | -j --jobserver-fds=3,4 --no-print-directory -- | -j --jobserver-fds=3,4 |
----+-------+------------------------------------------------+--------------------------+
| no-j | --no-print-directory -- | w |
-C | +------------------------------------------------+--------------------------+
| -j16 | -j --jobserver-fds=3,4 --no-print-directory -- | w -j --jobserver-fds=3,4 |
----+-------+------------------------------------------------+--------------------------+
0002: umask == 0002
0022: umask == 0022
no-j: no -j flag
-j16: -j16 flag
noC: no -C flag
-C : -C /path/of/buildroot/
Only the bottom-right-most case fails...
This behaviour goes against what is documented:
https://www.gnu.org/software/make/manual/make.html#g_t_002dw-Option
5.7.4 The ‘--print-directory’ Option
[...]
you do not need to specify this option because ‘make’ does it for
you: ‘-w’ is turned on automatically when you use the ‘-C’ option,
and in sub-makes. make will not automatically turn on ‘-w’ if you
also use ‘-s’, which says to be silent, or if you use
‘--no-print-directory’ to explicitly disable it.
So this exactly describes our situation; yet 'w' is added to MAKEFLAGS.
Getting rid of the 'w' flag makes the build succeed again, so that's
what we do here (bleark, icky)...
Furthermore, the documented way to override MAKEFLAGS is to do so as a
make parameter:
https://www.gnu.org/software/make/manual/make.html#Options_002fRecursion
5.7.3 Communicating Options to a Sub-make
[...]
If you do not want to pass the other flags down, you must change the
value of MAKEFLAGS, like this:
subsystem:
cd subdir && $(MAKE) MAKEFLAGS=
However, doing so does not fix the issue. So we resort to pass the
modified MAKEFLAGS via the environment (bleark, icky)...
Fixes: #13141
Reported-by: Laurent <laurent@neko-labs.eu>
Reported-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2020-24332
If the tcsd daemon is started with root privileges,
the creation of the system.data file is prone to symlink attacks
CVE-2020-24330
If the tcsd daemon is started with root privileges,
it fails to drop the root gid after it is no longer needed
CVE-2020-24331
If the tcsd daemon is started with root privileges,
the tss user has read and write access to the /etc/tcsd.conf file
For details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/05/20/3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This scripts takes as entry on stdin a JSON description of the package
used for a given configuration. This description is the one generated
by "make show-info".
The script generates the list of all the packages used and if they are
affected by a CVE. The output is either a JSON or an HTML file similar
to the one generated by pkg-stats.
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>=
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The affects method of the CVE uses the Package class defined in
pkg-stats. The purpose of migrating the CVE class outside of pkg-stats
was to be able to reuse it from other scripts. So let's remove the
Package dependency and only use the needed information.
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add the list of the CVEs to ignore for each package because they
already have a fix for it.
This information will be useful for a cve-checker.
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In 2019, the JSON vulnerability feeds switched their schema from
version 1.0 to 1.1.
The main difference is the removal of the "affects" element that we
were using to check if a package was affected by a CVE.
This information is now available in the "configuration" element which
contains the cpeid as well as properties about the versions
affected. Instead of having a list of the versions affected, with
these properties, it is possible to have a range of versions.
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In order to be able to use the CVE checking logic outside of
pkg-stats, move the CVE class in a module that can be used by other
scripts.
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some CVE entries in the NVD database have version_value set to "-",
which seems to indicate that it applies to all versions of the
software project, or that they don't really know which versions are
affected, and which are not.
So, for the benefit of doubt, it seems more appropriate to consider
such CVEs as affecting our packages.
This makes the total number of CVEs affecting our next branch jump
from 141 CVEs to 658 CVEs, but that number will go back down once we
switch to the JSON 1.1 schema. Indeed, in the JSON 1.0 schema, there
are often cases where a version_value is set to "=" *and* specific
versions are set to.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fix CVE-2019-5163: An exploitable denial-of-service vulnerability
exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When
utilizing a Stream Cipher and a local_address, arbitrary UDP packets
can cause a FATAL error code path and exit. An attacker can send
arbitrary UDP packets to trigger this vulnerability.
- Fix CVE-2019-5164: An exploitable code execution vulnerability exists
in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted
network packets sent to ss-manager can cause an arbitrary binary to
run, resulting in code execution and privilege escalation. An attacker
can send network packets to trigger this vulnerability.
Also update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
gnuradio-runtimeTargets.cmake and gnuradio-pmtTargets.cmake are filled
using CMAKE_INSTALL_PREFIX for INSTALL_INTERFACE.
Since CMAKE_INSTALL_PREFIX, in buildroot, is set to /usr, these files contains
path to host system.
With BR2_COMPILER_PARANOID_UNSAFE_PATH package using gnuradio fails with:
arm-linux-gnueabihf-g++: ERROR: unsafe header/library path used in cross-compilation: '-isystem' '/usr/include'
By simply providing 'include', produced .cmake contains:
INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include"
instead of
INTERFACE_INCLUDE_DIRECTORIES "/usr/include"
[Upstream status: https://github.com/gnuradio/gnuradio/pull/3737]
Fix (many) gr-osmosdr build failure:
- http://autobuild.buildroot.net/results/66b76c07f15bb3e6db697c47796ae3dd15ecf4b9/
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix CVE-2020-15389: jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a
use-after-free that can be triggered if there is a mix of valid and
invalid files in a directory operated on by the decompressor. Triggering
a double-free may also be possible. This is related to calling
opj_image_destroy twice.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix CVE-2020-12762: json-c through 0.14 has an integer overflow and
out-of-bounds write via a large JSON file, as demonstrated by
printbuf_memappend.
Also update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- remove patch that is in new version
- update indentation in hash file (two spaces)
Run tests:
br-arm-full [1/6]: OK
br-arm-cortex-a9-glibc [2/6]: OK
br-arm-cortex-m4-full [3/6]: OK
br-x86-64-musl [4/6]: OK
br-arm-full-static [5/6]: OK
sourcery-arm [6/6]: OK
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
FRR is free software that implements and manages various IPv4 and IPv6
routing protocols. It runs on nearly all distributions of Linux and
BSD as well as Solaris and supports all modern CPU architectures.
FRR currently supports the following protocols:
BGP
OSPFv2
OSPFv3
RIPv1
RIPv2
RIPng
IS-IS
PIM-SM/MSDP
LDP
BFD
Babel
PBR
OpenFabric
VRRP
EIGRP (alpha)
NHRP (alpha)
Some not-needed features were disabled to minimize package
dependencies:
- POSIX capabilities
- RPKi
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[Thomas:
- select bash instead of depending on it
- switch to version 7.4, since 7.3 was not building (it's using
TRUE/FALSE, which are not standard, and this was fixed in 7.4)
- use the github macro to define FRR_SITE
- use host-python3 instead of host-python]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since the bump of assimp to 5.0.1, we have build failures on mips64el,
due to relocations being truncated. The issue seems to be quite
similar to the one on m68k coldfire, as both m68k and MIPS have this
-mxgot gcc option to switch to using a GOT that has no size limit (but
causes less efficient code to be produced).
Here as well, the overall relevance of assimp on mips64(el) platforms
being probably very limited, the incentive to search for a better
solution is pretty limited.
Fixes:
http://autobuild.buildroot.net/results/7df487d5117b2ee440a07dbff9cae1b181566748/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
On m68k coldfire, we already pass -mxgot, but since the bump to assimp
5.0.1, this is no longer sufficient, and we have failures such as:
/tmp/ccqmJLil.s: Assembler messages:
/tmp/ccqmJLil.s:307948: Error: value -43420 out of range
/tmp/ccqmJLil.s:307985: Error: value -38606 out of range
/tmp/ccqmJLil.s:308010: Error: value -38626 out of range
/tmp/ccqmJLil.s:308056: Error: value -33280 out of range
Since these issues only arise when building with -O2, let's disable
the optimization for this package on m68k. The very relative relevance
of assimp on m68k coldfire makes the research of a better solution not
really useful (for the record, assimp is a "library to import various
well-known 3D model formats in a uniform manner").
Fixes:
http://autobuild.buildroot.net/results/a7d4fb2653b0f1be4d036ee46a44e72da0ed4376/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This option is required by frr package, so enable it by default as there
is no size difference with or without this option enabled.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Our patch
0003-Add-option-to-make-the-rpath-relative-under-a-specif.patch adds
an option --make-rpath-relative, which we use to tweak RPATH of target
binaries.
However, one of the effect of this option is that it drops RPATH
entries if the corresponding directory does not contain a library that
is referenced by a DT_NEEDED entry of the binary.
This unfortunately isn't correct, as RPATH entries are not only used
by the dynamic linker to resolve the location of libraries listed
through DT_NEEDED entries: RPATH entries are also used by dlopen()
when resolving the location of libraries that are loaded at runtime.
Therefore, the removal of RPATH entries that don't correspond to
directories containing libraries referenced by DT_NEEDED entries break
legitimate uses of RPATH for dlopen()ed libraries.
This issue was even pointed out during the review of the upstream pull
request:
https://github.com/NixOS/patchelf/pull/118#discussion_r329660138
This fixes tst-origin uClibc-ng unit test:
https://github.com/wbx-github/uclibc-ng-test/blob/master/test/dlopen/Makefile.in#L25https://github.com/wbx-github/uclibc-ng-test/blob/master/test/dlopen/tst-origin.c#L15
Without this patch:
$ gcc -o toto toto.c -Wl,-rpath,/tmp/test/bar
$ readelf -d toto | grep PATH
0x000000000000000f (RPATH) Library rpath: [/tmp/test/bar]
$ ./output/host/bin/patchelf --debug --make-rpath-relative /tmp/
toto
patching ELF file `toto'
Kernel page size is 4096 bytes
removing directory '/tmp/test/bar' from RPATH because it does not contain needed libs
new rpath is `'
$ readelf -d toto | grep PATH
0x000000000000001d (RUNPATH) Library runpath: []
With the patch applied:
$ gcc -o toto toto.c -Wl,-rpath,/tmp/test/bar
$ readelf -d toto | grep PATH
0x000000000000000f (RPATH) Library rpath: [/tmp/test/bar]
$ ./output/host/bin/patchelf --debug --make-rpath-relative /tmp/ toto
patching ELF file `toto'
Kernel page size is 4096 bytes
keeping relative path of /tmp/test/bar
new rpath is `test/bar'
$ readelf -d toto | grep PATH
0x000000000000001d (RUNPATH) Library runpath: [test/bar]
Signed-off-by: Yann Sionneau <ysionneau@kalray.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
IPTraf-ng is a console-based network monitoring program for Linux that
displays information about IP traffic. It returns such information as:
- Current TCP connections
- UDP, ICMP, OSPF, and other types of IP packets
- Packet and byte counts on TCP connections
- IP, TCP, UDP, ICMP, non-IP, and other packet and byte counts
- TCP/UDP counts by ports
- Packet counts by packet sizes
- Packet and byte counts by IP address
- Interface activity
- Flag statuses on TCP packets
- LAN station statistics
V1.2.1 fixed multiple issues in V1.1.4 like :
- Introduce packet capturing abstraction: add recvmmsg(),
TPACKET_V2 and TPACKET_V3 to capture in multigigabit speeds.
- Handling mlock() failures and carry on execution (without
crashing iptraf-ng).
- Properly account non-IP packets.
- Show dropped packet count.
Signed-off-by: Jugurtha BELKALEM <jugurtha.belkalem@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As we recently stopped testing the x86-64 Sourcery toolchain, it means
we no longer have any x86-64 glibc based toolchain in our
autobuilders. Since this is a pretty common configuration, it makes
sense to test it, which this commit does by adding a config fragment
to use the x86-64 glibc bleeding edge Bootlin toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This toolchain uses an old gcc 6.2.0, and newer versions of the
toolchain are no longer publicly available. This old gcc 6.2.0 causes
build issues of Boost, which are unfixable without updating the
toolchain. As we're about to drop support for this toolchain entirely,
we must stop testing it in our autobuilder infrastructure.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This bump is needed to fix a build failure with gcc 10:
https://savannah.nongnu.org/support/?func=detailitem&item_id=110186#options
Here is an extract of the bug report:
"It is not a bug to have variables with the same name in different source
files. The bug was the missing keyword "static".
But there was a different bug that was not tolerated by GCC 10. It was
same strange data type conversions in dav_coda.c. The resolution was to
drop coda altogether because there is still fuse which is better suited
anyway.
The new release 1.6.0 should fix all these problems. Please tell me if
there are still problems with GCC 10."
Also update indentation in hash file (two spaces)
Fixes:
- http://autobuild.buildroot.org/results/42beafade6fd31927c8db14bc52110c0fc5b17c2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove patch from this version.
Remove USE_CRYPTO related config (configuration was removed in this
release).
tftpd is not built by default since this release, thus explicitly enable it.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security vulnerabilities:
CVE-2020-12695: The Open Connectivity Foundation UPnP specification before
2020-04-17 does not forbid the acceptance of a subscription request with a
delivery URL on a different network segment than the fully qualified
event-subscription URL, aka the CallStranger issue.
For details, see the advisory:
https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In commit 26e37cef16, we started using
__WORDSIZE to get the size of longs on the given architecture, in
order to support all CPU architectures.
Unfortunately, __WORDSIZE is not enabled in musl, so in
19bd089004, we switched to using
LONG_BIT instead of __WORDSIZE.
However, LONG_BIT is not readily available on glibc, you need
_XOPEN_SOURCE to be defined, which was done in
a34e7f88f6.
However, in a34e7f88f6, _XOPEN_SOURCE
was just defined, with no specific value. This caused the build to
break again on uClibc-ng and older glibcs, because clock_gettime() and
CLOCK_MONOTONIC were no longer defined. In both uClibc-ng and glibc,
CLOCK_MONOTONIC is only defined if __USE_POSIX199309 is defined. It
turns out that simply defining _XOPEN_SOURCE with no value does not
lead to __USE_POSIX199309 being defined in uClibc-ng and old glibcs,
while it is defined in newer glibcs.
The difference comes from the following snippet of code, which is
present in recent enough glibc's <feature.h> but not uClibc-ng's or
older glibc's <feature.h>:
/* If none of the ANSI/POSIX macros are defined, or if _DEFAULT_SOURCE
is defined, use POSIX.1-2008 (or another version depending on
_XOPEN_SOURCE). */
So the fact that we are defining _DEFAULT_SOURCE makes it assume that
we're using POSIX 2008.09, which obviously includes POSIX 1993.09.
Due to the lack of this code snippet, uClibc-ng <features.h> only
enables:
!defined _POSIX_SOURCE && !defined _POSIX_C_SOURCE)
but not:
So we need an _XOPEN_SOURCE level of at least 500 for POSIX 1993.09
definitions to be available.
This is confirmed by the feature_test_macros man page, which states:
_XOPEN_SOURCE < 500
_POSIX_C_SOURCE is defined with the value 2.
500 <= _XOPEN_SOURCE < 600
_POSIX_C_SOURCE is defined with the value 199506L.
When this is fixed, another issue arises with older glibc toolchains
(such as Sourcery ARM), where fd_set is no longer defined. Inded, with
POSIX-1.2001 being enabled, we need to include <sys/select.h> to
access the fd_set definition and friends (see man fd_set for details).
This commit was tested with two glibc toolchains (recent and old), one
uClibc-ng toolchain and one musl toolchain.
Fixes:
http://autobuild.buildroot.net/results/e20f9474fc0217036faa6561df33fa983466ddfe/
(uClibc-ng)
http://autobuild.buildroot.net/results/b5d944389fc96ef2c5e0608fe4ac34149e5f9739/
(glibc)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: Vincent Fazio <vfazio@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As Thomas said:
> In this sort of situation, we generally don't add any legacy
> handling. Indeed, since the feature is now mandatory... the
> default behavior will always be OK.
> People who could be annoyed are people who had this feature
> disabled... which is now always enabled. But the legacy handling
> will anyway not help those people.
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- argp is no more used;
- UDEV dependency is now optional
Fix:
- http://autobuild.buildroot.org/results/f3f3cc216ae42bb8a8925b0df7c1a3cc79b027d7
/home/buildroot/autobuild/instance-1/output-1/build/openfpgaloader-849e5751e06d4d00f323205d5f02ee01f9f59a61/src/spiFlash.cpp:
In member function 'void SPIFlash::jtag_write_read(uint8_t, uint8_t*, uint8_t*, uint16_t)':
/home/buildroot/autobuild/instance-1/output-1/build/openfpgaloader-849e5751e06d4d00f323205d5f02ee01f9f59a61/src/spiFlash.cpp:92:43:
error: variable-sized object 'jtx' may not be initialized
uint8_t jtx[xfer_len] = {reverseByte(cmd)};
^
and
src/gowin.cpp:73:11: error: 'runtime_error' is not a member of 'std'
throw std::runtime_error("both write-flash and write-sram can't be set");
^
src/gowin.cpp:81:10: error: 'runtime_error' is not a member of 'std'
throw std::runtime_error("incompatible file format");
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
[yann.morin.1998@free.fr:
- don't add a sub-option for udev; directly rely on udev being avail
- fix conflict after 1ca0077d91
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
There is no debug profile on cargo. The available profiles are: dev
(enabled by default), release, test and bench.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Although the patch makes the package build OK, it fails at runtime
when the module is imported, because of missing symbols:
ImportError: /usr/lib/python3.8/site-packages/RPi/_GPIO.cpython-38-aarch64-linux-gnu.so: undefined symbol: high
Fix that by making sure the symbols are declared once, but only once.
Fixes: #13166
Reported-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Michael Fischer <mf@go-sys.de>
Cc: Asaf Kahlon <asafka7@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Cc: Ian Haylock <haylocki@yahoo.co.uk>
Tested-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
openfpgaloader is written in C++, so the dependency on C++ is not
inherited from libftdipp1.
Drop the confusing comment.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
FFI support in php has been added with commit
e16f05c0f0, it depends on dynamic library
otherwise the build will fail on:
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/5.5.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: ext/ffi/ffi.o: in function `zim_FFI_cdef':
ffi.c:(.text+0xe78): undefined reference to `DL_LOAD'
Fixes:
- http://autobuild.buildroot.org/results/3380b7b6777d1c5fcb53c855b003466fa3bf2079
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
CVE-2020-14367: Insecure writing of pidfile
-------------------------------------------
When chronyd is configured to save the pidfile in a directory where the
chrony user has write permissions (e.g. /var/run/chrony - the default
since chrony-3.4), an attacker that compromised the chrony user account
could create a symbolic link at the location of the pidfile to make
chronyd starting with root privileges follow the symlink and write its
process ID to a file for which the chrony user doesn't have write
permissions, causing a denial of service, or data loss.
This issue was reported by Matthias Gerstner of SUSE.
For further details, see the oss-security posting:
https://www.openwall.com/lists/oss-security/2020/08/21/1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
python-numpy is an optional dependency since
545c1a1d3a
This dependency will raise the following build failure if python-numpy
is found on the host:
aarch64_be-linux-gnu-g++: ERROR: unsafe header/library path used in cross-compilation: '-I/usr/lib/python3/dist-packages/numpy/core/include'
because mjpg-streamer uses the python executable to retrieve the include
directory:
-- Found PythonLibs: /home/peko/autobuild/instance-0/output-1/host/aarch64_be-buildroot-linux-gnu/sysroot/usr/lib/libpython3.8.so (found version "3.8.5")
-- Found PythonInterp: /usr/bin/python3.5 (found version "3.5.3")
-- Found NUMPY: /usr/lib/python3/dist-packages/numpy/core/include
So disable python filter as well as cpp example while at it
Fixes:
- http://autobuild.buildroot.org/results/e6795fa8ed5d8514b3e10ea1135afb31eab22b7e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
nls is enabled by default in meson_options.txt (which is available since
version 1.22.0). NLS was explicitly disabled for host-efl in commit
6deaa3d50d but nothing was done for the
target resulting in the following build failure:
../src/lib/elementary/elm_priv.h:189:25: warning: implicit declaration of function '_elm_dgettext'; did you mean 'dgettext'? [-Wimplicit-function-declaration]
# define E_(string) _elm_dgettext(string)
^~~~~~~~~~~~~
/nvme/rc-buildroot-test/scripts/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-uclibc/8.3.0/../../../../x86_64-buildroot-linux-uclibc/bin/ld: src/lib/elementary/libelementary.so.1.24.3.p/elc_hoversel.c.o: in function `_access_state_cb':
elc_hoversel.c:(.text+0x1210): undefined reference to `_elm_dgettext'
So enable nls dependening on BR2_SYSTEM_ENABLE_NLS and add
TARGET_NLS_DEPENDENCIES to EFL_DEPENDENCIES
Fixes:
- http://autobuild.buildroot.org/results/5985b39b87c5c392b4f9b65c12008ec7b3a143fe
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This new runtime test is based on test_dropbear.py. The only required change
is to use "-oStrictHostKeyChecking=no" instead of "-y" to accept the new key.
Since the base test infra only provide a uClibc-ng toolchain, add a second
test using a glibc based internal toolchain.
For example, this allow to trigger the openssh 8.1p bug with glibc 2.31 [1].
[1] https://bugs.archlinux.org/task/65386
Signed-off-by: Romain Naour <romain.naour@smile.fr>
yann.morin.1998@free.fr:
- deduplicate the whole test
- don't provide any NIC, we only need and use lo
- simplify post-build script (append with cat, don't munge with sed)
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Release notes:
https://dovecot.org/pipermail/dovecot-news/2020-August/000440.html
Fixes the following CVEs:
* CVE-2020-12100: Parsing mails with a large number of MIME parts could
have resulted in excessive CPU usage or a crash due to running out of
stack memory.
* CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
message buffer size, which leads to reading past allocation which can
lead to crash.
* CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the lmtp
service to crash.
* CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
zero-length message, which leads to assert-crash later on.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The src/v3.cpp source file, used as a license file, has seen a few
modifications (hence the change of hash) but none of these changes are
related to licensing.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix a bunch of CVEs: CVE-2020-16287, CVE-2020-16288, CVE-2020-16289,
CVE-2020-16290, CVE-2020-16291, CVE-2020-16292, CVE-2020-16293,
CVE-2020-16294, CVE-2020-16295, CVE-2020-16296, CVE-2020-16297,
CVE-2020-16298, CVE-2020-16299, CVE-2020-16300, CVE-2020-16301,
CVE-2020-16302, CVE-2020-16303, CVE-2020-16304, CVE-2020-16305
CVE-2020-16308, CVE-2020-16309, CVE-2020-17538
PKGCONFIG must be passed since version 9.51 and
2d84ecc578
Also drop patch (already in version) and update indentation in hash file
(two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
capabilities plugin is available since version 5.11.0 and
b934f1572c
It is currently enabled by default depending on jansson and
libmicrohttpd availability
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that gdb 9.2 has been introduced, and gdb 8.3 is the default gdb
version, we can drop the oldest gdb version, 8.1.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use "/usr/bin:/usr/sbin" as the default path if BR2_ROOTFS_MERGED_USR
is enabled, otherwise use "/bin:/sbin:/usr/bin:/usr/sbin".
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The TestExternalToolchain() base class implement a test checking if
the ELF interpreter that is advertised by Busybox really exists in the
rootfs. Of course, this only makes sense with ELF toolchains. Until
now, only ELF toolchains were tested, but we are going to use
TestExternalToolchain() with non-ELF toolchains as well, so let's make
this conditional.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: strip() lines during readlines()]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Related changes:
- add dependency on Google RE2 package
- update patches to new offsets
Tested on Ubuntu 20.04
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
RE2 is a fast, safe, thread-friendly alternative to backtracking
regular expression engines like those used in PCRE, Perl, and
Python. It is a C++ library.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This will fix the following build failure:
../src/gstreamer/gstlibcameraallocator.cpp: In static member function 'static GQuark FrameWrap::getQuark()':
/home/peko/autobuild/instance-1/output-1/host/x86_64-buildroot-linux-gnu/sysroot/usr/include/glib-2.0/glib/gatomic.h:128:15: error: variable 'gapg_temp_atomic' set but not used [-Werror=unused-but-set-variable]
gpointer *gapg_temp_atomic = (gpointer *)(atomic); \
^
Fixes:
- http://autobuild.buildroot.org/results/c28500d4cc55fbd2bac87f2c11759ddc9163bc91
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bump the Xen package to the latest release. We can also remove a patch
to change the CFLAGS as it is no longer required.
The hash of the license file is changed, as ZPL-2.0 is no longer
listed as one of the licenses of 3rd party code imported into Xen.
Signed-off-by: Alistair Francis <alistair@alistair23.me>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In keepalived, ipset is only used when iptables support is
enabled. The configure.ac script is quite convoluted, but one can
clearly see:
AS_IF([test .$enable_iptables != .no],
[
... testing for iptables ...
if test $USE_IPTABLES = Yes; then
dnl ----[Check for ipset libraries]----
SAV_CPPFLAGS="$CPPFLAGS"
CPPFLAGS="$CPPFLAGS $kernelinc"
if test "${enable_libipset}" != no; then
... testing for libipset ...
fi
]
So, the libipset library is only tested and used if iptables is
enabled. This is also visible by the code that shows at the end of the
configure script which features are enabled:
echo "Use iptables : ${USE_IPTABLES}"
if test .$USE_IPTABLES = .Yes; then
echo "Use libipset : ${USE_LIBIPSET}"
fi
Once again, the libipset support only makes sense when iptables is
enabled.
However, the configure.ac script also has some logic to detect if a
--<something>-libipset option is passed while iptables is enabled:
AS_IF([test .$enable_iptables = .no],
AS_IF([test .$enable_libipset != .], [AC_MSG_ERROR([disable-libipset requires vrrp and iptables])])
)
The error message is quite misleading because it is in fact displayed
as soon as a --<something>-libipset is passed not just
--disable-libipset.
In the context of Buildroot, we are always passing a
--<something>-libipset, regardless of whether iptables support is
enabled or not, which makes the build error out:
configure: error: disable-libipset requires vrrp and iptables
This commit fixes that by enclosing the libipset logic inside the
iptables condition. When iptables is not available, we pass
--disable-iptables and that's it, nothing else is needed. When
iptables is available, we pass --enable-iptables *and*
--enable-libipset or --disable-libipset depending on the availability
of libipset.
This has been tested successfully with the following combinations:
- keepalived, without iptables or libipset
- keepalived, with iptables, but without libipset
- keepalived, without iptables, but with libipset. In this case
libipset is obviously not used.
- keepalived, with iptables and with libipset. Both are used. Note
that you will not see the keepalived binary linked with libipset.so
in "readelf -d" because keepalived dlopen()s the libipset.so
library by default.
Fixes:
http://autobuild.buildroot.org/results/a1712b2cc3ad878e6876325ec7d4c434d0d9d11b/
(case with --disable-libipset --disable-iptables)
http://autobuild.buildroot.net/results/4567e3b0a0510e8a615781178ff5bbbd835a92c3/
(case with --enable-libipset --disable-iptables)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This reverts commit bd9810e176. Indeed,
while uClibc-ng has support for RISC-V 64-bit, this support lacks the
__riscv_flush_icache() function call, which is used by some GCC
builtins used for example in libffi.
Due to this missing __riscv_flush_icache(), anything that links
against libffi fails to build:
/home/test/autobuild/run/instance-0/output-1/host/bin/riscv64-buildroot-linux-uclibc-gcc -o gobject/gobject-query gobject/gobject-query.p/gobject-query.c.o -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,--start-group glib/libglib-2.0.so.0.6400.4 gobject/libgobject-2.0.so.0.6400.4 -Wl,--end-group -pthread '-Wl,-rpath,$ORIGIN/../glib:$ORIGIN/' -Wl,-rpath-link,/home/test/autobuild/run/instance-0/output-1/build/libglib2-2.64.4/build/glib -Wl,-rpath-link,/home/test/autobuild/run/instance-0/output-1/build/libglib2-2.64.4/build/gobject
/home/test/autobuild/run/instance-0/output-1/host/lib/gcc/riscv64-buildroot-linux-uclibc/9.3.0/../../../../riscv64-buildroot-linux-uclibc/bin/ld: /home/test/autobuild/run/instance-0/output-1/host/riscv64-buildroot-linux-uclibc/sysroot/usr/lib64/libffi.so.7: undefined reference to `__riscv_flush_icache'
collect2: error: ld returned 1 exit status
Note that this commit means that
support/config-fragments/autobuild/br-riscv64-full-internal.config
will be back to using glibc as the C library, but that is OK, until
uClibc-ng is fixed to implemented __riscv_flush_icache().
This uClibc-ng issue has been reported upstream at
https://mailman.uclibc-ng.org/pipermail/devel/2020-August/002022.html.
Fixes:
http://autobuild.buildroot.net/results/ec1185ad1fd8863a3990143a0af2ace987761a27/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit backports an upstream commit to fix the build of pulseview
with recent Qt versions.
Note that pulseview has a 0.4.2 version (newer than our 0.4.1) but it
doesn't have the fix we need. And 0.4.2 now requires additional Qt
translation tools, so the update to 0.4.2 is anyway not
straightforward.
Fixes:
http://autobuild.buildroot.net/results/c9e27a91905dfda0ba1ddb12c7910316d3ee82ef/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Maxime Ripard is no longer at Bootlin, his e-mail is bouncing:
<maxime.ripard@bootlin.com>: host spool.mail.gandi.net[217.70.178.1] said: 550
5.1.1 <maxime.ripard@bootlin.com>: Recipient address rejected: User unknown
in virtual mailbox table (in reply to RCPT TO command)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit 4a40d36f13
("support/testing: switch to Python 3 only") our runtime testing
infrastructure is Python 3.x only.
Therefore, it is no longer needed to have python-nose2 and
python-pexpect in the Docker container used to run our Gitlab CI jobs.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
>From the release notes:
================================================================================
Redis 6.0.6 Released Mon Jul 20 09:31:30 IDT 2020
================================================================================
Upgrade urgency MODERATE: several bugs with moderate impact are fixed here.
The most important issues are listed here:
* Fix crash when enabling CLIENT TRACKING with prefix
* EXEC always fails with EXECABORT and multi-state is cleared
* RESTORE ABSTTL won't store expired keys into the db
* redis-cli better handling of non-pritable key names
* TLS: Ignore client cert when tls-auth-clients off
* Tracking: fix invalidation message on flush
* Notify systemd on Sentinel startup
* Fix crash on a misuse of STRALGO
* Few fixes in module API
* Fix a few rare leaks (STRALGO error misuse, Sentinel)
* Fix a possible invalid access in defrag of scripts (unlikely to cause real harm)
New features:
* LPOS command to search in a list
* Use user+pass for MIGRATE in redis-cli and redis-benchmark in cluster mode
* redis-cli support TLS for --pipe, --rdb and --replica options
* TLS: Session caching configuration support
================================================================================
Also, the reference hashes repo has moved to redis/redis-hashes
probably because the original maintainer has stepped down, see
http://antirez.com/news/133
Finally, the copyright year in the COPYING file has been updated,
and so does its sha256 checksum.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
support/scripts/pkg-stats now uses some Python 3.x only constructs
("async" and related keywords), so we must use the Python 3.x flake8.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use ac_cv_func_working_mktime=yes to force the use of a provided
mktime implementation instead of compiling the failing own one.
Fixes:
http://autobuild.buildroot.net/results/5bcd8f4235002da682cc900f866116d2fe87f1c8
mktime.c: In function 'ydhms_diff':
mktime.c:106:52: error: size of array 'a' is negative
#define verify(name, assertion) struct name { char a[(assertion) ? 1 : -1]; }
^
mktime.c:170:3: note: in expansion of macro 'verify'
verify (long_int_year_and_yday_are_wide_enough,
^~~~~~
with the failure/assert comming from the lines:
verify (long_int_year_and_yday_are_wide_enough,
INT_MAX <= LONG_MAX / 2 || TIME_T_MAX <= UINT_MAX);
which fails since the y2038 time_t conversion from 32bit to 64bit
(musl libc).
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
applications, such as mpd, fail to build statically with fluidsynth
because fluidsynth does not fill Libs.Private in their pkg-config file
Because fluidsynth is a cmake-package with many dependencies, it is not
easy to fix so just add a dynamic library dependency.
Here is an extract of src/CMakeLists.txt that gives the list of
fluidsynth possible dependencies:
target_link_libraries ( libfluidsynth
${GLIB_LIBRARIES}
${GMODULE_LIBRARIES}
${LASH_LIBRARIES}
${JACK_LIBRARIES}
${ALSA_LIBRARIES}
${PULSE_LIBRARIES}
${PORTAUDIO_LIBRARIES}
${LIBSNDFILE_LIBRARIES}
${SDL2_LIBRARIES}
${DBUS_LIBRARIES}
${READLINE_LIBS}
${DART_LIBS}
${COREAUDIO_LIBS}
${COREMIDI_LIBS}
${WINDOWS_LIBS}
${MidiShare_LIBS}
${OpenSLES_LIBS}
${OBOE_LIBS}
${LIBFLUID_LIBS}
${LIBINSTPATCH_LIBRARIES}
)
Fixes:
- http://autobuild.buildroot.org/results/ec9dd2903359b9bf6b15c8cb69e732f8cb6c4d39
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
By default, go will attempt to download needed modules before building, which
is not desirable. This behavior also causes permission issues when cleaning,
as go downloads modules as read-only by default. Because mender-artifact
includes the modules in the vendor directory, mod=vendor prevents the package
from downloading the go modules during the build process and prevents
permission issues when cleaning.
Fixes:
http://autobuild.buildroot.net/results/d5bcaca73ae74fe8b0ebd39b6331564cd639fb66
Signed-off-by: Mirza Krak <mirza.krak@northern.tech>
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop redundant BR2_PACKAGE_QT5BASE select as BR2_PACKAGE_QT5 already
implies select BR2_PACKAGE_QT5BASE (see package/qt5/Config.in).
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
EAP-TEAP support in hostapd/wpa_supplicant fails to build with internal
TLS implementation. This patch disables TEAP support in wpa_supplicant
when internal TLS implementation is selected. Similar fix for hostapd
package has already been merged to Buildroot: see commit 47d14e3b1c
("package/hostapd: disable TEAP for internal TLS implementation").
TEAP is still an experimental feature that is not recommmended for
production use. Currently it should not be used for anything else
than experimentation and interoperability testing. Those who needs
experimenting with TEAP are encouraged to enable openssl in their
buildroot configuration.
Fixes:
http://autobuild.buildroot.net/results/e83613c06041a60f89da787f4ebf876245713cd2/
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
A memory corruption issue was found in Artifex Ghostscript 9.50 and
9.52. Use of a non-standard PostScript operator can allow overriding of
file access controls. The 'rsearch' calculation for the 'post' size
resulted in a size that was too large, and could underflow to max
uint32_t. This was fixed in commit
5d499272b95a6b890a1397e11d20937de000d31b.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changes since v2.1.3:
https://github.com/FluidSynth/fluidsynth/releases/tag/v2.1.4
- fix an uninitialized memory access possibly triggering an FPE trap
- fix several regressions introduced in 2.1.3:
- fluid_synth_start() failed for certain presets
- fix a NULL dereference in jack driver
- fix a stack-based overflow when creating the synth
Signed-off-by: Julien Olivain <juju@cotds.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Dropped patches from this release.
List of commits between 1.3 and 1.3.1:
97b912a7277747db1aca74c7d922e37d41b4f9a8 Release version 1.3.1
62534f212798c540c46e9f362e1d84845175d42e Rename "--validate" to "--ignore-violations"
5b58f475708a6a0c2e70a5d98bbe3f530217d1e1 Drop the ima_measurement "--verify" option
8e2738dd44c0aad2e11f995b802a4d6dcde6b505 extend ima_measurement --pcrs option to support per-bank pcr files
79ab82f55f14839d6b9ba6af78af3367370146bb Rename "Changelog" to "NEWS"
7f9a59c6c613ed8da2947b5e0078a8b75c4e7197 Fix missing {u,g}id_t typedef on musl
1f4e423e7c1d8d5ae85e12368065dec2dc4e87fb pcr_tss: Fix compilation for old compilers
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fix CVE-2017-6312: Integer overflow in io-ico.c in gdk-pixbuf allows
context-dependent attackers to cause a denial of service (segmentation
fault and application crash) via a crafted image entry offset in an
ICO file, which triggers an out-of-bounds read, related to compiler
optimizations.
- Fix CVE-2017-6313: Integer underflow in the load_resources function in
io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a
denial of service (out-of-bounds read and program crash) via a crafted
image entry size in an ICO file.
- Fix CVE-2017-6314: The make_available_at_least function in io-tiff.c
in gdk-pixbuf allows context-dependent attackers to cause a denial of
service (infinite loop) via a large TIFF file.
Also update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The vendor kernel we are currently selecting no longer builds,
and fails with a ton of:
from include/linux/list.h:8,
from include/linux/module.h:9,
from arch/mips/jz4740/prom.c:16:
include/linux/log2.h:22:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=a
ttributes]
22 | int ____ilog2_NaN(void);
| ^~~
We can't afford to fix that, so let's just move to upstream
kernel and bootloader. It doesn't make much sense to keep
using an unsupported kernel and bootloader at this point.
This means we will be missing some of the features supported
by the vendor (such as HDMI support), but it is what it is.
Linux v5.7 and v5.4 have been tested to boot fine, the latter
is picked for the defconfig as it is an LTS version.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/674933782
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since 948666dfde, librtlsdr in Buildroot is no longer
built from an official release, but from a commit on the master branch. However, the
commit that was referenced has a broken pkgconfig file templating, such that
other packages using `pkgconfig --libs librtlsdr` as part of their build process
(such as dump1090) could not be built anymore:
Before 948666dfde:
$ cat staging/usr/lib/pkgconfig/librtlsdr.pc
prefix=/usr
exec_prefix=${prefix}
libdir=${exec_prefix}/lib
includedir=${prefix}/include
Name: RTL-SDR Library
Description: C Utility Library
Version: 0.6.0
Cflags: -I${includedir}/
Libs: -L${libdir} -lrtlsdr -lusb-1.0
Libs.private:
On 948666dfde:
$ cat staging/usr/lib/pkgconfig/librtlsdr.pc
prefix=
exec_prefix=
libdir=
includedir=
Name: RTL-SDR Library
Description: C Utility Library
Version: 7082
Cflags: -I${includedir}/
Libs: -L${libdir} -lrtlsdr
Libs.private: -lusb-1.0
In the meantime, upstream released a bugfix for that ([1]), so we bump to that
commit as well, and update the only patch for shared libs accordingly, because
upstream also added a new tool called `rtl_biast` in the meantime.
Finaly, we update the hash file to the two-spaces convention.
Fixes: http://autobuild.buildroot.net/results/b4c/b4cdcb59cc61c51c024197a64865ad4b60023d0c/
[1]: ed0317e6a5
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Tested-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Even though librtlsdr was initially introduced by Jason Pruitt in
2014, and Jason is still listed in the DEVELOPERS file for this
package, in recent times it's mainly Gwenhael who has been taking of
this package. Let's reflect that in the DEVELOPERS file so that
Gwenhael gets notified when there are librtlsdr issues.
Cc: Jason Pruitt <jrspruitt@gmail.com>
Cc: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
librtlsdr currently fails to build on the autobuilders, as it fails
for out of tree builds. Indeed, there is some CMake logic in librtlsdr
that determines the version using Git. This works fine when librtlsdr
is fetched from Git of course. But in the context of Buildroot,
librtlsdr is extracted from a tarball.
For an in-tree build, the "git describe" invocation goes all the way
up to the Buildroot .git/ metadata, and uses that as the librtlsdr
version (it's of course wrong, but the build works). In an out-of-tree
build, there is no parent directory with .git/ metadata, so Git fails,
the VERSION variable is empty and later CMake aborts the build because
of that.
We fix that by adjusting the version retrieving logic to only use Git
if a .git/ metadata folder is found at the root of the librtlsdr
source tree. The patch has been submitted upstream.
Fixes:
http://autobuild.buildroot.net/results/ea52be1da8ed03272db06679d5a0a441ffe6ea0c/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop patch (already in version). The commit list between 3.9.2 and
3.9.4 is just made of fixes:
db9b4fa148e6c22c0d4b4c567fa65d1cd5368152 Released 3.9.4
50cbca799c1f9b010fabaa0dd4a387f29d140873 fuse_send_data_iov(): correctly calculate total buffer size.
7b3e3899157566875280a8b860eb5ad5c73eadc1 Define fuse_session_loop_mt as a macro on uclibc and MacOS (#532)
c5e8684b5a2f3400af6d7a3edcaeb3ce8ffc51b5 Fixed typo in command to compile program (#536)
e8a9e84672dcaa892d4708c163f768dc177b6d4c Doc fixes (#537)
d1deae6968c49d83334e874c33abfe15824c4548 Fix FreeBSD CI (#539)
48450411647ca0818821af7b05b819ceff92ae7c Fix: crash on failure to set locale (#529)
9e1c2a4959c16c0b50090dd822389ad9acb08111 fuse_lowlevel: Move assert for se before dereferencing it with se->debug (#530)
7471156354002c6547aa6c3a4f39a3262f435ba4 Fixed minor print alignment issue in iconv_help(), replacing tab with space (#519)
9fa4dc1661f085d4e89a54d75acc3347d52f33fa Fix the typo "filed" -> "field" in fuse manpage (#524)
717c8b8b3ed815f14e5607a995d0113446e3fb0b README: Correct the directory name from 'examples' to 'example' (#526)
032db1ab298d62c4d0c5be1f9fb2df299aec2346 docs: Replace `mesonconf` with `meson configure` (#528)
06342ca60ed822b856990915f127d8beddc0d1f6 libfuse: Assign NULL to "old" to avoid free it twice (#522)
5021d6a0a100d4987be126e87b7ee5fbfc17bbdc Typo fixed. (#520)
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit slightly improves the output of pkg-stats by showing the
progress of the upstream URL checks and latest version retrieval, on a
package basis:
Checking URL status
[0001/0062] curlpp
[0002/0062] cmocka
[0003/0062] snappy
[0004/0062] nload
[...]
[0060/0062] librtas
[0061/0062] libsilk
[0062/0062] jhead
Getting latest versions ...
[0001/0064] libglob
[0002/0064] perl-http-daemon
[0003/0064] shadowsocks-libev
[...]
[0061/0064] lua-flu
[0062/0064] python-aiohttp-security
[0063/0064] ljlinenoise
[0064/0064] matchbox-lib
Note that the above sample was run on 64 packages. Only 62 packages
appear for the URL status check, because packages that do not have any
URL in their Config.in file, or don't have any Config.in file at all,
are not checked and therefore not accounted.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit reworks the code that checks if the upstream URL of each
package (specified by its Config.in file) using the aiohttp
module. This makes the implementation much more elegant, and avoids
the problematic multiprocessing Pool which is causing issues in some
situations.
Suggested-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit reworks the code that retrieves the latest upstream
version of each package from release-monitoring.org using the aiohttp
module. This makes the implementation much more elegant, and avoids
the problematic multiprocessing Pool which is causing issues in some
situations.
Since we're now using some async functionality, the script is Python
3.x only, so the shebang is changed to make this clear.
Suggested-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit slightly improves the output of pkg-stats by showing the
progress of the upstream URL checks and latest version retrieval, on a
package basis:
Checking URL status
[0001/0062] curlpp
[0002/0062] cmocka
[0003/0062] snappy
[0004/0062] nload
[...]
[0060/0062] librtas
[0061/0062] libsilk
[0062/0062] jhead
Getting latest versions ...
[0001/0064] libglob
[0002/0064] perl-http-daemon
[0003/0064] shadowsocks-libev
[...]
[0061/0064] lua-flu
[0062/0064] python-aiohttp-security
[0063/0064] ljlinenoise
[0064/0064] matchbox-lib
Note that the above sample was run on 64 packages. Only 62 packages
appear for the URL status check, because packages that do not have any
URL in their Config.in file, or don't have any Config.in file at all,
are not checked and therefore not accounted.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit reworks the code that checks if the upstream URL of each
package (specified by its Config.in file) using the aiohttp
module. This makes the implementation much more elegant, and avoids
the problematic multiprocessing Pool which is causing issues in some
situations.
Suggested-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit reworks the code that retrieves the latest upstream
version of each package from release-monitoring.org using the aiohttp
module. This makes the implementation much more elegant, and avoids
the problematic multiprocessing Pool which is causing issues in some
situations.
Since we're now using some async functionality, the script is Python
3.x only, so the shebang is changed to make this clear.
Suggested-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since the bump of ATF to 2.2 for the ATF Vexpress test case in commit
fc3d6a3ed0
("support/testing/tests/boot/test_atf: update U-Boot/ATF use in
TestATFVexpress"), DTC is now needed otherwise the build fails with:
make[2]: dtc: Command not found
Makefile:873: recipe for target 'build/juno/release/fdts/juno_tb_fw_config.dtb' failed
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/674934470
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The libabseil-cpp package fails to build on a number of CPU
architectures in our autobuilders.
On most CPU architectures, the first issue looked like this:
libabseil-cpp-20200225/absl/base/internal/direct_mmap.h: In function 'void* absl::lts_2020_02_25::base_internal::DirectMmap(void*, size_t, int, int, int, off64_t)':
libabseil-cpp-20200225/absl/base/internal/direct_mmap.h:121:39: error: static assertion failed: Platform is not 64-bit
121 | static_assert(sizeof(unsigned long) == 8, "Platform is not 64-bit");
| ~~~~~~~~~~~~~~~~~~~~~~^~~~
libabseil-cpp-20200225/absl/base/internal/direct_mmap.h:123:15: error: 'SYS_mmap' was not declared in this scope; did you mean 'SYS_mmap2'?
123 | syscall(SYS_mmap, start, length, prot, flags, fd, offset));
| ^~~~~~~~
| SYS_mmap2
Indeed, on 32-bit architectures, libabseil-cpp has some special code
to use the mmap2() system call, and it white-lists the supported
architectures. It is therefore trivial to add support for more
architectures.
However, once this is fixed, another issue arises:
absl/debugging/internal/examine_stack.cc uses the ucontext data
structures, which are not provided by uClibc-ng on all CPU
architectures, and even the code of libabseil-cpp does not exist for
all CPU architectures.
So, this commit solves that by simply making libabseil-cpp available
on architectures/C libraries where it is supported: it needs ucontext
support in the toolchain + a CPU architecture where
absl/debugging/internal/examine_stack.cc has the appropriate logic.
This new dependency is propagated to the reverse dependencies of
libabseil-cpp.
With this commit, libabseil-cpp passes a test-pkg -a test (so all
external toolchains used by the autobuilders):
andes-nds32 [ 1/45]: SKIPPED
arm-aarch64 [ 2/45]: OK
br-aarch64-glibc [ 3/45]: OK
br-arcle-hs38 [ 4/45]: SKIPPED
br-arm-basic [ 5/45]: SKIPPED
br-arm-cortex-a9-glibc [ 6/45]: OK
br-arm-cortex-a9-musl [ 7/45]: OK
br-arm-cortex-m4-full [ 8/45]: SKIPPED
br-arm-full [ 9/45]: OK
br-arm-full-nothread [10/45]: SKIPPED
br-arm-full-static [11/45]: SKIPPED
br-i386-pentium4-full [12/45]: OK
br-i386-pentium-mmx-musl [13/45]: OK
br-m68k-5208-full [14/45]: SKIPPED
br-m68k-68040-full [15/45]: SKIPPED
br-microblazeel-full [16/45]: SKIPPED
br-mips32r6-el-hf-glibc [17/45]: OK
br-mips64-n64-full [18/45]: OK
br-mips64r6-el-hf-glibc [19/45]: OK
br-mipsel-o32-full [20/45]: OK
br-nios2-glibc [21/45]: SKIPPED
br-openrisc-uclibc [22/45]: SKIPPED
br-powerpc-603e-basic-cpp [23/45]: SKIPPED
br-powerpc64le-power8-glibc [24/45]: OK
br-powerpc64-power7-glibc [25/45]: OK
br-powerpc-e500mc-full [26/45]: SKIPPED
br-riscv32 [27/45]: OK
br-riscv64 [28/45]: OK
br-riscv64-musl [29/45]: OK
br-sh4-full [30/45]: SKIPPED
br-sparc64-glibc [31/45]: SKIPPED
br-sparc-uclibc [32/45]: SKIPPED
br-x86-64-core2-full [33/45]: OK
br-x86-64-musl [34/45]: OK
br-xtensa-full [35/45]: SKIPPED
linaro-aarch64-be [36/45]: OK
linaro-aarch64 [37/45]: OK
linaro-arm [38/45]: OK
sourcery-arm-armv4t [39/45]: OK
sourcery-arm [40/45]: OK
sourcery-arm-thumb2 [41/45]: OK
sourcery-mips64 [42/45]: OK
sourcery-mips [43/45]: OK
sourcery-nios2 [44/45]: SKIPPED
sourcery-x86-64 [45/45]: OK
45 builds, 18 skipped, 0 build failed, 0 legal-info failed
Fixes:
http://autobuild.buildroot.net/results/ead663b4b67b0b57ed003a46db3182d95cc01bc0/
(and many similar build failures)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bump to a later version of ATF and cleanup the Python
configuration. Previously this configuration had to work around Python
3 issues with OP-TEE. Now this relies on OP-TEE properly building
itself with host-python3.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Recent versions of OP-TEE depend on Python 3. Currently, OP-TEE is
building with the Python interpreter provided by the user. This patch
includes an upstream patch that makes the interpreter configurable,
and makes use of this configuration with host-python3.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package will ensure that pycryptodomex is built for Python 3.
Comments in both python-pycryptodome and python3-pycryptodomex are
added to ensure they stay in sync.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The luabitop package is only available with Lua 5.1. LuaJIT, Lua 5.3
or more recent versions of Lua have this functionality built-in.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In preparation for the introduction of Lua 5.4, clarify the dependency
of luabitop: it only makes sense when used with Lua 5.1.
Also update the comment to no longer mention Lua 5.2, since we don't
support Lua 5.2 in Buildroot anymore.
Note that as explained in https://luajit.org/extensions.html, LuaJit
already implements luabitop functions, so luabitop is really for Lua
5.1 only, not for all Lua interpreters that implemented the 5.1 ABI.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
setools needs python3 since version 4.2.0 and
e292a77c52
However today in Buildroot, when no target python is selected, or when
BR2_PACKAGE_PYTHON=y, all host python modules are installed for
host-python, i.e Python 2. But this module won't install in Python 2,
so let's force its host variant to be installed with Python 3 on the
host. Of course, for that to work, its dependency must also be built
for host-python3, so we change it to the newly introduced
host-python3-cython package.
Fixes:
- http://autobuild.buildroot.org/results/c2febcea5fbd8a21709721524ae9e9b5fc0896f9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The host-setools package needs to be built for the host-python3, even
when the target Python is not necessarily Python 3.x. Since it depends
on host-python-cython, we need a Python 3 variant of it, which this
patch introduces.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The new version requires an extra features in the toolchain and won't
build with a specific gcc bug, therefore two new toolchain options are
added as dependencies:
* !BR2_TOOLCHAIN_HAS_GCC_BUG_64735
* BR2_TOOLCHAIN_HAS_UCONTEXT
Signed-off-by: Koen Martens <gmc@sonologic.nl>
Reviewed-by: Joel Carlson <JoelsonCarl@gmail.com>
Tested-by: Joel Carlson <JoelsonCarl@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove patch that is no longer needed as of upstream commit
1c33be992e8120abd20add8021e4d91d226f5b6a which removed the old VM.
We need to add an exclusion rule for guile modules to check-bin-arch
as they appear as valid ELF binaries but with an architecture of
"None".
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[Thomas:
- bump to 3.0.4
- rework how check-bin-arch excludes checking the Guile .go files]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit bumps stress-ng version to 0.11.17.
This version includes the patch that fixes musl build at commit
03416938871388243d28621f4b59ce532231f11c, and also fixes a
"Invalid syntax in conditional" build error in a Makefile.
Signed-off-by: Alejandro González <alejandro.gonzalez.correo@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In preparation for the introduction of Lua 5.4, we need to adjust the
dependency of the lua-compat53 package: it only makes sense when a Lua
5.1-compatible interpreter is available (either Lua 5.1 or LuaJIT). We
use the recently introduced BR2_PACKAGE_LUAINTERPRETER_ABI_VERSION_5_1
symbol to achieve this.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In preparation for the introduction of Lua 5.4, clarify the dependency
of luabitop: it only makes sense when used with Lua 5.1.
Also update the comment to no longer mention Lua 5.2, since we don't
support Lua 5.2 in Buildroot anymore.
Note that as explained in https://luajit.org/extensions.html, LuaJit
already implements luabitop functions, so luabitop is really for Lua
5.1 only, not for all Lua interpreters that implemented the 5.1 ABI.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
- http://autobuild.buildroot.net/results/2db7292e251ce81d31187c3a9eb36dbc9236bd07
../src/libcamera/v4l2_videodevice.cpp: In member function 'int libcamera::V4L2VideoDevice::allocateBuffers(unsigned int, std::vector<std::unique_ptr<libcamera::FrameBuffer> >*)':
../src/libcamera/v4l2_videodevice.cpp:1139:39: error: 'new' of type 'libcamera::V4L2BufferCache' with extended alignment 8 [-Werror=aligned-new=]
1139 | cache_ = new V4L2BufferCache(*buffers);
| ^
../src/libcamera/v4l2_videodevice.cpp:1139:39: note: uses 'void* operator new(std::size_t)', which does not have an alignment parameter
../src/libcamera/v4l2_videodevice.cpp:1139:39: note: use '-faligned-new' to enable C++17 over-aligned new support
../src/libcamera/v4l2_videodevice.cpp: In member function 'int libcamera::V4L2VideoDevice::importBuffers(unsigned int)':
../src/libcamera/v4l2_videodevice.cpp:1315:36: error: 'new' of type 'libcamera::V4L2BufferCache' with extended alignment 8 [-Werror=aligned-new=]
1315 | cache_ = new V4L2BufferCache(count);
| ^
../src/libcamera/v4l2_videodevice.cpp:1315:36: note: uses 'void* operator new(std::size_t)', which does not have an alignment parameter
../src/libcamera/v4l2_videodevice.cpp:1315:36: note: use '-faligned-new' to enable C++17 over-aligned new support
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
0001-fix-build-with-gcc-10.x.patch: Add patch to fix build with gcc 10.x
Signed-off-by: Michael Fischer <mf@go-sys.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When building with Boost Build the CXXFLAGS are extended depending
on the optimization level set. When not defined explicitly the
optimization level depends on the <variant>. For release it's 'speed'
and for debug it's set to 'off'
These flags overwrite the -O flag passed in with TARGET_CXXFLAGS as
it is appended when calling g++.
This commit sets the Optimization flags generated by Boost Build
to the value of TARGET_OPTIMIZATION no matter what level is used.
As Boost Build offers no nice way to alter those values the gcc
toolchain file is altered directly.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In commit 8d8caaf0c2 ("package/feh: bump
version to 3.4.1"), feh was bumped from 3.4 to 3.4.1.
However, the hash of the license file was not updated, even though the
COPYING file had seen a copyright year update:
-Copyright (C) 2010-2018 Daniel Friesel.
+Copyright (C) 2010-2020 Daniel Friesel.
Let's update the license file hash to fix legal-info.
Fixes:
http://autobuild.buildroot.net/results/991fb57bc99c2f44a00c846688f1b3e017b87724/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
0001-configure-add-without-demo-option: adapt patch to 5.4.0 version
Signed-off-by: Michael Fischer <mf@go-sys.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
U-Boot must use $(BR2_MAKE) as it uses a Make feature from v4.0. We
already use $(BR2_MAKE) in the BUILD_CMDS, but the kconfig commands
still uses $(MAKE). Without this fix, building U-Boot with kconfig will
fail with the following cryptic error.
> Makefile:37: *** missing separator. Stop.
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The U-Boot package requires GNU Make v4.0 or later, and so all U-Boot
"make" commands must use "$(BR2_MAKE)" so they use the host-make
package. Currently pkg-kconfig is hardcoded to uses $(MAKE), so add a
way to support $(BR2_MAKE). The package infra for pkg-automake and
pkg-cmake have a similar problem, and they solved it by defining a
$(PKG)_MAKE variable, and allowing each package to override it.
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Update our bleeding edge br-arm-internal-glibc defconfig to use the
latest version of gcc and binutils, so that we test these in the
autobuilders.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If the less package is not enable and systemd is enabled,
then configure the less applet to fully work with systemd.
systemd sets the flags for less in an environment variable
and requires a few options for correct display.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
added tpm2-tss as dependency (needed for ima_boot_aggregate cmd for
reading PCR; better to use libtss2-esys and libtss2-rc than require
tsspcrread binary in runtime)
added also sha1 hash from sourceforge
added 2 patches fixing build (both are 1.3 specific)
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop gdlib-config and use pkg-config to find gd.
Indeed, gdlib.pc is available since version 2.1.0 and
071a2a94ee
and gdlib-config has been dropped from version 2.3.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The version of this patch merged by upstream has some changes to rpath
syntax matching and handling for additional syntax edge cases.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
this dependency is optional, it is used to
allow udev to add information to blockdevices.
Aslong as MOUNT or FSCK are enabled, it will end up enabled
anyway, but this seems more clear and correct.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This adds switches for new options:
initrd: Installs services if systemd is used on an initramfs,
useless otherwise
kernel-install: helper scripts to update kernel with an
systemd-boot partition
analyze: tool to analyze bootup and dependencies
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add zstd as optional dependency, and
disable new options for host-systemd.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Enable this bootloader for cortex a7 based SoCs: support for the
sama7g5 SoC is now in upstream at91bootstrap3, and it is a Cortex-A7
based SoC.
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cups service for systemv was erroneously installed in /etc/rcX.d and
therefore not working. Also, its init script installed in /etc/init.d
was definitely not a Buildroot-style init script.
This patch adds a Buildroot style init script instead of using the
example provided by the package.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fix CVE-2018-14553 : gdImageClone in gd.c in libgd 2.1.0-rc2 through
2.2.5 has a NULL pointer dereference allowing attackers to crash an
application via a specific function call sequence.
- Fix CVE-2019-6977: gdImageColorMatch in gd_color_match.c in the GD
Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch
function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14,
and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be
exploited by an attacker who is able to trigger imagecolormatch calls
with crafted image data.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Switch site to get latest version
- Drop patches (already in version)
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Details: https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
Fixes the following security issues:
* CVE-2020-10713
A flaw was found in grub2, prior to version 2.06. An attacker may
use the GRUB 2 flaw to hijack and tamper the GRUB verification
process. This flaw also allows the bypass of Secure Boot
protections. In order to load an untrusted or modified kernel, an
attacker would first need to establish access to the system such as
gaining physical access, obtain the ability to alter a pxe-boot
network, or have remote access to a networked system with root
access. With this access, an attacker could then craft a string to
cause a buffer overflow by injecting a malicious payload that leads
to arbitrary code execution within GRUB. The highest threat from
this vulnerability is to data confidentiality and integrity as well
as system availability.
* CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't
check for possible arithmetic overflows on the requested allocation
size. This leads the function to return invalid memory allocations
which can be further used to cause possible integrity,
confidentiality and availability impacts during the boot process.
* CVE-2020-14309
There's an issue with grub2 in all versions before 2.06 when
handling squashfs filesystems containing a symbolic link with name
length of UINT32 bytes in size. The name size leads to an
arithmetic overflow leading to a zero-size allocation further
causing a heap-based buffer overflow with attacker controlled data.
* CVE-2020-14310
An integer overflow in read_section_from_string may lead to a heap
based buffer overflow.
* CVE-2020-14311
An integer overflow in grub_ext2_read_link may lead to a heap-based
buffer overflow.
* CVE-2020-15706
GRUB2 contains a race condition in grub_script_function_create()
leading to a use-after-free vulnerability which can be triggered by
redefining a function whilst the same function is already
executing, leading to arbitrary code execution and secure boot
restriction bypass
* CVE-2020-15707
Integer overflows were discovered in the functions grub_cmd_initrd
and grub_initrd_init in the efilinux component of GRUB2, as shipped
in Debian, Red Hat, and Ubuntu (the functionality is not included
in GRUB2 upstream), leading to a heap-based buffer overflow. These
could be triggered by an extremely large number of arguments to the
initrd command on 32-bit architectures, or a crafted filesystem
with very large files on any architecture. An attacker could use
this to execute arbitrary code and bypass UEFI Secure Boot
restrictions. This issue affects GRUB2 version 2.04 and prior
versions.
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We need to backport a commit to fix a build failure cased by a spurious
wheel dependency.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This _partially_ reverts commit 2dbb0660fb.
Indeed, before 2dbb0660fb, the per-package ../host/ directory was
explicitly created right before it was populated. With 2dbb0660fb, it
is now created only at the beginning of the configure step.
However, some packages may have download or extract host dependencies,
and when we are trying to rsync them, the destination .../host/
directory does not yet exist at the download or extract steps, thus the
build fails. E.g., with wget which needs host-lzip if the system does
not have it yet:
rsync -a --link-dest=/home/ymorin/dev/buildroot/O/per-package/host-lzip/host/ /home/ymorin/dev/buildroot/O/per-package/host-lzip/host/ /home/ymorin/dev/buildroot/O/per-package/wget/host
rsync: mkdir "/home/ymorin/dev/buildroot/O/per-package/wget/host" failed: No such file or directory (2)
rsync error: error in file IO (code 11) at main.c(682) [Receiver=3.1.3]
make[1]: *** [package/pkg-generic.mk:170: /home/ymorin/dev/buildroot/O/build/wget-1.20.3/.stamp_extracted] Error 11
Kudos to Raphael for pin-pointing the culprit commit.
Fixes:
http://autobuild.buildroot.org/results/4c8/4c895c7ac0a635d38f5015b5df0393581ad7b508/
and a slew of similar failures
Notes:
An alternative solution would be to move the creation of the directories
from the configure step to the download step *and* to the rsync step,
but this is not so nice in the end... Let's just ensure they are created
where needed: at the configure step, and when populating them.
Reported-by: Raphael Jacob <r.jacob2002@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Add new NLS dependency as well as a patch to fix a build failure
without it
- Drop host-gettext (not needed since autoreconf was dropped with
8729c4ef88)
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit 0390777bfa (package/docker-engine: needs some kernel
options), docker-engine now automatically ensures the needed kernel options
are enabled, so drop the explicit options from the kernel config.
23:19:27 TestDockerCompose Starting
23:19:28 TestDockerCompose Building
00:14:41 TestDockerCompose Building done
00:15:30 TestDockerCompose Cleaning up
.
----------------------------------------------------------------------
Ran 1 test in 3362.784s
OK
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit 4f8229653 (package/docker-engine: needs more runtime
dependencies), docker-engine now automatically pulls in cgroupfs-mount, so
drop the explicit handling of it in TestDockerCompose.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This fixes an issue if host-dbus happens to be rebuilt after systemd, in
which case it autodetects systemd support but then ignored the prefix
when installing unit files. That means that is tries to write to the
host system's /usr/lib/ which fails.
There is no reason to build and install systemd support in the host
build, so disable it explicitly.
Signed-off-by: John Keeping <john@metanate.com>
Tested-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
No functional change.
Rather than tracking both build targets and sub directory to run 'make
install' from, use a make loop for the staging/target install logic, similar
to how we are doing it to for the build step and directly use the Makefile
in the sub directory rather than the helper lib/lz4 targets in the top level
Makefile.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since the bit32 module is needed by all lua ABI 5.1 providers we can
select based on the lua ABI version instead of both lua 5.1 and luajit.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since solarus is compatible with lua interpreters that provide the
version 5.1 ABI we should depend on that instead of unconditionally
selecting luajit.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since collectd lua support is compatible with any luainterpreter
implementation we should depend on BR2_PACKAGE_HAS_LUAINTERPRETER
instead of unconditionally selecting BR2_PACKAGE_LUA.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr: use luainterpreter as dependency]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since sysdig is compatible with lua interpreters that provide the
version 5.1 ABI we should depend on that instead of unconditionally
selecting luajit.
Use luainterpreter as the dependency, now that either lua or luajit
can be used.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr:
- reorder dependencies in Config.in: package deps go after toolchain
deps
- keep the toolchain deps together in the comment
- switch to using luainterpreter as a build dependency
- split the now-long _DEPENDENCIES list
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Now that we have booleans to represent the Lua ABI version, and that
every Lua providers do select those, there is no longer any reason
for them to also handle the ABI version string anymore.
Move the defaults into the common luainterpreter.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: James Hilliard <james.hilliard1@gmail.com>
Cc: Francois Perrad <francois.perrad@gadz.org>
Since a number of packages depend on specific ABI version that are
provided by lua and luajit packages we should have a kconfig variable
that those packages can depend on.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Luajit is a provider for luainterpreter. We can't select providers of
virtual packages; we can only depend on them.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr:
- a lua interpreter is needed, so don't drop the dependency
- make it a "depends on" rather than a "select"
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Luajit is a provider for luainterpreter. We can't select providers of
virtual packages; we can only depend on them.
Note also that it is not very clear whether the host and target variants
of EFL need to be built with the same lua interpreter. Today, this is
guaranteed as we inly use luajit in both cases. But there were issues
with lua 5.1 in the past, so stick to only using luajit.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr:
- depend on luajit, not "any" luainterpreter
- which keeps the host and target variants built with the same
interpreter
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bump kernel to version 5.7.10 and U-Boot to 2020.07
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The logic doing the padding and concatenation of DDR firmware was
duplicated between the DDR4 and LPDDR4 cases. This commit refactors
this logic into a single function FIRMWARE_IMX_PREPARE_DDR_FW.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
BR2_VERSION_FULL is currently defined as follows:
BR2_VERSION_FULL := $(BR2_VERSION)$(shell $(TOPDIR)/support/scripts/setlocalversion)
This BR2_VERSION_FULL value then gets used as the "VERSION" variable
in the /etc/os-release file.
The logic of "setlocalversion" is that if it is exactly on a tag, it
returns nothing.
If it is on a tag + a number of commits, then it returns only
-XYZ-gABC where XYZ is the number of commits since the last tag, and
ABC the git commit hash (these are extracted from git describe).
This output then gets concatenated to BR2_VERSION which gives
something like 2020.05 or 2020.05-00123-g5bc6a.
The issue is that when you're on a tag specific to your project, which
is not a Buildroot YYYY.MM tag, then the output of setlocalversion is
empty, and all you get as VERSION in os-release is $(BR2_VERSION)
which is not really nice. Worse, if you have another non-official
Buildroot tag between the last official Buildroot tag/version and
where you are, you will get $(BR2_VERSION)-XYZ-gABC, but XYZ will not
correspond to the number of commits since BR2_VERSION, but since the
last tag that "git describe" as found, which is clearly incorrect.
Here is an example: you're on master, "make print-version" (which
displays BR2_VERSION_FULL) will show:
$ make print-version
2020.08-git-00758-gc351877a6e
So far so good. Now, you create a tag say 5 commits "before" master,
and show BR2_VERSION_FULL again:
$ git tag -a -m "dummy tag" dummy-tag HEAD~5
$ make print-version
2020.08-git-00005-gc351877a6e
This makes you believe you are 5 commits above 2020.08, which is
absolutely wrong.
So this commit simplifies the logic of setlocalversion to simply
return what "git describe" provides, and not prepend $(BR2_VERSION) in
the main Makefile. Since official Buildroot tags match official
Buildroot version names, you get the same output when you're on an
official Buildroot tag, or some commits above a Buildroot tag. An in
other cases, you get a sensible output. The logic is also adjusted for
the Mercurial case.
In the above situation, with this commit applied, we get:
$ make print-version
dummy-tag-6-g6258cdddeb
(6 commits instead of 5 as we have this very commit applied, but at
least it's 6 commits on top of the dummy-tag)
Finally, if you're not using a version control system, setlocalversion
was already returning nothing, so in this case, the Makefile simply
sets BR2_VERSION_FULL to BR2_VERSION to preserve this behavior.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The defconfig check has been introduced by the previous
patch before the building each defconfig but those builds
are done every week or more.
Checking if a defconfig is valid can be done on every
push in the repository since it take few seconds.
This would allow to detect as soon as possible a problem
in a defconfig and eventually avoid breaking the build
while build testing all defconfig.
Introduce a new job template ".defconfig_check" in
gitlab-ci.yml.in and modify the generate-gitlab-ci-yml
to create a job for each defconfig to run the test.
Although, we could have used only one job to do all
tests, using one job per defconfig allow to identify
easily in gitlab which defconfig is falling.
Tested:
https://gitlab.com/kubu93/buildroot/pipelines/138331069https://gitlab.com/kubu93/buildroot/pipelines/171223758
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
For the same reason as for 50b747f212,
we need to check if the generated configuration file (.config)
contains all symbols present in the defconfig file.
If not there is an issue with the defconfig.
This script will be used in .gitlab-ci.yml.
Inspired by is_toolchain_usable() function from genrandconfig:
https://git.busybox.net/buildroot/tree/utils/genrandconfig?h=2020.02#n164
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
[yann.morin.1998@free.fr:
- strip defconfig lines when reading them
- use a generator to read the defconfig lines
- no need to strip() again when building the missing list
- testing the list directly, not its len()
- simply sys.exit(1) in the error condition
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We can enable uclibc for RISC-V 64 bit now that it has been
bumped from v1.0.32 to v1.0.34.
Uclibc has had basic support for RISC-V 64 bit since v1.0.31, but
shared library and TLS/NPTL support has only been available since
v1.0.33.
This update has been tested using qemu_riscv64_virt_defconfig and
the Buildroot host QEMU.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 2acb27e298 ("package/lz4: make
program installation optional") make the installation of the lz4
programs optional. To preserve backward compatibility, this commit
added a "default y" to the BR2_PACKAGE_LZ4_PROGS.
While Buildroot definitely tries to preserve backward compatibility in
general, in this case, the backward compatibility would mean that
everbody would by default install those 220 KB of program, which are
most likely not needed for the majority of use cases. Installaing them
by default kind of breaks the Buildroot principle of minimalism.
In this specific case, it is believed that the principle of minimalism
wins over the principle of backward compatibility.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
According to the cegui requirements select explicitly the default
OpenGL renderer based on available dependencies.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Often lz4 is used as a library, and not as a standalone program.
Excluding lz4 binary will save some space in this case. Indeed, the
lz4 program is always statically linked against its library, which
makes it duplicate the whole library size:
$ ls -l usr/lib/liblz4.so.1.9.2 usr/bin/lz4
-rwxr-xr-x 1 thomas thomas 226724 27 juil. 16:33 usr/bin/lz4
-rwxr-xr-x 1 thomas thomas 156996 27 juil. 16:33 usr/lib/liblz4.so.1.9.2
Since lz4 is now primarily a library, it's moved to the "Libraries"
section.
Of course, installation of programs defaults to "yes" to preserve
backward compatibility.
Signed-off-by: Ed Spiridonov <edo.rus@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
python-matplotlib may be used in qt5 application. This patch add option to
enable qt5. Since this backend is automatically enabled when pyqt5 is detected,
list dependencies is simply an updated (no enable/disable options).
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This Python module only works for Python 3: the target variant has a
"depends on BR2_PACKAGE_PYTHON3".
However today in Buildroot, when no target python is selected, or when
BR2_PACKAGE_PYTHON=y, all host python modules are installed for
host-python, i.e Python 2. But this module won't install in Python 2,
so let's force its host variant to be installed with Python 3 on the
host. Of course, for that to work, its dependency must also be built
for host-python3, so we change it to the newly introduced
host-python3-decorator package.
Fixes:
http://autobuild.buildroot.net/results/46a89bd6cd0d0b896b28010db287068309e7a43c/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The host-python-networkx package needs to be built for the
host-python3, even when the target Python is not necessarily Python
3.x. Since it depends on host-python-decorator, we need a Python 3
variant of it, which this patch introduces.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
c-periphery now supports building on older kernels before 4.8 as there
are now checks for the new kernel cdev gpio interface.
Also updated hash file to two space format.
Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The nodejs configure.py file orders zlib headers before the bundled ICU
headers. The zlib headers happen to be located in the system include
directory, next to some system ICU headers (not bundled). If these are
built before nodejs is, nodejs will get confused and try to use the
system ICU headers instead of the bundled ones.
Fix this by always using host-icu.
Set CXXFLAGS to -DU_DISABLE_RENAMING=1 when building with
system-icu since host-icu is built with --disable-renaming.
Fixes:
- http://autobuild.buildroot.net/results/1ef947553ec762dba6a6202b1cfc84ceed75dbb2/
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr:
- keep alphabetical order in _DEPENDENCIES
- don't introduce HOST_NODEJS_CONF_OPTS
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since Gitlab 12.9, Gitlab allow to trigger child pipeline with generated configuration file.
See: https://gitlab.com/gitlab-org/gitlab/-/issues/35632
This allow us to stop updating the .gitlab-ci.yml file when a
new defconfig is added to Buildroot.
Remove check-gitlab-ci.yml job since it is now uneeded.
Remove .gitlab-ci.yml make target.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
[ann.morin.1998@free.fr: manual: no longer needed to update at all]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This variable is no longer used since
4e3be3ae9d ("package/rust: bump version
to 1.33.0")
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Rust upstream distributes tarballs with separate rust and cargo
binaries, but also tarballs with everything together. The latter
contains a bit more than what we need, so the download is slightly
larger than separate cargo-bin and rust-bin. But it simplifies our life
if we do the same in rust-bin as in rust (i.e. get both rust and cargo).
Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: David Pierret <david.pierret@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- remove of the llvm workaround patch as it is integrated in this
newer version.
- bump cargo-bin to 0.41 (corresponds to rust 1.40) and update
licenses hashes.
- bump rust-bin to 1.40.
Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: David Pierret <david.pierret@smile.fr>
Tested-by: David Pierret <david.pierret@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cargo source code is not provided anymore as a separate tarball but is
now built along with the Rust compiler. So update rust host variant to
build Cargo.
For now, all this will be overwritten again by the host-cargo package,
but this package will be removed in later commits.
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
Tested-by: Sam Voss <sam.voss@rockwellcollins.com>
[Arnout: merge all install commands in HOST_RUST_INSTALL_CMDS]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: David Pierret <david.pierret@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The cargo config file is much like the cmake and meson configuration
files, something that tells the cargo build system how the
cross-toolchain is configured.
It is currently installed by the cargo package, but this package is
about to be removed as cargo is now built as part of rust
itself. Therefore, install the cargo config file as a toolchain
post-install hook, just like we do for cmake and meson.
However, we don't have a pkg-cargo infrastructure (yet) so we can't
put it there. Therefore, put it in the rustc package - any cargo
package will need rustc.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: David Pierret <david.pierret@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Adding mbpfan, a fan control daemon for MacBook laptops.
Signed-off-by: Christian Stewart <christian@paral.in>
[Peter: add hash file, drop Debian init script, drop systemd symlinks, add
DEVELOPERS entry]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes various initialization / systemd issues. From the changelog:
- Provide meaningful exit codes on initialization failures.
- Prevent systemd from starting the daemon before udev changes ownership of
the TPM device node.
- Prevent systemd from starting the daemon if there is no TPM device node.
- Prevent systemd from restarting the daemon if it fails.
- Add SELinux policy to allow daemon to resolve names.
- Add SELinux policy boolean (disabled by default) to allow daemon to
connect to all unreserved ports.
Also adjust .hash file white space to match new agreements.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Other changes:
- Remove upstream patch.
- Change license type to MIT.
- Update license shasum due to the above change.
- Upstrem agained optional support for libglib2 and fsmount, we
disable those so far
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr: forcibly disable new features]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
libwebsockets currently depends on zlib, however, as of commit
13ba5bbc633ea962d46d9f2bfb2e87c9f7e83b62 (from 2013!) zlib is not actually a
requirement if extensions are not enabled.
By default, libwebsockets sets the "LWS_WITHOUT_EXTENSIONS" option to "ON,"
which removes the need for zlib as a dependency. Because of this default
setting, there are two options:
1) Remove the dependency on zlib, create a new option under Config.in to allow
a user to enable extensions, add zlib as a dependency, and set
LWS_WITHOUT_EXTENSIONS to "OFF" if that option is selected.
2) Keep the dependency and explicitly set LWS_WITHOUT_EXTENSIONS to "OFF."
Below are the size differences in bytes:
- Without zlib and extensions: 44636
- With zlib and without extensions: 44720
- With zlib and with extensions: 44732
Considering the size difference between all 3 is an incredible 96 bytes, and
the difference between what we have now, and enabling extensions is an
insurmountable 12 bytes, it is safe to keep the dependency on zlib and always
enable extensions.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Six years ago, commit b6b5bb518d added the MMU
dependency for the libwebsockets package. However, according to the git
history of the CMakeLists.txt file, libwebsockets has supported the vfork
function for at least the last five years.
After testing with the qemu_arm_versatile_nommu_defconfig and the
br-arm-cortex-m4-full.config file, no errors occurred when building
libwebsockets without MMU support.
Remove the dependency; it is no longer necessary. Update the reverse
dependencies as needed.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Update site to get latest version
- Update hash of COPYING.LIB (update in FSF address with
adcb08292d)
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With this patch we enable CONFIG_USB for HSDK, which is not explicitly
selected by UDL since the commit 5d50bd440bc2 ("drm/udl: Make udl
driver depend on CONFIG_USB"). Commit 4c13ca86dcf8 ("ARC:
[plat-hsdk]: fix USB regression") is not yet backported to Linux
kernel 5.6.x, so we enable this option in fragment file for HSDK.
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Basic support for the Marvell ESPRESSObin, by Globalscale Technologies.
http://espressobin.net
The kernel config has been extended with a fragment to enable switchcore
support, DSA drivers, and VLAN filtering in the bridge. To make use of
this you need a custom libnl based application, or the iproute2 suite
rather than the brctl tools, which don't support the VLAN filtering.
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Other changes:
- Add a dependency on libabseil-cpp
- Update the patches to apply properly.
Tested with the following distributions:
- Debian 9
- CentOS 7
- Fedora 32
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package is a new dependency on grpc versions > 1.25.0
Tested with the following distributions:
- Debian 9
- CentOS 7
- Fedora 32
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch bump pillow to version 7.2.0. The bump requires the python
xml module available.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
this patch bumps python-pydal to version 20200714.1
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Netopeer2 is a set of tools implementing network configuration
tools based on the NETCONF Protocol.
Netopeer2 needs libnetconf2 to have SSL/TSL and SSH support, so
we enable both openssl and libssh+server from netopeer2, so that
libnetconf2 has appropriate support. But netopeer2 does not use
either, so does not build-depend on them.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
[yann.morin.1998@free.fr:
- fix dependencies and their comments
- explain openssl and libssh+server dependencies
- fix codestyle in Config,in, noticed by Adam
- fix codestyle in .mk
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
These functions are no longer using the GLOBAL_INSTRUMENTATION_HOOKS
mechanism, so it doesn't make much sense for them to be in the section
of pkg-generic.mk related to those hooks.
Move them to the "Helper functions" section.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Now that we are checking the host directory changes throughout all
installation steps and not just during the "host installation step",
it means that changes done within the staging directory (which is a
subdir of the host directory) are also visible in the
.files-list-host.txt file.
Note that this problem already potentially occurs if a host package is
installing files in the staging directory: they would be listed in
.files-list-host.txt even without the changes in this series.
To fix this up, we simply exclude files that are beneath the
$(STAGING_SUBDIR). Note that we do that in all cases, so when
searching $(HOST_DIR), $(HOST_DIR)/$(STAGING_SUBDIR) is excluded, but
when searching $(TARGET_DIR), $(TARGET_DIR)/$(STAGING_SUBDIR) is
excluded, and when search $(STAGING_DIR),
$(STAGING_DIR)/$(STAGING_SUBDIR) is excluded. This is not a problem in
practice since $(TARGET_DIR)/$(STAGING_SUBDIR) and
$(STAGING_DIR)/$(STAGING_SUBDIR) don't exist, but it's not very
nice. However, it allows to keep the code simple.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commits reworks the pkg_size logic to no longer use the
GLOBAL_INSTRUMENTATION_HOOKS mechanism, but instead be directly
implemented within the configure step and install step.
The problem with the current implementation in the
GLOBAL_INSTRUMENTATION_HOOKS is that we only capture what is installed
in $(HOST_DIR) during the "host installation step", what is installed
in $(TARGET_DIR) during the "target installation step" and what is
installed in "$(STAGING_DIR)" during the staging installation step.
While this seems reasonable in principle, it is in fact not completely
true. For example, "toolchain", which is a target package, installs
tons of files in $(HOST_DIR). "qt5base", which is also a target
package, also installs things in $(HOST_DIR). Same with the "syslinux"
package.
The idea behind this patch is pretty simple:
- At the beginning of the configure step, right after the per-package
directories have been populated (if BR2_PER_PACKAGE_DIRECTORIES=y),
we capture the state of the HOST_DIR, TARGET_DIR and STAGING_DIR.
- At the end of all install steps (which is possible thanks to the
newly introduced "install" step), we capture again the state of
HOST_DIR, TARGET_DIR and STAGING_DIR, and compare it to what we
have saved at the configure step.
So regardless of whether a file has been installed in $(HOST_DIR)
during the target or staging installation steps of a target package,
or if a host package has installed a file in $(TARGET_DIR), we will
detect it.
The pkg_size_before and pkg_size_after macros are intentionally left
where they are (even if they now fall in the middle of the
GLOBAL_INSTRUMENTATION_HOOKS implementations) to minimize the diffstat
and facilitate review.
Note that we also have to change check_bin_arch to be explicitly
called from the install step rather than through a
GLOBAL_INSTRUMENTATION_HOOKS as it depends on the .files-list.txt file
produced by the pkg_size_after function.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We currently create HOST_DIR, TARGET_DIR, STAGING_DIR and BINARIES_DIR
in their respective installation steps. However, as we are about to
change how the logic to capture files installed by packages is
implemented, we will need these directories to exist at the configure
step to keep things simple.
Note that when BR2_PER_PACKAGE_DIRECTORIES=y, the HOST_DIR, TARGET_DIR
and STAGING_DIR are anyway already created at the configure step, when
populating the per-package HOST_DIR and TARGET_DIR. This also means
that we can drop the "mkdir" from per-package-rsync.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr:
- create directories after MESSAGE
- use $(Q) not @
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We currently have four different install steps: target installation,
staging installation, images installation and host installation. These
steps are directly triggered from the $(1)-install make target, so
there is no place where we can run some logic once all installation
steps have completed.
However, as part of improving the reliability of the logic done in
step_pkg_size_before and step_pkg_size_after to detect the files
installed by packages, we would in fact need to run some logic after
all installation steps have completed. This will allow us to make sure
that all files are detected, even if a host package installs something
in the target directory, or if a target package installs something in
the host directory.
To achieve this, this commit implements a new stamp file,
.stamp_installed, which is a step that depends on all four install
steps. Currently, this step does nothing except creating the stamp
file.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: remove stampfile on foo-reinstall]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The $(1) argument passed to step_pkg_size_{before,after}, which
contains the package name, is no longer used. We simply use $(PKG) to
get the upper-case version of the package name.
So, let's drop this first argument that isn't needed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since we're already using $(PKG)_DIR in step_pkg_size_after, we can
also just use $(PKG)_NAME. This allows to make $(1) useless, which
means it can be dropped in a follow-up commit.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bump to 4.1.1 (commit 96d3d01796) removed setools' dependency on
BR2_INSTALL_LIBSTDCPP, but the corresponding inverse dependency on one
of its Kconfig comment was not removed. This led to have the package
being available while a Kconfig comment on non-matched dependencies is
shown. Fix this by removing the dependency on !BR2_INSTALL_LIBSTDCPP on
the Kconfig comment.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Adapt license hash
(minor additions in LICENSE file about files in doc folder:
"Files contained in the doc/ directory may be licensed under different terms.",
but there are no folder present so no license change)
- Also separate the fields in the hash file by two spaces
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This version mainly fixes build issues with more
recent kernels.
98b163a cryptlib.c: fix build on kernel v5.5+
7e72f67 enabled the support for TLS1.1 - AES128-SHA1 - AES256-SHA1
9e76506 Fix build for Linux 5.8-rc1
Signed-off-by: Alejandro González <alejandro.gonzalez.correo@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The init script S20urandom is used to preserve the kernel's RNG
seed between reboots. This functionality is not required for the
package "initscripts". Further there are use-cases where this script
should not be installed at all (e.g. systems that only have read-only
partitions), but that's currently not possible as the script is
a mandatory part of the package "initscripts".
Let's move the script into its own package "urandom-scripts" and select it,
if the default skeleton is enabled. This maintains backward-compatibility
and allows to deselect it.
Signed-off-by: Christoph Müllner <christoph.muellner@theobroma-systems.com>
[yann.morin.1998@free.fr:
- extend help text
- default y if initscripts (instead of skeleton default)
- allow use with openRC, but not systemd
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
reSIProcate is a framework that aims to fully implement the SIP
protocol in first class C++. It is intended for use in other
applications, such as the repro SIP proxy.
Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Removed patches which were applied upstream.
Reformatted hashes,
Updated license hash after copyright year update:
eb40ca5fbd
Switched _SITE to https.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When using ccache to build the exim package, the HOSTCC value contains
spaces, that are incorrectly interpreted by exim's Makefilei, which uses
the first word of ${CC} to test compiler options. This breaks the build
with "unrecognized option" ccache errors.
Fix that by wrapping the HOSTCC variable in double quotes, as it is done
for other variables that follow.
Signed-off-by: Alejandro González <alejandro.gonzalez.correo@gmail.com>
[yann.morin.1998@free.fr: slight rewording of commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add a patch, which has been submitted upstream, to properly detect the
availability of compiler flags before using them.
This will fix the build of exiv2 on CPU architectures for which gcc
doesn't implement -fcf-protection.
Fixes:
http://autobuild.buildroot.net/results/ef6a6fa2309e66a7a36fface626ae0da1a7ec633/
(and many similar build failures on other architectures)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr:
- fix indentation s/TAB/spaces/
- fix CRLF dropped by patchwork
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
[Thomas:
- Fix incorrect "select"
- Simplify the build command, to allow the package Makefile to use
pkg-config, so added host-pkgconf
- Use a full destination path for the installation step
- Use the Github macro]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
From wikipedia:
utmp maintains a full accounting of the current status of the
system, system boot time (used by uptime), recording user
logins at which terminals, logouts, system events etc.
This is seldom use, if at all, on an embedded device, and may expose
users' behaviour to others (by observing who logs in from where, for
example).
Forcibly disable support for utmp.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
[yann.morin.1998@free.fr: split off to its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Systemd enables compatibility with SysV services and utmp by default,
none of which is needed for buildroot as the packages' .mk will install
only the files for the chosen init system.
Furthermore, SysV support requires a setup where *both* /etc/init.d and
/etc/rc.d exists (the latter for the usual /etc/rcN.d). However, in
Buildroot, the latter does not exist; so we would not be able to provide
a working SysV support anyway.
So, just forcibly disable SysV support.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
[yann.morin.1998@free.fr:
- expand commit log
- disable utmp in its own patch
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
All init systems supported by Buildroot have a /run directory and have
a symlink for /var/run -> /run.
Use the /run directory directly.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop fix rpath patch which is no longer needed.
Drop g-ir-scanner/g-ir-compiler override patch which is now upstream.
Rebase remaining patches.
Meson now requires single quotes for cross-compilation.conf, replace
double quotes with single quotes.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Explicitly do not install udev rules and systemd units when installing
the host version of e2fsprogs, as we do not need those files when
calling host tools provided by e2fsprogs from Buildroot.
This fixes a weird issue I encountered: host-e2fsprogs was built and
installed without any issue when building an image from scratch. But
any attempt to rebuild host-e2fsprogs alone was failing during the
installation steps as it tried to install files to the host system.
This is because e2fsprogs' build system (autotools) is using the
prefix given at configuration time when installing its binaries,
configuration files, man pages, etc... but not when installing its
systemd units and udev rules.
The issue did not arise when building it from scratch, as
host-e2fsprogs do not have a dependency on host-udev/systemd, so its
configure script did not automatically enable udev/systemd
installation steps at first.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
go1.13.14 (released 2020/07/16) includes fixes to the compiler, vet, and
the database/sql, net/http, and reflect packages.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This CVE is falsely reported because it was fixed in package version
1.24 (which we are using). Ignore this CVE until the database is
updated.
Signed-off-by: Guillaume W. Bres <guillaume.bressaix@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, we define the so-called "overflow group" as 'nogroup'.
However, one practical issue is that systemd-sysusers will otherwise
create a 'nobody' group with gid 999, because that's is what is usual to
define the overflow group: users and groups are defined in LSB (Linux
Standard Base):
https://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/usernames.html
Quoting: "If the username exists on a system,then they should be in the
suggested corresponding group".
Only Debian and derivatives depart from this custom, naming it 'nogroup'
(hence the rationale for commit 908198e756 (system/skeleton: remove
spurious group 'nobody').
See also commit 9c67af2c52 (system/skeleton: use uid/gid 65534 for
nobody/nogroup), and a related discussion on LWN.net (key is "overflow
UID" which also applies to GID):
https://lwn.net/Articles/695478/
Use the recommended groupname 'nobody'. Adapt packages accordingly.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
[yann.morin.1998@free.fr:
- reword commit log
- extend commit log with more references (commits and LWN)
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This supports 4 plugins, each will be added at the right spot if
enabled, based on the template coming with systemd.
The sed replacements are carefully written to be idempotent, and to
be robust enough to be combined with the other available packages
(nss_mdns4) in any installation order.
nss-systemd is used for the DynamicUser features, which is a defacto
necessity for systemd. It handles transient users/groups without
touching the /etc/{passwd,group} files on disk. To support the
'SupplementaryGroups' feature, groups should be merged.
nss-myhostname allows resolving the hostname, again without touching
files in /etc.
nss-mymachines adds name resolution from containers supported by
machined. Users from the containers might end up in system groups, so
groups should be merged.
nss-resolve, part of resolved, is required for consistent dns lookups.
As per the documentation (nss-resolve(8)), DNS queries shall not
continue past the resolve service, unless the service is not available.
We anchor nss_resolve to appear after files, if mymachines is also used,
remove that first (and add it back later). Other packages (mdns4) move
around the dns entry, so replacing that is not a good option.
If mdns4 is installed aswell, then resolved will take precedence for
host lookups.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
[yann.morin.1998@free.fr:
- exp[lain why 'host: resolve' uses !UNAVAIL=return
- rewrap commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The rule to create the staging symlink has it depend on BASE_DIR, and
the symlink is created in BASE_DIR, which means that when the symlink
is created, BASE_DIR is updated, and thus made more recent than the
symlink itself.
As a consequence, every time one runs 'make', the symlink will be older
than BASE_DIR, and so will be re-created.
Ditto for the host symlink when the user has elected to have an
out-of-tree host dir.
Fix that by changing to using an order-only dependency.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In latest patch the SDMA installation was limited to platforms whose
name was mentioned in the binary but this approach wasn't flexible to
manage cases like imx8m using imx7 sdma binary, so this patch does:
- change VPU/SDMA FW options to string to allow specifying the name
(suggested by Thomas)
- remove imx27 sdma case as non-existent
- add imx8m family support (using imx7d binary)
- get rid of FIRMWARE_IMX_PLATFORM_LOWER macro
Fixes: fad2df39b9 ("package/freescale-imx/firmware-imx: clarify installation of firmware files")
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Same version as NXP release 5.4.24-2.1.0
- No changelog provided by NXP
- Tested on Nitrogen8M device with Weston (DRM backend) as follows:
# cd /usr/share/examples/viv_samples/vdk/
# ./tutorial7
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Same version as NXP release 5.4.24-2.1.0
- No changelog provided by NXP
- COPYING/EULA update: LA_OPT_NXP_Software_License v11 February 2020
- Tested on Nitrogen8M device with Weston (DRM backend) as follows:
# cd /usr/share/examples/viv_samples/vdk/
# ./tutorial7
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Same version as NXP release 5.4.24-2.1.0
- No changelog provided by NXP
- COPYING/EULA update: LA_OPT_NXP_Software_License v11 February 2020
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- based on NXP imx_5.4.24_2.1.0 release
- includes latest stable releases, hence 5.4.x naming
- includes support for all Boundary Devices platforms + accessories
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
go1.13.13 (released 2020/07/14) includes security fixes to the
crypto/x509 and net/http packages.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add support for imx6ullevk_defconfig that allows booting a mainline
kernel and mainline U-Boot.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Separate the fields in the hash file by two spaces.
Change the hash of the license:
- Copyright message changed from 2018,2019 to 2019,2020
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Change the hash of the license:
- Copyright message changed from 'present' to 2020
- Link to BSD 2-Clause License changed from http to https
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Without this backslash, any attempt to run make will result in the error:
package/mender/mender.mk:44: *** recipe commences before first target. Stop
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Mender has support for performing other types of updates other than
just overwriting the rootfs partition that isn't currently in use on
the target.
Some of the default provided modules provide support for:
- Updating a docker container.
- Running a script.
- Installing an RPM.
- Overwriting a directory.
- Updating a single-file.
The single-file update module is used by upstream for onboarding a new
device to a server, and this fails with Buildroot devices because the
modules are currently not installed.
Install the directory, script, and single-file modules by default, and
install the docker or rpm script if their respective packages are
selected.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Version 3 scripts have been supported since version 2.0 and should be the
default.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update the following license file hashes due to copyright year changes:
- vendor/github.com/mendersoftware/mendertesting/LICENSE
- vendor/github.com/mendersoftware/mender-artifact/LICENSE
Remove hashes for the the following removed files:
- vendor/github.com/mendersoftware/log/LICENSE
- vendor/github.com/mendersoftware/scopestack/LICENSE
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update the following license file hashes due to copyright year changes:
- vendor/github.com/mendersoftware/mendertesting/LICENSE
- vendor/github.com/davecgh/go-spew/LICENSE
- vendor/github.com/stretchr/testify/LICENSE
Add hashes for the the following new files:
- vendor/github.com/minio/sha256-simd/LICENSE
- vendor/gopkg.in/yaml.v2/LICENSE
- vendor/github.com/klauspost/compress/LICENSE
- vendor/github.com/russross/blackfriday/v2/LICENSE.txt
- vendor/github.com/klauspost/pgzip/LICENSE
- vendor/github.com/cpuguy83/go-md2man/v2/LICENSE.md
- vendor/github.com/shurcooL/sanitized_anchor_name/LICENSE
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Build will fail if gobject-introspection is built before network-manager
but python-gobject is not:
configure: error: "--enable-introspection aims to build the settings documentation. This requires GObject introspection for python (pygobject)
To avoid this build failure and because we don't need documentation,
just disable introspection
Fixes:
- http://autobuild.buildroot.org/results/d3b1bc2fa7559e66465033c455176761d6e184d1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
python-networkx wasn't upgraded for a while due to incompatibilities
with setools not supporting versions above 1.11. With the recent version
bump of setools this is no longer true and we can bump python-networkx
to 2.4.
The license checksum had to be updated while bumping the package, but
only the year of the copyright has changed.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following security issues:
- SERVER-45514 [FLE] Reject document validators with encryption-related
keywords if the validationAction is “warn”
- SERVER-48039 Unrecognized option: net.ssl.clusterCertificateSelector
in MongoDB v4.2
- SERVER-45803 mongodecrypt needs a ServiceContext
- SERVER-46834 Use monotonic time in UserCacheInvalidator
- SERVER-47113 LDAP connection pool acquisition state should own host
list
https://docs.mongodb.com/manual/release-notes/4.2
Also:
- Update indentation in hash file (two spaces)
- Tweak version to be "compliant" with https://release-monitoring.org
- Use official tarball
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
setools is no longer hosted on https://github.com/TresysTechnology/setools/.
Update the source location to its new home,
https://github.com/SELinuxProject/setools/.
Refresh patches 0001-remove-werror-flag-from-setup.patch and
0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch for
4.3.0 and remove patch 0003-setup.py-drop-path-prefix-from-man-install.patch
that is now upstream.
Add a new dependency on host-python-cython, as setup.py now depends on
it.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Patch 0001-checkpolicy-remove-unused-te_assertions.patch is now part of
the upstream release 20200710.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Refresh patch 0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
for 3.1; and remove patch 0003-fix-building-against-musl-and-uclibc-libraries.patch
that is now upstream.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Patches 0002-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch
and 0003-libsepol-remove-leftovers-of-cil_mem_error_handler.patch are
now upstream.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
oracle-mysql won't built its own bundled zlib since commit
6fed83a030 so don't unconditionally link
with zlib instead use mysql_config to retrieve cflags and libs as
suggested by Thomas Petazzoni in review of first iteration
Fixes:
- No autobuilder failures yet
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add the new SAMA5D27 WLSOM1 Evaluation Kit with linux4sam_6.2
components. Update README file with new defconfigs and new
packages/website.
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This includes the following changes:
86bd30a Restore ability to feed script file via stdin, using `-s -`.
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Retrieve first patch from upstream (BUILD_EXAMPLES is already in
CMakeLists.txt)
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop all patches (already in version)
- Fix CVE-2018-21247: An issue was discovered in LibVNCServer before
0.9.13. There is an information leak (of uninitialized memory contents)
in the libvncclient/rfbproto.c ConnectToRFBRepeater function.
- Fix CVE-2019-20839: libvncclient/sockets.c in LibVNCServer before
0.9.13 has a buffer overflow via a long socket filename.
- Fix CVE-2019-20840: An issue was discovered in LibVNCServer before
0.9.13. libvncserver/ws_decode.c can lead to a crash because of
unaligned accesses in hybiReadAndDecode.
- Fix CVE-2020-14396: An issue was discovered in LibVNCServer before
0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.
- Fix CVE-2020-14397: An issue was discovered in LibVNCServer before
0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
- Fix CVE-2020-14398: An issue was discovered in LibVNCServer before
0.9.13. An improperly closed TCP connection causes an infinite loop in
libvncclient/sockets.c.
- Fix CVE-2020-14399: An issue was discovered in LibVNCServer before
0.9.13. Byte-aligned data is accessed through uint32_t pointers in
libvncclient/rfbproto.c.
- Fix CVE-2020-14400: An issue was discovered in LibVNCServer before
0.9.13. Byte-aligned data is accessed through uint16_t pointers in
libvncserver/translate.c.
- Fix CVE-2020-14401: An issue was discovered in LibVNCServer before
0.9.13. libvncserver/scale.c has a pixel_value integer overflow.
- Fix CVE-2020-14402: An issue was discovered in LibVNCServer before
0.9.13. libvncserver/corre.c allows out-of-bounds access via
encodings.
- Fix CVE-2020-14403: An issue was discovered in LibVNCServer before
0.9.13. libvncserver/hextile.c allows out-of-bounds access via
encodings.
- Fix CVE-2020-14404: An issue was discovered in LibVNCServer before
0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.
- Fix CVE-2020-14405: An issue was discovered in LibVNCServer before
0.9.13. libvncclient/rfbproto.c does not limit TextChat size.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit 'package/rpi-firmware: fix startup file names' ([1]) the
start and fixup file names are normalized to start.elf/fixup.dat,
adjust the rpi4 genimage config files accordingly.
Fixes:
ERROR: file(rpi-firmware/fixup4.dat): stat(.../images/rpi-firmware/fixup4.dat) failed: No such file or directory
ERROR: vfat(boot.vfat): could not setup rpi-firmware/fixup4.dat
[1] https://git.buildroot.net/buildroot/commit/?id=1bdc0334ff6273761b2e7fda730cdcc7e1f46862
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes CVE-2020-7212 (1.25.2 - 1.25.7)
The _encode_invalid_chars function does not remove duplicate percent
encodings in the _percent_encodings array, which combined with the
normalization step could take O(N^2) time to compute for a URL of
length N. This results in a marginally higher CPU consumption
compared to the potential linear time achieved by deduplicating
the _percent_encodings array.
CC: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop patches (already in version) and so drop autoreconf
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Remove all patches (already in version)
- Move to meson-package
- Add new gsettings-desktop-schemas mandatory dependency
- gdu option doesn't exist anymore:
1db029df72
- Use new gcrypt otion
- systemd-login option has been replaced by logind option
- avahi option has been replaced by dnsd option
- gtk3 optional dependency has been removed since
dff13283c9
- Disable new sftp backend:
44d45dca5d
- Disable fuse (depends on fuse3 which is not available on buildroot)
- Remove gvfs-less workaround (not installed anymore)
- Update indentation of hash file
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump OP-TEE Test package version to OP-TEE release 3.9.0.
Drop patch on scripts/file_to_c.py that is merged in 3.9.0.
Add patch from [1] for related issue found in 3.9.0 xtest tool.
Add patch to default disable xtest regression test 1027 and 1028 that
mandate changes in Linux kernel OP-TEE driver that are not available
in mainline, at least as of Linux kernel v5.7.
[1] e1af176af2
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump OP-TEE OS package version to OP-TEE release 3.9.0.
Update patch on pydrypto/pycryptodome to match 3.9.0.
Add patch on CFG_OPTEE_REVISION_MINOR that was not updated in release
3.9.0 and fixed only few commits above.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop patch (already in version)
- Add zstd optional dependency, available since version 2.10.0 and
1f4758bd7f
- Use the new MZ_LIBBSD option available since version 2.10.0 and
29fcb47680
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Agent++ 4.3.1 does not build if SNMPv3 is disabled due to incorrect #ifdef
clauses, esulting in errors such as:
../include/agent_pp/notification_originator.h:232:39: error: 'snmpCommunityEntry' has not been declared
void set_snmp_community_entry(snmpCommunityEntry* communityEntryRef) {
^
../include/agent_pp/notification_originator.h:296:32: error: 'nlmLogEntry' has not been declared
void set_nlm_log_entry(nlmLogEntry* nlmLogEntryRef) {
^
../include/agent_pp/notification_originator.h:321:9: error: 'nlmLogEntry' does not name a type
nlmLogEntry* _nlmLogEntry;
^
Fixes:
http://autobuild.buildroot.net/results/d7a5fa5ba4ab6c9da23fcc93bf766be9ca630af3/http://autobuild.buildroot.net/results/40ce9bc4bed267dc762a0282a8da0ad1514ad7a8/
...
Fixes: 88355e967f ("package/agentpp: bump version to 4.3.1")
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Prior to gzip 1.10, the compression pipeline used with PCF fonts was
not reproducible due to the implicit -N/--name injecting a timestamp:
$ cat /path/to/file | gzip > /path/to/file.gz
This updates Portable Compiled Format font packages to have a host-gzip
dependency, so gzip version 1.10 or newer will reliably be used.
This change does not affect encodings, which use a seemingly
synonymous compression pipeline, but that happens to be reproducible
with gzip versions at least as old as version 1.3.13:
$ gzip < /path/to/file > /path/to/file.gz
Reported-by: Jordan Speicher <jspeicher@xes-inc.com>
Signed-off-by: Aaron Sierra <asierra@xes-inc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, we delete /usr/share/bash-completion when bash is not enabled.
We need to delete /etc/bash_completion.d too. For example, the jo package
installs files there:
/etc/bash_completion.d/jo.bash
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some toolchains, like the Linaro gcc7 toolchains, now install libstdc++ debug
library symbols to /lib/debug, which can be as large as the library itself.
This commit removes the extra debug content if debugging is not enabled.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Removes BR2_PACKAGE_GPSD_PPS config option, since PPS functionality is
no longer optional and always enabled in gpsd's SCons configuration.
Removed passing ntpshm=y to SCons since that feature is also no longer
optional.
Added a patch adapted from changes merged upstream post-3.20 to fix a
build failure during cross-compilation when checking sizeof(time_t)
and where shared libraries were being linked with ld rather than g++.
Signed-off-by: Robert Hancock <hancock@sedsystems.ca>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This includes a patch to fix building with uclibc, where pdbg was
missing a header for ssize_t.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This was supposed to be part of
fce71d09fb, which introduced the
parprouted package, but due to a missed "git commit --amend", it
wasn't included in this commit, so let's add it now.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fix a side channel vulnerability in modular exponentiation that could
reveal an RSA private key used in a secure enclave.
- Fix side channel in mbedtls_ecp_check_pub_priv() and
mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a
private key that didn't include the uncompressed public key), as well
as mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with
a NULL f_rng argument. An attacker with access to precise enough
timing and memory access information (typically an untrusted operating
system attacking a secure enclave) could fully recover the ECC private
key.
- Fix issue in Lucky 13 counter-measure that could make it ineffective
when hardware accelerators were used (using one of the
MBEDTLS_SHAxxx_ALT macros). This would cause the original Lucky 13
attack to be possible in those configurations, allowing an active
network attacker to recover plaintext after repeated timing
measurements under some conditions.
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07
Switch to github to get latest release
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Add a patch to fix build without fork in src/dhcpcd.c. This
regression was introduced in upstream commit
3063ebb6c8ac7c96196fa923cdd5f7c0384de23b, which was merged in dhcpcd
9.0.0. Therefore, Buildroot is affected since we bumped from 8.0.3
to 9.1.4 in commit 809f548e79, which
was applied after 2020.05
- Disable privsep as it unconditionally uses fork (privsep has been
enabled by default since version 9.0.0 and
3a4c2e5604)
Fixes:
- http://autobuild.buildroot.org/results/9fcc88abedcb8a02946f37837dcf4fff02f66c23
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fix CVE-2020-4030: In FreeRDP before version 2.1.2, there is an out of
bounds read in TrioParse. Logging might bypass string length checks
due to an integer overflow.
- Fix CVE-2020-4031: In FreeRDP before version 2.1.2, there is a
use-after-free in gdi_SelectObject. All FreeRDP clients using
compatibility mode with /relax-order-checks are affected.
- Fix CVE-2020-4032: In FreeRDP before version 2.1.2, there is an
integer casting vulnerability in update_recv_secondary_order. All
clients with +glyph-cache /relax-order-checks are affected.
- Fix CVE-2020-4033: In FreeRDP before version 2.1.2, there is an out of
bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions
with color depth < 32 are affected.
- Fix CVE-2020-11095: In FreeRDP before version 2.1.2, an out of bound
reads occurs resulting in accessing a memory location that is outside
of the boundaries of the static array
PRIMARY_DRAWING_ORDER_FIELD_BYTES.
- Fix CVE-2020-11096: In FreeRDP before version 2.1.2, there is a global
OOB read in update_read_cache_bitmap_v3_order. As a workaround, one
can disable bitmap cache with -bitmap-cache (default).
- Fix CVE-2020-11097: In FreeRDP before version 2.1.2, an out of bounds
read occurs resulting in accessing a memory location that is outside
of the boundaries of the static array
PRIMARY_DRAWING_ORDER_FIELD_BYTES.
- Fix CVE-2020-11098: In FreeRDP before version 2.1.2, there is an
out-of-bound read in glyph_cache_put. This affects all FreeRDP clients
with `+glyph-cache` option enabled.
- Fix CVE-2020-11099: In FreeRDP before version 2.1.2, there is an out
of bounds read in license_read_new_or_upgrade_license_packet. A
manipulated license packet can lead to out of bound reads to an
internal buffer.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
parprouted is a daemon for transparent IP (Layer 3) proxy ARP
bridging. This is useful for creation of transparent firewalls
and bridging networks with different MAC protocols. Also,
unlike standard bridging, proxy ARP bridging allows to bridge
Ethernet networks behind wireless nodes without using WDS or
layer 2 bridging.
https://www.hazard.maks.net/parprouted
Signed-off-by: Owen Walpole <owen@walpole.dev>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We need to update the location to point to the current maintained
upstream repo as well since the existing one is unmaintained.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The thing with Buildroot, is that we know in advance what will be in the
root filesystem. Therefore, we don't need SDL_image to probe for the
presence of libpng, libjpeg, libtiff or libwebp and dynamically load
them; SDL_image can be linked to them directly at compilation time.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Just like with libjpeg and libpng, we don't want libwebp to be
dynamically loaded by SDL_image at runtime.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This fixes the following flake8 warning:
support/scripts/pkg-stats:1005:9: E117 over-indented
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With python 3, when a package has a version number x-y-z instead of
x.y.z, then the version returned by LooseVersion can't be compared
which raises a TypeError exception:
Traceback (most recent call last):
File "./support/scripts/pkg-stats", line 1062, in <module>
__main__()
File "./support/scripts/pkg-stats", line 1051, in __main__
check_package_cves(args.nvd_path, {p.name: p for p in packages})
File "./support/scripts/pkg-stats", line 613, in check_package_cves
if pkg_name in packages and cve.affects(packages[pkg_name]):
File "./support/scripts/pkg-stats", line 386, in affects
return pkg_version <= cve_affected_version
File "/usr/lib64/python3.8/distutils/version.py", line 58, in __le__
c = self._cmp(other)
File "/usr/lib64/python3.8/distutils/version.py", line 337, in _cmp
if self.version < other.version:
TypeError: '<' not supported between instances of 'str' and 'int'
This patch handles this exception by adding a new return value when
the comparison can't be done. The code is adjusted to take of this
change. For now, a return value of CVE_UNKNOWN is handled the same way
as a CVE_DOESNT_AFFECT return value, but this can be improved later
on.
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bitwise is multi base interactive calculator supporting dynamic base
conversion and bit manipulation. It's a handy tool for low level
hackers, kernel developers and device drivers developers.
Signed-off-by: Ramon Fried <rfried.dev@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package contains the Boost ODB profile library. The Boost profile
provides support for persisting Boost smart pointers, containers, and
value types with the ODB system.
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package contains the MySQL ODB runtime library. Every application
that includes code generated for the MySQL database will need to link
to this library.
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package contains the PostgreSQL ODB runtime library.
Every application that includes code generated for the PostgreSQL
database will need to link to this library.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[Kamel: Fix incorrect license, remove unneeded dependency on host-odb]
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package contains the common ODB runtime library. Every application
that includes code generated by the ODB compiler will need to link to this
library.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[Kamel:
- Fix incorrect license
- Remove unneeded dependency on host-odb]
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
ODB is an open-source, cross-platform, and cross-database
object-relational mapping (ORM) system for C++. It allows you to
persist C++ objects to a relational database without having to deal
with tables, columns, or SQL and without manually writing any mapping
code.
ODB supports MySQL, SQLite, PostgreSQL, Oracle, and Microsoft SQL
Server relational databases as well as C++98/03 and C++11 language
standards. It also comes with optional profiles for Boost and Qt
which allow you to seamlessly use value types, containers, and smart
pointers from these libraries in your persistent C++ classes.
This package is used for auto-generating ODB specific header files
into useable code that can be linked against a seperate libodb and a
specific libodb database library. As such, it is only needed as a
host program and is not user selectable.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[Kamel: Fix incorrect odb license]
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
[Thomas: add patch fixing gcc10 build, add references to upstream
commits]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some packages requires support on the build machine to create gcc
plugins. This commit adds a blind option,
BR2_NEEDS_HOST_GCC_PLUGIN_SUPPORT, which such packages can
select. When this option is enabled, the logic in support/dependencies
verifies that everything needed on the build machine to build gcc
plugins is available.
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libcutl is distributed in source code and includes the standard autotools
build system as well as the VC++ project files. It is a dependency for odb.
Because ODB is a host-only package, and no other package depends on libcutl,
this package will also be a host-only package.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This version is aligned with 5.4.24_2.1.0 NXP Linux BSP.
License was updated from:
LA_OPT_NXP_Software_License v10 December 2019
to:
LA_OPT_NXP_Software_License v11 February 2020
which explains the change of EULA/COPYING license files.
Tested-by: Julien Olivain <julien.olivain@oss.nxp.com>
[Julien: tested on i.MX8M Mini EVK Rev A with LPDDR4]
Tested-by: Stephane Viau <stephane.viau@oss.nxp.com>
[Stephane: tested on i.MX8MQ and i.MX8MN]
Tested-by : Maeva Manuel <maeva.manuel@oss.nxp.com>
[Maeva: tested on i.MX8QM MEK rev B0 and i.MX8QXP MEK rev B0]
Signed-off-by: Maeva Manuel <maeva.manuel@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This version is aligned with 5.4.24_2.1.0 NXP Linux BSP.
Firmware file names now include the SoC revision.
In order not to break the compatibility with the imx-seco 2.3.1
package, it remains B0 support for i.MX8QXP MEK. C0 support should
introduce a Kconfig option and this will be done in a future patch.
License was updated from:
LA_OPT_NXP_Software_License v10 December 2019
to:
LA_OPT_NXP_Software_License v11 February 2020
which explains the change of EULA/COPYING license files.
Tested-by: Maeva Manuel <maeva.manuel@oss.nxp.com>
[Maeva: tested on i.MX8QXP MEK (Board rev D1, SoC rev B0)
and on i.MX8QM MEK (SoC rev B0)]
Signed-off-by: Maeva Manuel <maeva.manuel@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
These options were only added in commit
6bb7f3b810, which was made after the
2020.05 release. So they are not part of any release at this point,
which makes legacy handling unnecessary.
Reported-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes for 0.4.3.5: https://blog.torproject.org/node/1872
"Tor 0.4.3.5 is the first stable release in the 0.4.3.x series."
Release notes for 0.4.3.6: https://blog.torproject.org/node/1900
The fix for CVE-2020-15572 "Fix a crash due to an out-of-bound memory
access when Tor is compiled with NSS support" does not affect buildroot
because we do not support building tor with libnss.
Rebased patch 0001.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The newly introduced BR2_PACKAGE_FIRMWARE_IMX_NEEDS_xxx symbols are
used in lieu of the SoC type when installing images or binaries on
target.
Suggested-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some SoCs need a HDMI FW for their bootloader, some other require
EPDC, SDMA and/or VPU.
Instead of trying to "guess" what firmware images need to be installed
in firmware-imx.mk, let the Config framework do the job and allow each
SoC to pick what firmware they need.
Note that this patch should also help introducing an eventual DP FW,
as Gary mentioned in a separate thread [1].
[1] http://lists.busybox.net/pipermail/buildroot/2020-May/283181.html
Suggested-by: Yann E. MORIN <yann.morin.1998@free.fr>
Suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The DDR FW along with all other FW code that need to be used in
bootloader or installed on target are related to the firmware-imx
package.
This patch does this job as well as fixing the conjugation of NEED*s*
in the symbol name. Also take advantage of this patch to make the DDR
FW dependant on BR2_PACKAGE_FIRMWARE_IMX.
In addition, the BR2_PACKAGE_FIRMWARE_DDRFW_* option was incorrect, as
there is no package matching this name. So we rename them to
BR2_PACKAGE_FIRMWARE_IMX_*, and add the appropriate Config.in.legacy
handling.
Suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In a patch set that did not get in for other reasons, Sebastien proposed
to fix the install path directory of the sdma and vpu firmware code [1]:
"Mainline and NXP kernels expect the sdma firmware to be in
/lib/firmware/imx/sdma so fix the install path [...]"
By looking at the code, I believe this is correct even though I have no
means to test it.
[1] http://lists.busybox.net/pipermail/buildroot/2020-June/284875.html
Suggested-by: Sébastien Szymanski <sebastien.szymanski at armadeus.com>
Signed-off-by: Stephane Viau <stephane.viau@oss.nxp.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a minor release which provides fixes for CVE-2020-9800,
CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806,
CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, and CVE-2020-13753.
Updating from 2.28.2 also brings in the usual batch of fixes, including
important improvements to threading in the media player. Full release
notes can be found at:
https://webkitgtk.org/2020/07/09/webkitgtk2.28.3-released.html
A detailed security advisory can be found at:
https://webkitgtk.org/security/WSA-2020-0006.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a minor release which provides fixes for CVE-2020-9800,
CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806,
CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, and CVE-2020-13753.
Updating from 2.28.2 also brings in the usual batch of fixes, including
important improvements to threading in the media player. Full release
notes can be found at:
https://wpewebkit.org/release/wpewebkit-2.28.3.html
A detailed security advisory can be found at:
https://wpewebkit.org/security/WSA-2020-0006.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add the CONFIG_PCI symbol due a change in kernel 5.0 [1].
The option was previously enabled by default (default y).
"PCI: consolidate PCI config entry in drivers/pci
There is no good reason to duplicate the PCI menu in every architecture.
Instead provide a selectable HAVE_PCI symbol that indicates availability
of PCI support, and a FORCE_PCI symbol to for PCI on and the handle the
rest in drivers/pci."
Qemu aarch64 provide a PCIe Host bridge but it require CONFIG_PCI_HOST_GENERIC
enabled in the kernel.
With CONFIG_PCI_HOST_GENERIC enabled PCIe host bridge is detected:
$ dmesg
pci-host-generic 4010000000.pcie: host bridge /pcie@10000000 ranges:
pci-host-generic 4010000000.pcie: IO 0x3eff0000..0x3effffff -> 0x00000000
pci-host-generic 4010000000.pcie: MEM 0x10000000..0x3efeffff -> 0x10000000
pci-host-generic 4010000000.pcie: MEM 0x8000000000..0xffffffffff -> 0x8000000000
pci-host-generic 4010000000.pcie: ECAM at [mem 0x4010000000-0x401fffffff] for [bus 00-ff]
pci-host-generic 4010000000.pcie: PCI host bridge to bus 0000:00
pci_bus 0000:00: root bus resource [bus 00-ff]
pci_bus 0000:00: root bus resource [io 0x0000-0xffff]
pci_bus 0000:00: root bus resource [mem 0x10000000-0x3efeffff]
pci_bus 0000:00: root bus resource [mem 0x8000000000-0xffffffffff]
pci 0000:00:00.0: [1b36:0008] type 00 class 0x060000
$ lspci
00:00.0 Host bridge: Red Hat, Inc. QEMU PCIe Host bridge
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=eb01d42a77785ff96b6e66a2a2e7027fc6d78e4a
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Qemu for the aarch64 virt emulate an RTC PL031 device.
Enable the kernel support to allow setting the system time.
"date" now return the current time:
Sun Jul 5 20:38:50 UTC 2020
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also separate the fields in the hash file by two spaces and change the
hash of the license file (copyright message changed from 2019 to 2020).
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following CVEs:
- CVE-2019-19923 (Fixed in 3.31.0)
SQLite is vulnerable to denial-of-service condition because of a NULL
pointer dereferencing while handling `SELECT DISTINCT`statements.
- CVE-2019-19924 (Fixed in 3.31.0)
The SQLite mishandles certain SQL commands due to improper error
handling by ` sqlite3WindowRewrite() ` function.
- CVE-2020-13435 (Fixed in 3.32.1)
SQLite is vulnerable to denial-of-service (DoS) due to improper handling
of query rewriting. An attacker could exploit this vulnerability by
supplying a system with maliciously crafted input.
- CVE-2020-13632 (Fixed in 3.32.0)
SQLite is vulnerable to denial-of-service (DoS) due to improper pointer
management in the FTS3 virtual table module. An attacker could exploit
this vulnerability by supplying a system with maliciously crafted input.
- CVE-2020-13434 (Fixed in 3.32.1)
SQLite is vulnerable to denial-of-service (DoS) due to improper handling
of floating-point operations. An attacker could exploit this
vulnerability by supplying a system with maliciously crafted input.
- CVE-2020-13871 (Fixed in 3.32.3)
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c
because the parse tree rewrite for window functions is too late.
- CVE-2020-13630 (Fixed in 3.32.0)
SQLite is vulnerable to denial-of-service (DoS) due to a use after free
issue in the FTS3 virtual table module. An attacker could exploit this
vulnerability by supplying a system with maliciously crafted input.
- CVE-2020-15358 (Fixed in 3.32.3)
SQLite is vulnerable to a heap-based buffer overflow flaw in part of an
optimization feature. An attacker able to issue specially crafted
queries could cause the application to crash, resulting in a
denial-of-service (DoS).
- CVE-2020-9327 (Fixed in 3.32.0)
SQLite is vulnerable to a Null pointer dereference flaw. A remote
attacker able to issue specially crafted SQL statements may be able to
cause a segmentation fault and application crash, resulting in a
denial-of-service (DoS).
- CVE-2019-19645 (Fixed in 3.31.0)
It was discovered that SQLite contains an denial-of-service (DoS)
vulnerability. An attacker could exploit this to trigger an infinite
recursion resulting in excessive resource consumption leading to a DoS
condition.
- CVE-2019-19926 (Fixed in 3.31.0)
The SQLite allows denial-of-service attack due to improper input
validation of user-supplied input.
- CVE-2020-11655 (Fixed in 3.32.0)
SQLite contains a memory corruption vulnerability. Successfully
exploiting this issue may allow attackers to cause a denial-of-service
(DoS). This allows an attacker to cause SQLite to crash by issuing a
crafted SQL query to the database.
- CVE-2019-19925 (Fixed in 3.31.0)
The INSERT statement fails when the zip file path is `NULL`.
- CVE-2019-19242 (Fixed in 3.31.0)
SQLite is vulnerable to a denial-of-service (DoS). An attacker could
exploit this vulnerability by supplying a maliciously crafted query to
cause an application crash.
- CVE-2019-19244 (Fixed in 3.31.0)
SQLite is vulnerable to a denial-of-service. An attacker could exploit
this vulnerability by providing a crafted SELECT statement to the SQL
server, resulting in an application crash.
- CVE-2020-13631 (Fixed in 3.32.0)
SQLite is vulnerable to data manipulation due to improper management of
virtual tables. An attacker could exploit this vulnerability by
supplying a system with maliciously crafted input.
- CVE-2020-11656 (Fixed in 3.32.0)
SQLite contains a Use-After-Free vulnerability. Successfully exploiting
this issue may allow attackers to cause a denial-of-service (DoS). This
allows an attacker to cause SQLite to crash by issuing a crafted SQL
query to the database.
- CVE-2019-19880 (Fixed in 3.31.0)
SQLite is vulnerable to denial-of-service (DoS) due to the mismanagement
of memory resources. A remote attacker could cause a victim's instance
of the application to crash by submitting crafted request that will lead
to the application parsing problematic integer values.
- CVE-2019-20218 (Fixed in 3.31.0)
SQLite is vulnerable to denial-of-service (DoS) due to improper
exception handling which could lead to unwinding of the `WITH` stack
following parsing errors. An attacker could exploit this vulnerability
by supplying a system with maliciously crafted input.
- CVE-2019-19603 (Fixed in 3.31.0)
It was discovered that SQLite contains a denial-of-service (DoS)
vulnerability. An authenticated attacker could exploit this
vulnerability by creating tables with the same name as shadow table
names.
- CVE-2019-19959 (Fixed in 3.31.0)
SQLite is vulnerable to denial-of-service (DoS) due to the mismanagement
of system memory resources. A remote attacker could cause a victim's
instance of the application to crash by causing it to process a SQL
statement that references a maliciously crafted file name.
- CVE-2019-19646 (Fixed in 3.31.0)
SQLite is vulnerable to a denial-of-service (DoS). An attacker could
exploit this vulnerability by supplying malicious SQL in order to crash
the application.
- CVE-2019-19317 (Fixed in 3.31.0)
SQLite contains a denial-of-service (DoS) vulnerability due to incorrect
logic in name lookups. An attacker could exploit this to cause a
application crash.
Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com>
CC: Peter Korsgard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 30f1decec2 (package/python-greenlet: enable only on supported
architectures) forgot to allow x86_64.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr: split off the x86_64 support to its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 30f1decec2 (package/python-greenlet: enable only on supported
architectures) mis-typed the architecture name fox 286-32: BR2_x86
doesn't exist in buildroot; it is BR2_i386.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr:
- just do the s/x86/i386/ fix for easy backport
- x86_64 split off to its own patch
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Ignacy Gawędzki <ignacy.gawedzki@green-communications.fr>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Chris Packham <judge.packham@gmail.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
For 5.6 and 5.7 support.
git shortlog --invert-grep --grep=Travis --no-merges ec654ee9caeb0c4348caacd0cf5eb2730d1d70e2..
Jonathan Liu (2):
mali: Fix build for 5.6
mali: Fix build for 5.7
Maxime Ripard (3):
Create travis.yml
actions: Add feedparser to the host
travis: Try to fix the push code
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch enables systemd support in the refpolicy by turning on the
'SYSTEMD' policy build option when systemd is enabled in Buildroot. This
enables conditional rules in SELinux policy modules (by defining
'init_systemd'), to better support systemd.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also change the hash file to separate the fields by two spaces and
change the hash of the license (copyright year changed from 2019 to
2020).
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Enable parallel building by substituting $(MAKE1) with $(MAKE) in
libnss.mk. Parallel Makefile building has been added after version 3.53
so now it's time to enable it in Buildroot to save building time.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also:
- License file renamed LICENSE -> License
- Change license hash because copyright year changed 2019 -> 2020
- Separate the fields in the hash file by two spaces
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
By default, the linux and linux-with-shared-libraries configurations
depend on OpenSSL, but with some trickery we can drop this dependency
like the linux-no-openssl configuration does.
Also separate the fields in the hash file by two spaces.
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Video4Linux2 plugins can udev for device probing and monitor.
This greatly improves load time and monitoring performance.
It also enables hotplug monitoring for cameras.
gstreamer is libglib2-based; libgudev is libnglib2-based. So they both
have the same basic dependencies as liblib2 has, and thus propagating
the dependencies of libgudev is not necessary (but might be confusing in
the future, even though such a change is highly unlikely...)
Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Qmake configured packages will, by default, use the absolute HostPrefix/Sysroot
pathes set during configuration/building of qt5base for their install
destinations.
For the per-package host/staging infrastructure, this causes non-qt5base
packages to litter the qt5base folders. In addition, buildroots target-install
step subsequently fails because the respective files are missing from the
per-package sysroot of the package itself.
Fortunately, qmake's built-in pathes can be overridden by placing a custom
qt.conf next to the qmake binary. This is already used to facilitate SDK
relocation. So for per-package path manipulation we can reuse that method, but
need to change the host/sysroot values according to each per-package
path.
Signed-off-by: Andreas Naumann <anaumann@ultratronik.de>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
[yann.morin.1998@free.fr: drop useless 'rm -f' of generated file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
riscv64 support was added upstream in commit:
26fa1b9e6b
which is included in version >= 1.10.0.
Now, of the riscv architecture, only the 32-bit variant is not
supported, so change the arch restriction to that.
Signed-off-by: Julien Olivain <juju@cotds.org>
[yann.morin.1998@free.fr: reword commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 0737f48c5f (package/poco: disable build for riscv) did not
propagate the new dependency on BR2_riscv to the comment.
Introduce BR2_PACKAGE_POCO_ARCH_SUPPORTS to solve this issue.
Signed-off-by: Julien Olivain <juju@cotds.org>
[yann.morin.1998@free.fr:
- reword the commit log
- use separate 'depend on !arch'
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
cups-browsed service is compiled and installed by the package,
but the corresponding services file were not installed for
systemv and systemd.
Specifying --without-rcdir allows to not install the init script
provided with cups-filters, and we provide our own,
Buildroot-compatible init script.
For systemd, we install the upstream-provided service file.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that binutils 2.34 has been introduced, and we have moved to
2.33.1 as the default version, it is time to drop support for binutils
2.31.1.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that binutils 2.34 has been released, it is time to move to
binutils 2.33.1 as the default binutils version, instead of 2.32.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There was a missing space between the append-assignment operator, and
the appended list of licenses.
Even though inconsequential technically speaking, we always use spaces
around operators elsewhere in the code.
So be it here too.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
remove merged patches.
LICENSE diff:
- Copyright (c) 2002-2015 Matt Johnston
+ Copyright (c) 2002-2020 Matt Johnston
- LibTomCrypt and LibTomMath are written by Tom St Denis, and are Public Domain.
+ LibTomCrypt and LibTomMath are written by Tom St Denis and others, see
+ libtomcrypt/LICENSE and libtommath/LICENSE.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Acked-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
this package allows to use optionally bundled libraries (which is exceptional in BR).
so, license infos must be conditional.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
boost/detail/endian.hpp has been marked as deprecated since boost 1.69.0.
This file and boost/predef/detail/endian_compat.h are no more available.
This patch suppress this header in some file, where not needed and move
to correct header and new constants. It's retrocompatible for at least all boost release > 1.69.0
[Upstream status: http://lists.osmocom.org/pipermail/osmocom-sdr/2020-June/002080.html]
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Removed patch (already in version).
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The output of 'find' depends on the directory entries, and is not
ordered. As a consequence, the cpio archive is not reproducible.
Fix that by sorting the output of find. Use the 'C' locale to enforce
reproducibility that does not depend on the locale.
The command line is now pretty long, so we wrap it.
Signed-off-by: Yurii Monakov <monakov.y@gmail.com>
[yann.morin.1998@free.fr:
- use LC_ALL=C when sorting
- wrap long line
- reword commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Before now, U-Boot SPL could only load the Platform Management Unit
(PMU) by patching the board-specific pm_cfg_obj.c file into the generic
PMU firmware, but that then requires generating a new PMU firmware for
every board configuration. To fix that, Luca Ceresoli added support to
U-Boot to load the pm_cfg_obj[1].
Like the PMU firmware, we need a way to pass the PMU cfg to U-Boot
during build. U-Boot only accepts the binary format of the cfg, so we
must convert the source file with the tool provided with U-Boot.
[1] https://lucaceresoli.net/zynqmp-uboot-spl-pmufw-cfg-load/
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When using precompiled headers, changing any macros defined on the
command line will invalidate the precompiled header. With
toolchain-wrapper adding __DATE__ and __TIME__, any commits to Buildroot
will invalidate incremental builds regardless of whether the precompiled
header actually uses those values (affecting _OVERRIDE_SRCDIR).
GCC-7 and later support SOURCE_DATE_EPOCH and use it to define __DATE__
and __TIME__ internally, avoiding any impact on precompiled headers.
Disable the custom handling in toolchain-wrapper if GCC is version 7 or
newer.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Set the rundir to /run/lttng, if systemd is the init system.
/var/run is "legacy" in systemd's view.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also update hash file formatting (2 spaces).
License files got moved into a subfolder,
use those new paths.
Also the package is (L)GPL only, so remove the
"or higher".
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When booting, a Raspberry Pi will load the appropriate start files,
depending on the provided configuration. For example, if the config.txt
file contains ’gpu_mem=16’ the board will automatically load the
cut-down startup files (start_cd.elf and fixup_cd.dat on non-Rpi4).
Unfortunately, even when the appropriate version is selected in the
configuration menu, if the rpi-firmware makefile takes the good files,
it renames them to non-qualified, i.e. start.elf and fixup.dat. But as
these are not the files searched by the Raspberry Pi, the board will not
start.
This patch will set the names of the files to load as constant in the
config.txt file. This guarantees that the rpi firmware blobs do not take
any other corner-case decision based on any other as-yet unknown
conditions.
This eases the maintenance, as only the names of the source files
matter; the destination filenames are constants, and so are the
filenames in config.txt.
Fixes: #13026
Signed-off-by: Stéphane Veyret <sveyret@gmail.com>
[yann.morin.1998@free.fr:
- very minor fix in commit title
- drop the non-conditional macro and move its content into
RPI_FIRMWARE_INSTALL_IMAGES_CMDS
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
now, BR2_PACKAGE_DROPBEAR_LEGACY_CRYPTO works like with version 2019.78
and as described in Config.in
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Acked-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The libsodium dependency is no longer needed so this patch also drops
that requirement from host and target builds.
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
BSD style locks such as implemented by flock are translated to POSIX
advisory file locks (implemented by the fcntl system call on Linux). It
is not possible to lock a directory using POSIX advisory file locks.
Hence, the lock strategy used by Buildroot doesn't work when used over
NFS.
Using flock on a simple file works correctly though, so use a '.lock'
file inside the download directory instead. If the lockfile does not
exist, flock will create it (in a race-free fashion).
Tested using NFS v4.2 and Linux 5.4.43.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
[yann.morin.1998@free.fr:
- slightly expand commit log about creation of the lockfile
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We are using autotools build system for sdl2, so the sdl2-config.cmake
include path are not resolved like for sdl2-config script [1].
Remove sdl2-config.cmake file and avoid unsafe include path if this
file is used by a cmake based package.
This trigger an issue with ogre 1.12.6 package that replaced
FindSDL2.cmake by sdl2-config.cmake [2].
Thanks to Pavel Rojtberg for the help [3].
[1] https://bugzilla.libsdl.org/show_bug.cgi?id=4597
[2] 6de6f9b408
[3] https://github.com/OGRECave/ogre/issues/1568
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Soem versions are tagged, but not tarballed, so we need to be able to
retrieve them from git.
Usually, we do not have a default value for the repository, but unlike
for the kernel or the various bootloaders, the most prominent repository
for Xeniomai is upstream's official one (for the reason above, amongst
others), so we use that as a default.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The xenomai version is decided in Kconfig, but the default value is
set in the .mk. This is unlike the other packages that have a version
choice (like linux, uboot...).
Move the value into Config.in.
This paves the way to using other custom sources, like from a git tree.
Note however that any existing configuration will need to be adapted to
the new settings. Adding legacy handling is non-trivial, so manual
intervention will be required.
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Even if gcc 8 is still maintained for some time (gcc 8.5 is pending),
switch to gcc 9.x since it has been released since 2019-05-03 and
gcc 10.x is available since 2020-05-07.
We have been having toolchains in the autobuilders with gcc
9.x for a while, so the vast majority of the problems should have
already been solved.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In order to add gcc 10 support for internal and external toolchain in
follow-up commits, introduce BR2_TOOLCHAIN_GCC_AT_LEAST_10 symbol.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Notes:
- json-c now uses cmake instead of autoconf
- This version also brings support to the much welcomed feature for
parsing uint64_t types
Signed-off-by: Christopher Pelloux <git@chp.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The OpenSBI platform 'qemu/virt' has been removed in v0.8. Builds for
the QEMU 'virt' machine can use the 'generic' platform instead.
Tested with qemu_riscv32_virt_defconfig and
qemu_riscv64_virt_defconfig using Buildroot host-qemu 5.0.0.
Signed-off-by: Mark Corbin <mark@dibsco.co.uk>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
CVE-2020-8177: curl overwrite local file with -J.
CVE-2020-8169: Partial password leak over DNS on HTTP redirect.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
libnids can be built against an existing libnet lib,
take advantage of that.
Unfortunately, pkg-config is not available for libnet,
so configure --with-libnet is our only option at the
moment.
--with-libnet expects a build directory,
not an installation path like in our context.
We use --with-libnet=yes to skip tests that would fail.
In this situation, 'LIBNET' goes undefined, so we
need to define it ourselves.
This works because we make sure -lnet is installed
prior anything related to libnids.
Signed-off-by: Guillaume W. Bres <guillaume.bressaix@gmail.com>
[yann.morin.1998@free.fr: slightly compact the code]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Includes a number of bugfixes and updates to build against newer stable
kernels.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Update to the latest version of the PRU software support [1].
There are minor changes to the license file mostly dates and versions --
notably pulling in several Linux kernel 5.4 header files in place of the
4.19 versions. As there is no longer a dependency on the kernel types.h
header, there's no longer a GPL-2.0 licensed component.
Also drop the useless comment that just repeats the URL.
[1] https://git.ti.com/cgit/pru-software-support-package/pru-software-support-package
Signed-off-by: Ash Charles <ashcharles@gmail.com>
[yann.morin.1998@free.fr: drop the URL-as-comment]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
stream split clients module has been added in version 1.11.3 with
6c2b086d0e
and is enabled by default, add an option to be able to disable it
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch fix the irrlicht makefile which contains the paths
that point to the host system libraries that are not used and
are not available in Buildroot what's unsafe for cross-compilation.
In addition it fixes linking to the X11 libraries and the following errors:
/home/bartekk/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-gnueabihf/9.2.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/bartekk/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libIrrlicht.so: undefined reference to `XSetSelectionOwner'
/home/bartekk/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-gnueabihf/9.2.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/bartekk/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libIrrlicht.so: undefined reference to `glXGetProcAddress'
/home/bartekk/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-gnueabihf/9.2.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/bartekk/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libIrrlicht.so: undefined reference to `glXMakeCurrent'
/home/bartekk/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-gnueabihf/9.2.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/bartekk/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libIrrlicht.so: undefined reference to `XF86VidModeSetViewPort'
/home/bartekk/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-gnueabihf/9.2.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/bartekk/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libIrrlicht.so: undefined reference to `XF86VidModeSwitchToMode'
/home/bartekk/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-gnueabihf/9.2.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/bartekk/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libIrrlicht.so: undefined reference to `glClearDepth'
/home/bartekk/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-gnueabihf/9.2.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/bartekk/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libIrrlicht.so: undefined reference to `XGetVisualInfo'
/home/bartekk/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-gnueabihf/9.2.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/bartekk/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libIrrlicht.so: undefined reference to `XGrabKeyboard'
/home/bartekk/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-gnueabihf/9.2.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: /home/bartekk/buildroot/output/host/arm-buildroot-linux-gnueabihf/sysroot/usr/lib/libIrrlicht.so: undefined reference to `glMatrixMode'
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
CPython 3.8 has added a new Syntax Warning that print
a waring at runtime while unsing gdb python support.
$ gdb -ex "python import os"
/usr/share/gdb/python/gdb/command/prompt.py:48: SyntaxWarning: "is not" with a literal. Did you mean "!="?
if self.value is not '':
/usr/share/gdb/python/gdb/command/prompt.py:60: SyntaxWarning: "is not" with a literal. Did you mean "!="?
if self.value is not '':
Backport an upstream patch for this:
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=b6484282f85bf7f11451b2441599c241d302ad9d
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
libnids can make use of libglib2 for multi-threading support, so use
that when available.
The configure.in script is flawed: passing either --enable-libglib or
--disabel-libglib will both disable support for libglib. Only when
neither is passed will the autodetection test be executed, at which
point (hopefully) libglib2 will be enabled if found.
So, unlike our usual practice, we can;t explcitly enable it; we can only
explicitly disable it, and rely on autodetection to enable it.
Signed-off-by: Guillaume W. Bres <guillaume.bressaix@gmail.com>
[yann.morin.1998@free.fr:
- add missing dependency on libglib2
- expand commit log to explain why we don't --enable-libglib
- add a simmilar blurb in the .mk
- fix condition, use positive logic since we have an else-clause
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Apitrace is affected by Gcc Bug 68485 that has already been worked
around, but after version bumping, CMakeLists.txt adds -O2 to
CMAKE_C_FLAGS_RELWITHDEBINFO that is in order appended to
CMAKE_C_FLAGS, making -O0 end appending to fail. To prevent this we
need to avoid CMAKE_C_FLAGS_RELWITHDEBINFO to be appended to
CMAKE_C_FLAGS, so let's do the same as flare-engine package that set
CMAKE_BUILD_TYPE to a fake build type called "buildroot", this way -O2
won't be appended after -O0 and work around restart to work as
expected.
Fixes:
http://autobuild.buildroot.net/results/2e3/2e31abd7b115d4c29117ca82007fd4f87f853ff7/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package needed to be updated to be aligned with NXP BSP
5.4.3_1.0.0. It only updates the i.MX8 VPU firmware files.
The license files have changed due to:
- update to LA_OPT_NXP_Software_License v10 December 2019
- addition of Crank, EmSA and TARA Systems restrictions
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
[Thomas: extend commit log according to details provided by Gary
Bisson]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
stream geo module has been added in version 1.11.3 with
bb790f5d30
and is enabled by default, add an option to be able to disable it
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
stream return module has been added in version 1.11.2 with
a7c6f8c1d7
and is enabled by default, add an option to be able to disable it
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
stream map module has been added in version 1.11.3 with
05db6ddfa1
and is enabled by default, add an option to be able to disable it
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
On some legacy systems, the X11 headers and libs are in /usr/X11R66/include
and /usr/X11R66/lib, and of course, some packages are trying to be smart
and use those paths (even when they do not exist).
Add those to the list of unsafe paths to check in the toolchain wrapper.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Libnids is a C based networking library, part of networking intrusion
detection tools. It can watch network traffic & provide informations.
Signed-off-by: Guillaume W. Bres <guillaume.bressaix@gmail.com>
[Thomas:
- only needs libpcap as a mandatory dependency
- add patch to fix libpcap detection
- pass install_root= at installation time
- drop glibc dependency, it builds fine with uclibc]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This includes the following changes:
9adede5 Bumped version to 1.9.12
7487642 Merge pull request #40 from PrinterFranklin/fix_memory_leak
cbef34b fix a memory leak in havege_destroy
02674ae Updated ChangeLog
1ce2092 Update README.md
b77e7db Create README.md
f5bd6fa Updated version to v1.9.11
68b1d84 Merge branch 'master' of https://github.com/jirka-h/haveged
fb12bb3 updated fedora.spec
b162c91 Merge pull request #35 from eworm-de/private-tmp
b839803 Merge pull request #34 from Chocobo1/gh_action
4a0a008 Replace @SBIN_DIR@ in haveged.service file with actual path
c216a6f Moved haveged.spec to fedora.spec
2098470 fix ordering cycle with private tmp
7cd68e1 Add GitHub Actions continuous integration script
ebe97f0 Fixed time format
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Removed patch which was applied upstream.
Updated license hash due to copyright year update:
c2fdf919cf
Removed "v" from _SITE due to changes to github release names.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CBC ciphers, 3DES and hmac-sha1-96 are now disabled by default.
LICENSE: curve25519-donna under BSD-3c was replaced by curve25519.c under
Public domain
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Without this patch, openssl_abyss is enabled if openssl is built before
libxmlrpc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
* CVE-2020-13777: It was found that GnuTLS 3.6.4 introduced a
regression in the TLS protocol implementation. This caused the TLS
server to not securely construct a session ticket encryption key
considering the application supplied secret, allowing a MitM
attacker to bypass authentication in TLS 1.3 and recover previous
conversations in TLS 1.2
Release announcement:
https://lists.gnupg.org/pipermail/gnutls-help/2020-June/004648.html
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
[yann.morin.1998@free.fr: two spaces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Drop patch (already in version) and so autoreconf
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch is not needed since version 3.19 and
e3ec42e08a
So drop this patch and set CCFLAGS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: s/GPS_CFLAGS/GPSD_CFLAGS/ ]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop patch (not needed anymore) as console.h has been updated with:
#if HAVE_SYS_SELECT_H
#include <sys/select.h>
#endif
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Upstream dropped python 2.x support, so add a dependency on python3:
f8608f4537
And adjust the .hash spacing for the new agreements.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The LICENSE file is MIT, not BSD. The confusion comes from the license info
in setup.py, which stated BSD until (post-0.14.2):
669129a3d3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add a patch to fix build without ssse3.
Update the license hash due to various changes since August 2019 [0]:
- some files were relicensed from GPL-2.0+ to LGPL-2.1+; no impact on
the licensing information;
- clarification about the licensing when linked with external
libraries, which now requires passing --enable-version3; Buildroot
is not concerned, because it passes --disable-version3;
- various clarification about applicable licensing terms.
[0] http://git.videolan.org/?p=ffmpeg.git;a=history;f=LICENSE.md;h=613070e1b631a919a74c862f2a75a0f249a631ff;hb=8e12af29d1a3f95c9e952d78354e3c8b1c0431a8
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr:
- fix the SoB order in the patch
- clarify the impact of the licensing changes
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
There is now a LICENSE.txt file, so let's use it as the license file
instead of setup.py. It does contain the MIT license text, as
expected.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop patch (already in version)
- Add -std=c++11 to fix the build with gcc 4.8 as it has been removed by
upstream since version 1.0.0 and
2558902f0b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libogg is not only used for voicemail plugin, it is an optional
dependency of:
- audiobridge plugin since version 0.9.3 and
53761d07c5
- streaming plugin since version 0.9.3 and
d9aa1cec84
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 1ebb35ee5f changed the libopenssl
target architecture to 'linux-generic64' for 64-bit archs based on
BR2_ARCH_IS_64. However, MIPS64n32 has BR2_ARCH_IS_64 set, but is a 32-bit
ABI. On such board, libopenssl needs to be configured with linux-generic32
to function properly.
One symptom of this problem is that ssh-keygen hangs on key generation,
waiting for more random bits. See [1] for the discussion with openssl
upstream.
Thanks to Ronny Meeus for investigating the issue and kudos to the openssl
community for their responsive and helpful interaction!
Reported-by: Ronny Meeus <ronny.meeus@nokia.com>
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[1] https://mta.openssl.org/pipermail/openssl-users/2020-June/012565.html
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Enable build for musl libc. glibc specific code is now behind __GNUC__.
Add a patch to fix collision with kernel defined struct sysinfo.
Drop attr dependency. Not used anymore.
Make keyutils an optional dependency. Detected at config time.
Enable static build now that keyutils is not a mandatory dependency.
Format hash file with two spaces delimiters.
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 99cc53f3f4 (package/libcamera: add v4l2 compatibility layer
option) incorrectly added the v4l2 option, which makes it so that
the previous options are overrdien.
Fix that by using an append-assignment.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack
via a PREAUTH response.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
While host-python-pydal is needed at build time, the target variant of
this package is only needed at runtime.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Maintenance release, most important is OpenSSL 1.1+ support. See full
release notes for details:
https://fastd.readthedocs.io/en/stable/releases/v19.html
Two patches went upstream. The last remaining patch was not touched,
LTO might not work as expected, but upstream dropped CMake in favour
of the meson build system after v19, so it seemed not worth the
effort.
The hash of the license file is updated due to a copyright year
change.
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use upstream provided tarball. Drop autoreconf.
Update homepage URL. The old URL redirects to the new one.
Format hash file with two spaces delimiters.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tarball is now without a leading directory component. Don't strip
leading patch component.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If systemd is selected, add the systemd package to the dependency list and set
the conf opt --enable-systemd-sockets.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop patch (already in version) and so autoreconf
- Update hash of README (update in year, version, miscellaneous
information)
- Update indentaton in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
granite fails to build since bump to vala 0.46.6 in commit
2723ff3333:
make[3]: Leaving directory '/tmp/instance-0/output-1/build/granite-0.4.1'
[ 1%] Generating style-classes.c;Application.c;Drawing/Color.c;Drawing/BufferSurface.c;Drawing/Utilities.c;GtkPatch/AboutDialog.c;Services/Settings.c;Services/Logger.c;Services/Paths.c;Services/System.c;Services/Contractor.c;Services/ContractorProxy.c;Services/IconFactory.c;Services/SimpleCommand.c;Widgets/AlertView.c;Widgets/Avatar.c;Widgets/Utils.c;Widgets/WrapLabel.c;Widgets/AboutDialog.c;Widgets/ModeButton.c;Widgets/DatePicker.c;Widgets/Entries.c;Widgets/TimePicker.c;Widgets/CollapsiblePaned.c;Widgets/StaticNotebook.c;Widgets/DynamicNotebook.c;Widgets/CompositedWindow.c;Widgets/AppMenu.c;Widgets/Welcome.c;Widgets/WelcomeButton.c;Widgets/Toast.c;Widgets/ToolButtonWithMenu.c;Widgets/PopOver.c;Widgets/ContractorView.c;Widgets/ContractorMenu.c;Widgets/DecoratedWindow.c;Widgets/LightWindow.c;Widgets/StatusBar.c;Widgets/SidebarPaned.c;Widgets/StorageBar.c;Widgets/SourceList.c;Widgets/CellRendererExpander.c;Widgets/CellRendererBadge.c;Widgets/ThinPaned.c;Widgets/OverlayBar.c;gr
anite.vapi;granite.h
make[3]: Entering directory '/tmp/instance-0/output-1/build/granite-0.4.1'
/tmp/instance-0/output-1/build/granite-0.4.1/lib/Application.vala:145.9-145.26: error: Creation method of abstract class cannot be public.
public Application () {
^^^^^^^^^^^^^^^^^^
So bump granite to latest version to include the following commit (that
does not apply cleanly on current version):
fd26013c84
Moreover:
- Switch site to github to get latest release
- Switch to meson-package
- Add gobject-introspection optional dependency
Fixes:
- http://autobuild.buildroot.org/results/3e2cc89b9bd42824731d0c7b39dd5b5c98e527ee
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Other changes:
- Update 0001-Remove-OWNER-and-GROUPS-parameters-to-install.patch to apply
properly with the udpated version.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Don't pass --disable-profiling, profiling is now disabled by default,
and in fact due to a bug in the configure.ac script, passing
--disable-profiling enables profiling.
Update LICENSE hash; copyright year update.
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
By default, open-plc-utils installs all of the compiled binaries to
/usr/local/bin which is not in the default path provided by Buildroot.
Passing BIN="$(TARGET_DIR)/usr/bin" to make install forces open-plc-utils to
install the compiled binaries to /usr/bin.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
GCC10 set's the -fno-common flag by default which causes OpenJDK to fail when
compiling.
Because there is no easy way to create a patch from the OpenJDK mercurial
repository, this patch was created by hand from the three commits listed in
the provided patch itself.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This is a crucial bugfix release that fixes a backward incompatible ABI
change introduced in 1.3.2.
Also drop patches that are now applied upstream.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Buildroot currently installs openjdk-bin to $(HOST_DIR)/ instead of the more
traditional (for java installations) $(HOST_DIR)/usr/lib/jvm.
As described in https://bugs.busybox.net/show_bug.cgi?id=13001
"Openjdk-bin provides it's own libfreetype.so and places it into
$(HOST_DIR)/lib/. This library causes build failures with the
host-xapp_mkfontscale package due to the overwritten libfreetype.so.
mkfontscale.o: In function `doDirectory':
mkfontscale.c:(.text+0x1a80): undefined reference to `FT_Get_BDF_Property'
collect2: error: ld returned 1 exit status
Reproducing the error is done by repeating the following steps.
make host-freetype
make host-openjdk-bin
make host-xapp_mkfontscale"
There are two options for fixing this problem:
1) add host-freetype and host-lksctp-tools as dependencies to host-openjdk-bin
and then remove the provided libfreetype.so and libsctp.so libraries
in a post_extract_hook.
2) change the installation directory from $(HOST_DIR)/ to
$(HOST_DIR)/usr/lib/jvm just like the target OpenJDK package and
copy the entire source directories contents to the above location.
The second option provides the following advantages:
- the directory structure is consistent with how we handle the target OpenJDK.
- the HOST_OPENJDK_BIN_INSTALL_CMDS step is simplified.
- packages such as Maven require directories of which we are currently not
copying. These missing directories cause programs such as Maven to crash
when running with an error such as
"Can't read cryptographic policy directory: unlimited."
- does not miss any other libraries that solution 1 would not cope with
(e.g. libzip.so from host-libzip, or libnet.so from not-yet existing
host-libnet, or libsctp.so from not-yet existing host-lksctp-tools)
Because the second option is both simple, easier to implement, is low-impact,
and fixes the problems described above wholly, it is the best to implement.
To implement the above changes, we must also modify the following files in the
same patch to match the host's new directory paths:
- openjdk.mk
- openjdk-jni-test.mk
- openjdk-hello-world.mk
To avoid having to change all those packages in the future, expose two
new variables, HOST_OPENJDK_BIN_ROOT_DIR which contains the path where
the openjdk-bin was installed in, and JAVAC, which contains the path to
the javac compiler (modeled after the way the autoconf et al. variables
are set and exposed).
Tested with:
./support/testing/run-tests -o out -d dl tests.package.test_openjdk.TestOpenJdk
Fixes: https://bugs.busybox.net/show_bug.cgi?id=13001
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr:
- introduce HOST_OPENJDK_BIN_ROOT_DIR and JAVAC
- expand and tweak the commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Older versions of git store the absolute path of the submodules'
repository as stored in the super-project, e.g.:
$ cat some-submodule/.git
gitdir: /path/to/super-project/.git/modules/some-submodule
Obviously, this is not very reproducible.
More recent versions of git, however, store relative paths, which
de-facto makes it reproducible.
Fix older versions by replacing the absolute paths with relative ones.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
License was updated with little rephrasings, typo fixes,
and a note about using fmt as a third party library under the
MIT license.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The options --with-xslt-config and --with-xml2-config were
renamed to --xslt-config and --xml2-config", respectively.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* License was changed from UNIX to Windows line endings.
* SETUP_TYPE is actually distutils, and not setuptools.
* Use two spaces for hash file indentation.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
All systemd binaries depend on libsystemd-shared and need their RPATH
fixed. Use a glob to catch them all.
We can't use $(wildcard ...) because this is expanded before any file
may exist (it's in the same rule that install those file, and the
expansion in Makefile is done once at the beginning of the recipe).
We need to test each file:
1. to ignore files that were not build (e.g. because the host is
missing some dependencies (in which case we don't care; we're only
interested in systemctl, and that one is already built)
2. to ensure the glob was expanded (in case no file would match
systemd-*)
Signed-off-by: Norbert Lange <nolange79@gmail.com>
[yann.morin.1998@free.fr:
- don't use 'set -e', use the more traditional '|| eixt 1'
- don't cd into HOST_DIR/bin, but use $(addprefix ...)
- use positive logic in the test
- expand commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
These files are necessary for C or C++ programs to use the native java
interface (JNI.)
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fix CVE-2020-12740: tcprewrite in Tcpreplay through 4.3.2 has a
heap-based buffer over-read during a get_c operation. The issue is
being triggered in the function get_ipv6_next() at common/get.c.
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add basic /etc/iwd/main.conf configuration file to enable
network configuration (use built-in dhcp client).
For the non systemd-resolved case select the openresolv package
to fulfill the iwd resolvconf requirement (and adjust the
configuration file accordingly).
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The machine has a NAND flash device and firmware capable of loading the
OS from a JFFS2 file system on it. Enable creation of JFFS2 image that
can be written to said flash device.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This makes the boot script set appropriate root parameters when it's
loaded from a NAND flash device.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The XO-1 laptop has a NAND flash and firmware capable of reading JFFS2
from it. Enable JFFS2 kernel support so that we'll be able to create
images capable of booting from the internal flash.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
A couple of config symbols were mising that things we enable depend on.
Enable them.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is the keyboard connected via the SP "security processor" on a
XO-1.75. XO-1 has a regular PC keyboard.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
XO-1 has an internal MTD device.
Also, CONFIG_MTD_SPI_NOR was set twice for XO-1.75. One copy is removed,
one remains.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The eigen package was introduced as a generic package, but upstream was
in fact using CMake.
The motivation of this change is to fix package detection with CMake.
Eigen3 library normally installs a signature file named
"signature_of_eigen3_matrix_library" to help library detection:
https://gitlab.com/libeigen/eigen/-/blob/3.3.7/CMakeLists.txt#L423
The library also provide a CMake macro that use this file to
detect it:
https://gitlab.com/libeigen/eigen/-/blob/3.3.7/cmake/FindEigen3.cmake#L76
Without the signature file installed, packages searching for this
library with this method will fail. Other packages usings pkg-config are
not affected by this issue.
By using the cmake-package infrastructure, all the needed files
are now installed, fixing this CMake detection issue.
Other changes in this patch:
- Updated the Eigen git repository to the new url:
https://gitlab.com/libeigen/eigen
- Removed all build and install staging commands
(now included in upstream cmake)
- Package needs EIGEN_SUPPORTS_IN_SOURCE_BUILD = NO
- Removed the BR2_PACKAGE_EIGEN_UNSUPPORTED_MODULES option,
as this option is not proposed by the upstream CMake.
Unsupported module header files are now unconditionally installed. As
such, no need to introduce a legacy entry for
BR2_PACKAGE_EIGEN_UNSUPPORTED_MODULES: users that had it enabled will
still get the files installed, while those that did not will get them
installed now.
- Updated hash for source package, because the first component in the
stored paths changed from eigen-eigen-323c052e1731/ to eigen-3.3.7/
and some mercurial related files (.hg_archival.txt, .hgtags) got
dropped after the conversion to git.
- Reformat hash file with two spaces delimiters
- Define EIGEN_CONF_OPTS to set pkg-config .pc install path
Signed-off-by: Julien Olivain <juju@cotds.org>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Currently, GNU Make expands the Python SYSCONFIGDATA_NAME variable;
however, when building with per-package directories, this variable is
not set because the evaluation of this variable occurs before buildroot
creates the per-package directories of a given package.
This can be easily demonstrated with that trivial Makefile:
$ cat Makefile
BLA = $(wildcard bla)
all:
@echo 'BLA=$(BLA)'
@touch bla
@echo 'BLA=$(BLA)'
$ make
BLA=
BLA=
$ make
BLA=bla
BLA=bla
I.e. the variables are evaluated at the beginning of a recipe, not for
each line of the recipe.
There are two solutions to fix this problem:
- add a step between "patch" and "configure," which would evaluate all
of the variables after creating the per-package directories;
- evaluate SYSCONFIGDATA_NAME via a shell expansion instead of
Makefile, to postpone the effective ex[ansion to until after the
file has been created.
Even though the first option is semantically the best solution, this is
also very intrusive, especially since python3 is so far the only case
where we would need it. The second option however is more expedient, adn
so this is what we're doing here.
We introduce PKG_PYTHON_SYSCONFIGDATA_PATH to avoid duplication and to
make the following line easier to read.
Then PKG_PYTHON_SYSCONFIGDATA_NAME is actually defined as a back-tick
shell expansion (although back-ticks have their drawbacks, using $(...)
in Makefile is not trivial either):
- we test that the file does exist, to cover the python2 and python3
cases: with python2, the file does not exist, so we want to expand
to an empty string; 'basename' only works on the filename, and does
not check the file actually exists;
- if the file exist, we get its basename without the .py extension,
and this makes our expansion;
- the "|| true" is added to ensure the old behavior of returning an
empty string if the file does not exist still works, when the
expansion is attempted in a shell where 'set -e' is in effect (the
test would fail with python2, but this is not an error).
Fixes: https://bugs.busybox.net/show_bug.cgi?id=12941
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr: slight rewording in commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The necessary system users are documented in the projects README.
Description is matched to the ones in the upstream sysusers.d
files. Remove homedirectory (upstream doesnt care either).
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since V235 the "gateway" and "upload" services use DynamicUsers,
requiring no entries in /etc/passwd.
This functionality requires nss-systemd, which is always
enabled in buildroot.
The "bus-proxy" user was removed in V230.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Reviewed-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
