Fixes the following vulnerability:
** libgnutls: Fix potential DoS in handling certificates with numerous name
constraints, as a follow-up of CVE-2024-12133 in libtasn1. The
bundled copy of libtasn1 has also been updated to the latest 4.20.0
release to complete the fix. Reported by Bing Shi (#1553).
[GNUTLS-SA-2025-02-07, CVSS: medium] [CVE-2024-12243]
For more details, see the release announcement:
https://lists.gnupg.org/pipermail/gnutls-help/2025-February/004875.html
Update the license info for a move/rename of license files and a slight
rewording. The license clarification is now in README.md so also add that:
a8727cdb0775f5ea8073
Drop now upstreamed
0001-groups-represent-hybrid-groups-with-an-array-of-IDs.patch:
9cc9d5556d
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2461b34077)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2024-6387: Unauthenticated root login because of signal
handler race condition.
Drop upstream patch and autoreconf.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 4ac2cc5bee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Previously, these tests had the potential for timing out with the
default 5 second timeout value if initializing /dev/urandom took too
long.
Now the tests use a 10 second timeout value.
Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 9bc3bbce38)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Prior to b7d251293a, txaio would test both asyncio and twisted.
Add back the twisted sample and include the twisted package in the
config so both modes of the package are tested.
Fixes: b7d251293a ("package/python-txaio: drop python 2 support")
Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 41b08a779b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerability:
CVE-2024-10573: An out-of-bounds write flaw was found in mpg123 when
handling crafted streams. When decoding PCM, the libmpg123 may write past
the end of a heap-located buffer. Consequently, heap corruption may happen,
and arbitrary code execution is not discarded. The complexity required to
exploit this flaw is considered high as the payload must be validated by the
MPEG decoder and the PCM synth before execution. Additionally, to
successfully execute the attack, the user must scan through the stream,
making web live stream content (such as web radios) a very unlikely attack
vector.
https://www.openwall.com/lists/oss-security/2024/10/30/2
Release notes:
https://sourceforge.net/p/mpg123/mailman/message/58834094/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 35d2880e33)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerability:
CVE-2024-8508: A vulnerability has been discovered in Unbound when handling
replies with very large RRsets that Unbound needs to perform name
compression for.
https://nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Julien: update pgp key id in hash file]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 3f98b643fb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerability:
CVE-2024-12133: Potential DoS in handling of numerous SEQUENCE OF or SET
https://lists.gnu.org/archive/html/help-libtasn1/2025-02/msg00001.html
Adjust the license files after upstream moved the license clarification to
README.md and moved the COPYING* files top the top level directory /
slightly updated the COPYING* files (http->https) with:
73cc886c3f
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 2867f4be42)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The error was introduced by the libcurl bump to 8.12.0 with buildroot
commit 2da031c2e5.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit e85cd58fc5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 52154e5206 (package/zstd: build multithreaded library if
supported) added an override of a previously defined variable, so an
explicit check-package exception was added in 0f0e913f10
(package/zstd: rework build and install). Eventually, in 253a951c4f
(package/zstd: fix build without threads) the variable override was
removed.
However, the check-package exception was left out during the rework in
253a951c4f, so it now excludes nothing.
Drop this exception now.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit ad25dd6159)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As pointed out by shellcheck, the exit code of the start/stop/restart/reload
command is clobbered by the 'echo "FAIL'" statement:
In package/mdnsd/S50mdnsd line 52:
exit $?
^-- SC2320 (warning): This $? refers to echo/printf, not a previous command. Assign to variable to avoid it being overwritten.
So introduce a $status variable to keep track of it, similar to how it is
done in S40iwd.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit be20c12e15)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As host-heimdal is only used by samba4, and samba4 already depends on
host-flex and host-bison, the build issue fixed by this commit is not
directly visible, but can be reproduced by doing "make host-heimdal"
for example in our official Buildroot Docker container:
/home/thomas/projets/buildroot/outputs/foo/build/host-heimdal-f4faaeaba371fff3f8d1bc14389f5e6d70ca8e17/missing: line 81: flex: command not found
WARNING: 'flex' is missing on your system.
You should only need it if you modified a '.l' file.
You may want to install the Fast Lexical Analyzer package:
<https://github.com/westes/flex>
make[4]: *** [Makefile:753: lex.c] Error 127
[...]
updating lex.yylex.c
../../ylwrap: line 176: -d: command not found
make[4]: *** [Makefile:756: parse.c] Error 127
Fix this by adding the missing dependencies.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 44e739d031)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Buildroot fails to build Linux kernel configurations where BTF support
is enabled together with zstd compression of debugging information.
The reason is in host-elfutils zstd support being explicitly disabled.
So enable zstd support in host-elfutils by default to fix such builds.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 315672feec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Chris email address at boundarydevices is bouncing:
Chris Dimich is no longer with Ezurio. Please contact Gary Bisson by
email at Gary.Bisson@ezurio.com. Thank you!"
Move his package to Gary Bisson as suggested.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
(cherry picked from commit 892d1ae27f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.22.12 (released 2025-02-04) includes security fixes to the
crypto/elliptic package, as well as bug fixes to the compiler and the go
command.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ARC support was added in 0.10.0 by
4997efa59a
so drop the architecture dependency on !BR2_arc.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 99140408b4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Take a patch from meta-riscv, which was submitted upstream by Khem Raj
to fix a build issue on RISC-V 32-bit musl configurations. This issue
has been discussed with musl developers who believe this is a Busybox
issue. The patch from Khem works around the issue by making it a
runtime failure just affecting hwclock on RISC-V 32-bit musl instead
of a build failure. The correct fix is not really clear, as there
seems to be a disagreement between Busybox people and musl people on
what the C library settimeofday() function should do, and that's why
Busybox is bypassing settimeofday() on musl by making a direct system
call, except this system call doesn't exist on RISC-V 32-bit.
In the mean time, this patch fixes the long standing Gitlab CI issue:
- tests.toolchain.test_external_bootlin.TestExternalToolchainBootlinRiscv32ilp32dMuslStable
https://gitlab.com/buildroot.org/buildroot/-/jobs/8954291684
- tests.toolchain.test_external_bootlin.TestExternalToolchainBootlinRiscv32ilp32dMuslBleedingEdge
https://gitlab.com/buildroot.org/buildroot/-/jobs/8954291683
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a956eeb96b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit adds patches, which were all backported from upstream, or
submitted upstream, and that fix various CVEs. To facilitate the
backporting work, we took the backports from openembedded-core.
CVE-2021-42380: this one is not marked by NVD as affecting 1.36.1, but
its fix was merged after 1.36.1, so it seems like the NVD data is
incorrect. Therefore, no need for a BUSYBOX_IGNORE_CVES entry. Patch
is upstream, backport taken from openembedded-core.
CVE-2023-42363, CVE-2023-42364, CVE-2023-42365: patches are upstream,
backports taken from openembedded-core.
CVE-2023-42366: patch has been submitted upstream but not merged,
patch taken from openembedded-core.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 75c594d446)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cuserid is deprecated and breaks the compilation on some new toolchains.
This patch fixes this issue.
Fixes:
#81
Signed-off-by: Thomas Bonnefille <thomas.bonnefille@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a141b117e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It fixes an arbitrary file overwrite vulnerability in the readline.sh.
(CVE-2024-54661)
see - http://www.dest-unreach.org/socat/contrib/socat-secadv9.html
README hash changed due to version update.
Note: Buildroot is not impacted by this vulnerability as the
readline.sh is not installed on target.
Quoting changelog [1]:
Mitigating factors: readline.sh is usually neither installed in a bin
directory nor is it documented. Major Linux distributions install it in
examples/ or doc/; however it is invoked by test.sh script.
[1] https://repo.or.cz/socat.git/blob/refs/tags/tag-1.8.0.2:/CHANGES
Signed-off-by: Akhilesh Nema <nemaakhilesh@gmail.com>
[Julien: add note that Buildroot is not impacted in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit d70df3ab44)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
7.2.6:
- (CVE-2024-31449) Lua library commands may lead to stack overflow and
potential RCE
- (CVE-2024-31227) Potential Denial-of-service due to malformed ACL
selectors
- (CVE-2024-31228) Potential Denial-of-service due to unbounded pattern
matching
7.2.7:
- (CVE-2024-46981) Lua script commands may lead to remote code execution
- (CVE-2024-51741) Denial-of-service due to malformed ACL selectors
https://github.com/redis/redis/releases/tag/7.2.6https://github.com/redis/redis/releases/tag/7.2.7
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit f3e99436ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.22.11 (released 2025-01-16) includes security fixes to the crypto/x509
and net/http packages, as well as bug fixes to the compiler, the runtime,
and the net package.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
Worker permission bypass via InternalWorker leak in diagnostics
(CVE-2025-23083) - (high)
With the aid of the diagnostics_channel utility, an event can be hooked into
whenever a worker thread is created. This is not limited only to workers
but also exposes internal workers, where an instance of them can be fetched,
and its constructor can be grabbed and reinstated for malicious usage.
This vulnerability affects Permission Model users (--permission) on Node.js
v20, v22, and v23.
GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085) - (medium)
A memory leak could occur when a remote peer abruptly closes the socket
without sending a GOAWAY notification. Additionally, if an invalid header
was detected by nghttp2, causing the connection to be terminated by the
peer, the same leak was triggered. This flaw could lead to increased memory
consumption and potential denial of service under certain conditions.
This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.
For more details, see the announcement:
https://nodejs.org/en/blog/vulnerability/january-2025-security-releases
Update the LICENSE hash for a reformatting and removal of the highlight.js license:
6ca0cfc6021dfd238781
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Fixes the following security issues:
- CVE-2024-56826: A flaw was found in the OpenJPEG project. A heap buffer
overflow condition may be triggered when certain options are specified
while using the opj_decompress utility. This can lead to an application
crash or other undefined behavior.
https://access.redhat.com/security/cve/CVE-2024-56826
- CVE-2024-56827: A flaw was found in the OpenJPEG project. A heap buffer
overflow condition may be triggered when certain options are specified
while using the opj_decompress utility. This can lead to an application
crash or other undefined behavior.
https://access.redhat.com/security/cve/CVE-2024-56827
Release notes: https://github.com/uclouvain/openjpeg/blob/v2.5.3/NEWS.md
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 3bfa5ebcbf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the Xen tools are built, a number of init scripts are installed to
the target.
Some of those Xen scripts require bash to run:
- /etc/init.d/S50xencommons
- /etc/init.d/S50xen-watchdog
- /etc/init.d/S60xendomains
- /etc/xen/scripts/launch-xenstore
- /usr/lib/xen/bin/xendomains
Make sure to select bash when the Xen tools are selected (we need to
select "busybox show others" for that, too).
Suggested-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Alistair Francis <alistair@alistair23.me>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit bf18fd4cd1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For change log since 20240927, see:
https://github.com/user-attachments/files/18117996/changes.txt
Note: the change log mention "Fix 2 critical CVE addressing memory
leaks" without providing actual CVE numbers. For reference, the
upstream commits for those security fixes are [1] and [2]. From the log
of those commits, it seems those memory leaks can only happen in old
Kernels <= 4.9 (which is end-of-life since January 2023). Technically
those leaks could happen in any program embedding the apcica code
files. The impact seems very low, if any, on the acpica standalone
tools.
[1] 987a3b5cf7
[2] 8829e70e13
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 892e1608f5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following vulnerability:
CVE-2024-56374: Potential denial-of-service vulnerability in IPv6 validation
Lack of upper bound limit enforcement in strings passed when performing IPv6
validation could lead to a potential denial-of-service attack. The
undocumented and private functions clean_ipv6_address and
is_valid_ipv6_address were vulnerable, as was the
django.forms.GenericIPAddressField form field, which has now been updated to
define a max_length of 39 characters.
The django.db.models.GenericIPAddressField model field was not affected.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The legal manifest currently stores the $(PKG)_VERSION variable.
However, that variable undergoes a set of changes so that it is
suitable for creating files and Makefile rules; that new value
is purely a technical, internal detail of how Buildroot handles
things.
In the legal manifest, we need access to the real value for the
version, as this is what will allow actual references to the
upstream package. If the version string is mangled, like slashes
replaced with underscores, this introduces ambiguities as to what
exactly the version is.
In Buildroot, there is no package, with a constant version, that
exhibits that issue; for those packages where it is possible to
set a custom git tree and version, like linux or uboot, such a
custom tree can have tags with a slash (not a colon or a space,
forbidden by git); packages in a br2-external can also use such
version strings as well.
The packages that do have such versions are not legion, but they
do exist. For example, Apache's ant buildsystem does use a slash
in their reelase tags, like rel/1.10.15:
https://github.com/apache/ant/tags
Change the legal manifest to include the actual, original value
as was set in the .mk file.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Luca Ceresoli <luca.ceresoli@bootlin.com>
Tested-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 686694792b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit d10d22221f (utils/get-developers: read patch from stdin
when it's not a tty), get-developers accepts to read a patch fromn its
stdin when it is not a tty.
Add a test for this.
Reported-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 29e1af8430)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
get-developers will check its stdin to decide whether it is a tty or
not, and behave differently whether it is or not. So, when we run the
tests, we need an actual tty.
However, when running in a CI pipeline, like on Gitlab-CI, there is no
tty available on stdin.
Fake one. We don't need anything too fancy, so just a slave pty will
suffice.
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/8830671800
Fixes: d10d22221f (utils/get-developers: read patch from stdin when
it's not a tty)
Reported-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 3778f704cd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following vulnerabilities:
- CVE-2024-50349:
Printing unsanitized URLs when asking for credentials made the
user susceptible to crafted URLs (e.g. in recursive clones) that
mislead the user into typing in passwords for trusted sites that
would then be sent to untrusted sites instead.
- CVE-2024-52006
Git may pass on Carriage Returns via the credential protocol to
credential helpers which use line-reading functions that
interpret said Carriage Returns as line endings, even though Git
did not intend that.
For more details, see the announcement:
https://lore.kernel.org/git/xmqq5xmh46oc.fsf@gitster.g/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release fixing regressions in 3.4.0:
- fixed handling of -H flag with conflict in internal flag values
- fixed a use after free in logging of failed rename
- fixed build on systems without openat()
- removed dependency on alloca() in bundled popt
For more details, see:
https://download.samba.org/pub/rsync/NEWS#3.4.1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 593755f527)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release note:
https://download.samba.org/pub/rsync/NEWS#3.4.0
Fixes the following vulnerabilities:
CVE-2024-12084: Heap Buffer Overflow in Rsync due to Improper Checksum
Length Handling
Description: A heap-based buffer overflow flaw was found in the rsync
daemon. This issue is due to improper handling of attacker-controlled
checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the
fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the
sum2 buffer.
CVE-2024-12085: Info Leak via Uninitialized Stack Contents
Description: A flaw was found in the rsync daemon which could be triggered
when rsync compares file checksums. This flaw allows an attacker to
manipulate the checksum length (s2length) to cause a comparison between a
checksum and uninitialized memory and leak one byte of uninitialized stack
data at a time.
CVE-2024-12086: Rsync Server Leaks Arbitrary Client Files
Description: A flaw was found in rsync. It could allow a server to
enumerate the contents of an arbitrary file from the client's machine. This
issue occurs when files are being copied from a client to a server. During
this process, the rsync server will send checksums of local data to the
client to compare with in order to determine what data needs to be sent to
the server. By sending specially constructed checksum values for arbitrary
files, an attacker may be able to reconstruct the data of those files
byte-by-byte based on the responses from the client.
CVE-2024-12087: Path Traversal Vulnerability in Rsync
Description: A path traversal vulnerability exists in rsync. It stems from
behavior enabled by the `--inc-recursive` option, a default-enabled option
for many client options and can be enabled by the server even if not
explicitly enabled by the client. When using the `--inc-recursive` option,
a lack of proper symlink verification coupled with deduplication checks
occurring on a per-file-list basis could allow a server to write files
outside of the client's intended destination directory. A malicious server
could write malicious files to arbitrary locations named after valid
directories/paths on the client.
CVE-2024-12088: --safe-links Option Bypass Leads to Path Traversal
Description: A flaw was found in rsync. When using the `--safe-links`
option, rsync fails to properly verify if a symbolic link destination
contains another symbolic link within it. This results in a path traversal
vulnerability, which may lead to arbitrary file write outside the desired
directory.
CVE-2024-12747: Race Condition in Rsync Handling Symbolic Links
Description: A flaw was found in rsync. This vulnerability arises from a
race condition during rsync's handling of symbolic links. Rsync's default
behavior when encountering symbolic links is to skip them. If an attacker
replaced a regular file with a symbolic link at the right time, it was
possible to bypass the default behavior and traverse symbolic links.
Depending on the privileges of the rsync process, an attacker could leak
sensitive information, potentially leading to privilege escalation.
For more details, see the advisory:
https://www.openwall.com/lists/oss-security/2025/01/14/3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Julien: add link to release note]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 017d74c943)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_ARCH_NEEDS_GCC_AT_LEAST_X guards has been introduced by [1] to
prevent selecting an external toolchain that did not support the GCC
arch tuning the user had selected.
But it was not changed while updating to version 13.2-rel1.
Fixes: 50ae5ea963
[1] eed1670d8a
Cc: Antoine Coutant <antoine.coutant@smile.fr>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 7ffc6ae7d9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_ARCH_NEEDS_GCC_AT_LEAST_X guards has been introduced by [1] to
prevent selecting an external toolchain that did not support the GCC
arch tuning the user had selected.
But it was not changed while updating to version 13.2-rel1.
Fixes: 7b4b3c2c78
[1] eed1670d8a
Cc: Antoine Coutant <antoine.coutant@smile.fr>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 2999677233)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_ARCH_NEEDS_GCC_AT_LEAST_X guards has been introduced by [1] to
prevent selecting an external toolchain that did not support the GCC
arch tuning the user had selected.
But it was not updated while updating to version 13.2-rel1.
Fixes: 0dd599d171
[1] eed1670d8a
Cc: Antoine Coutant <antoine.coutant@smile.fr>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 203abefcf6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Usually, ubxtool, a python-based tool to drive u-blox devices, connects
to a gpsd instance and delegates to it the responsibility to write to
and read from the actual device. This is sane, because a serial device
can only be opened once, and if gpsd is running, it has that device
open.
However, in some cases, ubxtool can be used to directly talk to the
device, to pre-configure it before gpsd runs, or even in the absence of
gpsd altogether. This is not used very often, except when setting up an
RTK base, where gpsd is not needed.
In that case, ubxtool will directly talk to the serial device. It uses
the pyserial python module. Since this is not the traditional way to
talk to the device, failure to import the module is ignored, and the
error reporting is deferred until it is actually needed, which is why we
did not catch the issue earlier. See [1] and [2].
Fixes: f3ef0723cf (package/gpsd: enable python support and modules)
[1] https://gitlab.com/gpsd/gpsd/-/blob/release-3.25/clients/ubxtool.py.in#L47
[2] https://gitlab.com/gpsd/gpsd/-/blob/release-3.25/gps/gps.py.in#L36
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Bernd Kuhls <bernd@kuhls.net>
[Julien: add link to described code portion]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 5d2f3737a1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libxcrypt has been added as a replacement for the libcrypt
implementation that was part of glibc, but dropped from glibc starting
from version 2.39.
However, libxcrypt was made available for all C libraries, and this is
unfortunately causing some problems as it can clash with the libcrypt
implementation provided by the C library.
In particular, linux-pam has been consistently failing with uclibc, in
BR2_PER_PACKAGE_DIRECTORIES=y builds, with the following build
failure:
opasswd.c: In function 'compare_password':
opasswd.c:133:27: error: invalid application of 'sizeof' to incomplete type 'struct crypt_data'
What happens is relatively tricky, but let's try to break it down:
- uclibc-ng install a stub libcrypt.a (no shared variant, as for
shared libraries, everything is in libc.so), and crypt.h
- libxcrypt installs libcrypt.so.* and crypt.h
So there is no "clash" on the library itself, but there is a clash on
the header file.
Since we're using BR2_PER_PACKAGE_DIRECTORIES=y, when building
linux-pam, we are creating the per-package STAGING_DIR by copying the
STAGING_DIR of linux-pam dependencies, i.e both the libxcrypt
STAGING_DIR and the uclibc-ng STAGING_DIR. But the latter ends up
being copied last, which means that at the end of the day, we have in
the per-package STAGING_DIR of linux-pam:
- The libcrypt.so from libxcrypt
- The crypt.h header from uclibc-ng
- The libcrypt.a from uclibc-ng
When the ./configure script of linux-pam tests whether the library has
crypt_r(), it concludes that yes it's available: and indeed
libcrypt.so from libxcrypt has it.
So it tries to use 'struct crypt_data' and 'crypt_r()', but those are
not supported in uClibc-ng, and so cannot be found in the <crypt.h>
header. So even if the ./configure script and the linux-pam code has
some logic to fallback to crypt() if crypt_r() isn't available, this
fallback doesn't trigger because the installed libcrypt.so does have
crypt_r().
Basically what happens is that uclibc-ng + libxcrypt is a combo that
violates a golden rule of our BR2_PER_PACKAGE_DIRECTORIES=y
implementation: packages shouldn't overwrite files from each other.
To avoid this situation, we make libxcrypt only installable on
glibc. This isn't a problem because as of today, BR2_PACKAGE_LIBXCRYPT
is always selected "if BR2_TOOLCHAIN_USES_GLIBC".
It should be noted though that the case of an older glibc (which still
had its own internal libcrypt) + libxcrypt continues to exist. It's
less likely to cause trouble though, as the libcrypt implementations
are much more similar.
Fixes:
http://autobuild.buildroot.net/results/560f66b0311d02dc884732221d6870ae3c38067c/
Note: we do not add a Config.in comment for this glibc dependency,
because libxcrypt really is a "replacement" library to fill in the
void left by libcrypt's removal from glibc. There isn't realy a point
showing "libxcrypt needs a toolchain w/ glibc", because with musl or
uclibc-ng, the libcrypt functionality is directly part of the C
library.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 5c0a91f729)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We are seeing build issues with linux-pam in the autobuilders such as:
md5_crypt.c: In function 'Goodcrypt_md5':
md5_crypt.c:145:13: error: implicit declaration of function 'asprintf'; did you mean 'vsprintf'? [-Wimplicit-function-declaration]
145 | if (asprintf(&passwd, "%s%.*s$%s", magic, sl, sp, buf) < 0)
| ^~~~~~~~
| vsprintf
This is due to the fact that <stdio.h> gets included without
_GNU_SOURCE being defined, and so the prototype of asprintf() is not
accessible, at least with uclibc-ng.
The _GNU_SOURCE definition is properly in linux-pam's config.h, but
config.h doesn't get properly included first everywhere. This issue
has been fixed upstream in the mean time, so we simply backport the
upstream patch.
Fixes:
http://autobuild.buildroot.net/results/49b190b3fbae3cdca4c7a08b3ab5100a937ede9e/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 001e777d50)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Buildroot commit
1f4b4ccde7 ("package/opensc: security
bump to version 0.26.0") bumped opensc from 0.24 to 0.26, and the
build started failing with:
pkcs11-tool.c:7854:45: warning: implicit declaration of function 'EVP_bf_cbc'; did you mean 'EVP_sm4_cbc'? [-Wimplicit-function-declaration]
on configurations that have BR2_PACKAGE_LIBOPENSSL_ENABLE_BLOWFISH
disabled (it is not explicitly selected by this package).
Our initial fix was to simply select
BR2_PACKAGE_LIBOPENSSL_ENABLE_BLOWFISH, but when investigating when
EVP_bf_cbc() started being used in OpenSC, we discovered it has been
in use for a while... but in code that kept being disabled from
version to version as it was broken (upstream bug
https://github.com/OpenSC/OpenSC/issues/1796), but it was apparently
forgotten to be disabled again for 0.26 (the issue is still
open). Therefore, we opted to continue disabling this known broken
part of the code, and submit an upstream PR for that
https://github.com/OpenSC/OpenSC/pull/3303, which ultimately will
clarify what is the right fix.
In the mean time, this allows to fix the build issue.
Fixes:
http://autobuild.buildroot.net/results/ca51b3e8e3ac83e2a69814caa84d9862385b956f/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 5d7ab604d2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit 9c0c7846cd (support/dependencies: don't check for python
on the host), we no longer check for a host python interpreter installed
on the system.
Drop the comment in support/dependencies/check-host-python3.sh, as it is
now confusing.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 3722998a3d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit ed12e2fbed (package/libvirt: add lxc and qemu options)
introduced the definition of the 'qemu' user when the libvirt daemon
is enabled, but unconditionally uses that user in its permissions
table.
When enabling libvirt without its qemu support, for example with the
commands:
cat <<EOF >.config
BR2_aarch64=y
BR2_PACKAGE_LIBVIRT=y
BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV=y
BR2_TARGET_ROOTFS_EXT2=y
BR2_TOOLCHAIN_EXTERNAL=y
EOF
make olddefconfig
make
The build fails with output:
>>> Generating filesystem image rootfs.ext2
...
makedevs: unknown user name: qemu
Move the permissions needing the 'qemu' user under the same condition
the 'qemu' user is defined under. It means that a few permissions
needing root must also be moved, as they belong under a directory
needing the 'qemu' user. It also moves a few qemu-related permissions
introduced in that same commit. The list of qemu permissions is
reordered alphabetically (the others are left unchanged).
Of course, it also requires that the qemu-related directory and symlink
be moved under the same condition as well.
Reported-by: Alessandro <alex@0x65c.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Jared Bents <jared.bents@rockwellcollins.com>
[Julien: add the commands to reproduce the issue]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit da9adec149)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It is very common to use the output of get-developers to add cc: lines
in the commit log.
Add an option so that get-developers reports Cc: lines ready to be
pasted in a commit log. That new option behaves similarly to the
existing -e option: it only affects the output when parsing a patch.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Julien Olivain <ju.o@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 717f1fdaeb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The list of reported developers is not ordered: that may leave the
impression (when receiving a patch) that a Cc is more important than
another, by virtue of being earlier in the list.
Also, the ordering changes on every call.
Report the developers in an alphabetically order, so that there is no
confusion anymore, and so the ordering is reproducible across calls.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 3177ecd260)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It is very common that get-developers be used with its stdin a pipe from
git-show:
git show |./utils-get-developers -
In this case, the '-' is superfluous: we can very easily deduce that the
user wants to read stdin as the patch.
So, if no other action was requested, and stdin is not a tty, use it as
the source of the patch, and thus '-' is then no longer required.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit d10d22221f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
parser.error() reports a nice error message, that also displays a short
reminder of the available options.
Adapt the test-suite accordingly: previously, the error string was an
exact string in the stdout list, while it now is a substring in one of
the strings in stderr. The exit code changes, too.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Julien Olivain <ju.o@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 35f381b93e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Offloading parser.parse_args() to a helper function does not bring much,
if at all; it even is restrictive: indeed, we can't use parser.error()
to report errors and thus have to resort to a canned print+return
sequence...
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit cdcb3f56e8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The variable <pkg>_LINUX_CONFIG_FIXUPS defined in the
cryptodev-linux... has no effect. Indeed, the variable is only named
CRYPTODEV_LINUX_CONFIG_FIXUPS.
But the variable name being <pkg>_LINUX_CONFIG_FIXUPS and the package
name being CRYPTODEV_LINUX, the correct variable name is
CRYPTODEV_LINUX_LINUX_CONFIG_FIXUPS.
Prior to this commit, a configuration with cryptodev-linux enabled
would result in:
$ make VARS=PACKAGES_LINUX_CONFIG_FIXUPS printvars
$
Aka, empty, while PACKAGES_LINUX_CONFIG_FIXUPS collects in
package/pkg-generic.mk the value of the <pkg>_LINUX_CONFIG_FIXUPS
variables from all enabled packages.
With this patch applied:
$ make VARS=PACKAGES_LINUX_CONFIG_FIXUPS printvars
PACKAGES_LINUX_CONFIG_FIXUPS= @if ! grep -q '^CONFIG_CRYPTO=[my]' /; then /usr/bin/sed -i -e '/^\(# \)\?CONFIG_CRYPTO\>/d' / && echo 'CONFIG_CRYPTO=y' >> /; fi
@if ! grep -q '^CONFIG_CRYPTO_USER_API_AEAD=[my]' /; then /usr/bin/sed -i -e '/^\(# \)\?CONFIG_CRYPTO_USER_API_AEAD\>/d' / && echo 'CONFIG_CRYPTO_USER_API_AEAD=y' >> /; fi
$
As one would expect.
Fixes: 4b12336d1f ("package/cryptodev-linux: needs CONFIG_CRYPTO_USER_API_AEAD")
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 9114d48b31)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pixman fails to build with -Og or -O3 due to forced inlining
statements:
pixman-combine-float.c:370:5: error: inlining failed in call to 'always_inline' 'combine_soft_light_c': function not considered for inlining
The first occurence in the autobuilders is on May 12, 2024, but the
problem already existed before as we haven't updated pixman in a long
time. Therefore, the issue started occurring because we started
testing more random configurations.
Fixes:
https://autobuild.buildroot.org/results/2f3df7961b3181d9eef79893439ae7ebbe4415ad/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 696de595e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Setting CONFIG_VIDEO_DEV is no sufficient as drivers/media/Kconfig has
some very convoluted logic to hide some options behind a
CONFIG_MEDIA_SUPPORT_FILTER option, unless CONFIG_EXPERT is
enabled. Due to this, several arch defconfigs don't have
CONFIG_VIDEO_DEV enabled when doing $(call
KCONFIG_ENABLE_OPT,CONFIG_VIDEO_DEV).
To fix this, we enable one of the possible options that ensures
CONFIG_VIDEO_DEV is enabled, and we've more or less arbitrarily chosen
CONFIG_MEDIA_CAMERA_SUPPORT.
Fixes:
http://autobuild.buildroot.net/results/2a337d29e7870564027bcd42bd0addd228eb6a24/
We've tried to track down which kernel version introduced this
exactly, but it's been introduced a while ago and step by step making
it difficult to pin-point which version version exactly introduced
this. But the issue has been appearing for quite some time in the
autobuilders, so it's clearly not a recent issue.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 75d418b59d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
HOST_CFLAGS and HOST_LDFLAGS are currently not accounted for when
building host-perl. In particular, it means that executables
built/installed by host-perl do not have a RPATH pointing to
HOST_DIR/lib, which can cause issues as libcrypt.so can now be
provided by host-libxcrypt.
This was causing check-host-rpath to complain in the situation where:
1. host-perl was built, with no RPATH, linked against the system
libcrypt.so
2. host-libxcrypt was built afterwards, installed as
HOST_DIR/lib/libcrypt.so, which made check-host-rpath complain as
HOST_DIR/bin/perl is linked against a library present in
HOST_DIR/lib but doesn't have a RPATH to HOST_DIR/lib
Fixes:
http://autobuild.buildroot.net/results/d4348d7f872ccd734795a1d071960a696148ed6a/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 65127a8a77)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The handling of BR2_LINUX_KERNEL_USE_ARCH_DEFAULT_CONFIG is currently
not doing a proper job: it is selecting ppc64le_defconfig if
BR2_powerpc64le, and using the default of "defconfig" for everything
else.
However:
- Since upstream commit 22f17b02f88b48c01d3ac38d40d2b0b695ab2d10,
which landed in Linux 6.8, the default defconfig is
ppc64le_defconfig and no longer ppc64_defconfig. This means that
despite the condition in linux.mk, we are in fact now always
building ppc64le_defconfig.
- It doesn't handle the 32-bit case, as a 64-bit defconfig gets used
by default. This causes build failures in the autobuilders.
To fix this we explicitly handle BR2_powerpc64le, BR2_powerpc64 and
BR2_powerpc, and use appropriate defconfigs for each case.
Fixes:
http://autobuild.buildroot.net/results/c15eaf2e7455aa265cc045e6d8be7cac5348d925/ (powerpc)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 82326a3d83)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 13250bf4aa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since procps-ng was bumped from 3.3.17 to 4.0.4 in commit
d79f40dbbe ("package/procps-ng: security
bump to version 4.0.4"), the build has been failing on !wchar
configurations with:
src/ps/output.c:68:10: fatal error: wctype.h: No such file or directory
68 | #include <wctype.h>
| ^~~~~~~~~~
compilation terminated.
The problematic code has been added by upstream commit
605ea4a8f7,
which landed in upstream release v4.0.0.
To solve this, we simply add a BR2_USE_WCHAR dependency, and update
the comment related to this dependency on the only reverse dependency
of procps-ng.
Fixes:
http://autobuild.buildroot.net/results/afc035e866bec6f2c14f9d52fa74a9c1897706de/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit f6fe892141)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a basic test for Xvisor RISC-V 64bit. It is running few
management and status commands. It does not start a Linux kernel.
RISC-V 64bit was chosen for this test because it was the simplest
solution to run xvisor in a qemu emulator.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e14380b3c4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building on a s390x host, we currently end up with:
output/host/lib
output/host/lib32 -> lib
output/host/lib64
host-libopenssl installs to lib64, but since the kernel build doesn't
explicitly search there, it breaks:
>>> linux 6.6.32 Building
[...]
HOSTCC scripts/sign-file
/usr/bin/ld: cannot find -lcrypto: No such file or directory
collect2: error: ld returned 1 exit status
Fix this by creating a lib64 link instead of lib32, so we get:
output/host/lib
output/host/lib64 -> lib
Signed-off-by: Reza Arbab <arbab@linux.ibm.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 66a5f9bc74)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In commit
a9aa11544a ("package/qt6/qt6svg:
backport fix for CVE-2023-32573"), a fix for security issue
CVE-2023-32573 was added to qt6svg, with the appropriate
QT6SVG_IGNORE_CVES entry.
However, all CVEs against Qt are reported by the NVD on the qt:qt
vendor/product CPE. For example:
https://nvd.nist.gov/vuln/detail/CVE-2023-32573
Therefore, the QT6SVG_IGNORE_CVES entry added has no effect, and
CVE-2023-32573 continues to be reported against our qt6base package.
The only reasonable option is to collect all such CVE ignore entries
for Qt modules into the qt6base package, which is the one that matches
with the qt:qt CPE identifier. This commit does just that, with an
hopefully appropriate comment in qt6base.mk that explains what's going
on.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 4009842cba ("package/qt6/qt6base:
backport fix for CVE-2023-51714") brought in a fix for CVE-2023-51714,
but got the QT6BASE_IGNORE_CVES update wrong, due to a copy/paste
error with the previous QT6BASE_IGNORE_CVES entry. Due to this
CVE-2023-51714 is still reported as affecting qt6base, while the
security fix is already there.
Fixes: 4009842cba ("package/qt6/qt6base: backport fix for CVE-2023-51714")
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
CVE-2022-33065: Multiple signed integers overflow in function au_read_header
in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in
Libsndfile, allows an attacker to cause Denial of Service or other
unspecified impacts.
CVE-2024-50612: libsndfile through 1.2.2 has an ogg_vorbis.c
vorbis_analysis_wrote out-of-bounds read.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit e675ffd964)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2023-49582: Lax permissions set by the Apache Portable Runtime
library on Unix platforms would allow local users read access to named
shared memory segments, potentially revealing sensitive application data.
This issue does not affect non-Unix platforms, or builds with
APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR
version 1.7.5, which fixes this issue.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit a60c38b381)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes build error
/home/buildroot/buildroot/output/build/wpewebkit-2.44.4/Source/WTF/wtf/StackBounds.cpp: In static member function 'static WTF::StackBounds WTF::StackBounds::newThreadStackBounds(WTF::PlatformThreadHandle)':
/home/buildroot/buildroot/output/build/wpewebkit-2.44.4/Source/WTF/wtf/StackBounds.cpp:117:5: error: 'pthread_getattr_np' was not declared in this scope; did you mean 'pthread_attr_t'?
117 | pthread_getattr_np(thread, &sattr);
using this defconfig (and libvpx bump to 1.15.0 reverted)
BR2_arm=y
BR2_TOOLCHAIN_BUILDROOT_UCLIBC=y
BR2_TOOLCHAIN_BUILDROOT_WCHAR=y
BR2_PTHREADS=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y
BR2_PER_PACKAGE_DIRECTORIES=y
BR2_PACKAGE_RPI_USERLAND=y
BR2_PACKAGE_LIBGTK3=y
BR2_PACKAGE_WPEWEBKIT=y
A backport of this patch should be considered because the code is
present since 2011:
03f678fac7/Source/WTF/wtf/StackBounds.cpp (L117)
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 9f4a95e5c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes build error
/home/buildroot/buildroot/output/build/webkitgtk-2.44.2/Source/WTF/wtf/StackBounds.cpp: In static member function 'static WTF::StackBounds WTF::StackBounds::newThreadStackBounds(WTF::PlatformThreadHandle)':
/home/buildroot/buildroot/output/build/webkitgtk-2.44.2/Source/WTF/wtf/StackBounds.cpp:117:5: error: 'pthread_getattr_np' was not declared in this scope; did you mean 'pthread_attr_t'?
117 | pthread_getattr_np(thread, &sattr);
using this defconfig (and libvpx bump to 1.15.0 reverted)
BR2_arm=y
BR2_TOOLCHAIN_BUILDROOT_UCLIBC=y
BR2_TOOLCHAIN_BUILDROOT_WCHAR=y
BR2_PTHREADS=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y
BR2_PER_PACKAGE_DIRECTORIES=y
BR2_PACKAGE_XORG7=y
BR2_PACKAGE_RPI_USERLAND=y
BR2_PACKAGE_LIBGTK3=y
BR2_PACKAGE_WEBKITGTK=y
A backport of this patch should be considered because the code is
present since 2011:
03f678fac7/Source/WTF/wtf/StackBounds.cpp (L117)
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 054e5c4d22)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes build error
-- Could NOT find LibDRM (missing: LibDRM_INCLUDE_DIR LibDRM_LIBRARY)
CMake Error at Source/cmake/OptionsGTK.cmake:320 (message):
libdrm is required for USE_LIBDRM
Call Stack (most recent call first):
Source/cmake/WebKitCommon.cmake:237 (include)
CMakeLists.txt:21 (include)
with this defconfig:
BR2_arm=y
BR2_TOOLCHAIN_BUILDROOT_UCLIBC=y
BR2_TOOLCHAIN_BUILDROOT_WCHAR=y
BR2_PTHREADS=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y
BR2_PER_PACKAGE_DIRECTORIES=y
BR2_PACKAGE_XORG7=y
BR2_PACKAGE_RPI_USERLAND=y
BR2_PACKAGE_LIBGTK3=y
BR2_PACKAGE_WEBKITGTK=y
due to libdrm being enabled by default:
f736325e66/Source/cmake/OptionsGTK.cmake (L59)
This is a port of buildroot commit 65f8174648
for the wpewebkit package, quoting its commit message:
Pass USE_LIBDRM=OFF to the wpewebkit CMake configuration step when the
libdrm package has not been selected.
WPE WebKit can be built without libdrm support, and it will still work
with backends that use other platform-specific methods to handle
graphics buffers and/or presenting content onto an output. For example
this is the case with wpebackend-rdk configured to use rpi-userland,
which uses dispmanx to produce the output instead of DRM/KMS.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 865457e762)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit adds a patch, which is already in Debian, fixing the build
with gcc 14.x:
/home/autobuild/autobuild/instance-7/output-1/build/host-cdrkit-1.1.11/genisoimage/genisoimage.c:1509:17: error: implicit declaration of function 'parse_checksum_algo' [-Wimplicit-function-declaration]
1509 | if (parse_checksum_algo(optarg, &checksum_algo_iso))
| ^~~~~~~~~~~~~~~~~~~
make[3]: *** [genisoimage/CMakeFiles/genisoimage.dir/build.make:76: genisoimage/CMakeFiles/genisoimage.dir/genisoimage.o] Error 1
Fixes:
http://autobuild.buildroot.net/results/a9cca8da22774ecafdbb382697aae71f78e348f4/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0a0de4d86c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2024-53907: Potential denial-of-service in
django.utils.html.strip_tags()
The strip_tags() method and striptags template filter are subject to a
potential denial-of-service attack via certain inputs containing large
sequences of nested incomplete HTML entities.
CVE-2024-53908: Potential SQL injection in HasKey(lhs, rhs) on Oracle
Direct usage of the django.db.models.fields.json.HasKey lookup on Oracle is
subject to SQL injection if untrusted data is used as a lhs value.
Applications that use the jsonfield.has_key lookup through the __ syntax are
unaffected.
https://www.djangoproject.com/weblog/2024/dec/04/security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes:
https://lists.gnu.org/archive/html/bug-wget/2024-11/msg00002.html
Fixes the following vulnerabilities:
- CVE-2024-38428: url.c in GNU Wget through 1.24.5 mishandles semicolons in
the userinfo subcomponent of a URI, and thus there may be insecure
behavior in which data that was supposed to be in the userinfo
subcomponent is misinterpreted to be part of the host subcomponent.
https://nvd.nist.gov/vuln/detail/CVE-2024-38428
- CVE-2024-10524: Applications that use Wget to access a remote resource
using shorthand URLs and pass arbitrary user credentials in the URL are
vulnerable. In these cases attackers can enter crafted credentials which
will cause Wget to access an arbitrary host.
https://www.openwall.com/lists/oss-security/2024/11/18/6
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 295b2c4f8e)
[Peter: mark as security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the
mapped IPv4 address value for deciding properties. Properties which have
their behavior fixed are is_multicast, is_reserved, is_link_local,
is_global, and is_unspecified.
https://github.com/python/cpython/issues/122792
CVE-2024-9287, gh-124651: Properly quote template strings in venv activation
scripts.
https://github.com/python/cpython/issues/124651
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.22.9 (released 2024-11-06) includes fixes to the linker.
go1.22.10 (released 2024-12-03) includes fixes to the runtime and the
syscall package.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The lmbench package (largely unmaintained upstream, last release in
2006) uses a home-grown build system. The scripts/build script sets
LDLIBS to -lm and Buildroot's makefile changes that to:
LDLIBS+=-lm
Except that when Buildroot passes LDLIBS="`$(PKG_CONFIG_HOST_BINARY)
--libs libtirpc`", the LDLIBS variable ends up being equal to:
-ltirpc-lm
Yes, without any space between -ltirpc and -lm.
Due to this, the checks in scripts/build that use ${LDLIBS} all fail,
and in particular the test that checks when socklen_t is a known type
fails, causing lmbench to provide its own definition, which clashes
with the C library headers definition, and therefore causing build
failures such as:
bench.h:81:13: error: conflicting types for 'socklen_t'; have 'int'
This commit fixes that by adjusting scripts/build using a patch to
properly allow passing additional ${LDLIBS} value, with the needed
space to separate the value from -lm.
Fixes:
http://autobuild.buildroot.net/results/f1715de95b46a1d08143e529bd4574bc7dbcfb3e/
We have been unable to determine exactly when this issue was
introduced. The first build failure we could find is the one
referenced above, which dates back from Aug 19, 2024. Since this date,
lmbench has been consistently failing on a very regular
basis. However, prior to Aug 19, 2024, the previous failure was from
December 2022, and was unrelated. It is unclear what changed in Aug
2024 to cause this issue to surface. The one thing that changed right
before commit ce3dedc2 (first failing commit) are changes to
genrandconfig, which ensures all autobuilders now generated fully
random configurations instead of configurations based on a
well-defined list of arch/toolchain configurations. But even with
this, this lmbench issue should have appeared earlier, and we have
been unable to find a scientific explanation.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 80f25d4706)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The android-tools code base uses the __b64_pton() function, which
isn't provided by all C libraries. So the Debian patch
debian/patches/add_adbd.patch adds an implementation of b64_pton(),
but doesn't actually use it, nor defines a prototype for it. Our
existing patch 0003-Fix-build-issue-with-uclibc.patch switches the
code to use the b64_pton() function... but still without providing a
prototype, causing the following build failures with GCC >= 14.x:
adb_auth_client.c:75:15: error: implicit declaration of function 'b64_pton'
To fix this, we rework 0003-Fix-build-issue-with-uclibc.patch into a
patch that:
(1) Renames b64_pton() to adb_b64_pton() to make sure it won't clash
with implementations provided by some C libraries, and adjusts
the call sites accordingly.
(2) Adds a prototype definition of adb_b64_pton() in places where
this function is used.
Fixes:
http://autobuild.buildroot.net/results/b25b25337c7ad89c33f8bd20b646850bd993ec53ae9/
Even though GCC 14.x support was merged in Buildroot in May 2024, this
particular b64_pton() only started appearing on July 15 2024, with the
first occurrence being:
http://autobuild.buildroot.net/results/1cbe87bbe3c56f28444b3aaba1ba1d05f947d36e/
Indeed, it's not before July 15 2024 that we merged commit
d201f2f5cd ("package/android-tools: add
patches to fix build with GCC 14.x"), which fixed other GCC 14.x
issues, which were hiding this b64_pton() problem.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 1eec67d164)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The kernel headers on mips64 and powerpc64 were historically "broken",
defining u64 as an "unsigned long" instead of "unsigned long
long". This has been fixed in the upstream Linux kernel by introducing
the __SANE_USERSPACE_TYPES__ definition.
Our commit a2e178d6b4 ("android-tools:
disable on some architecture with old kernel headers") already
disabled building fastboot on powerpc64 and mips64 systems that have
too old kernel headers. However, it turns out that even with the new
kernel headers, there are build issues because
__SANE_USERSPACE_TYPES__ isn't defined everywhere it should be in the
android-tools code base. The Debian patche
debian/patches/ppc64el-ftbfs.patch adds some definitions, but it's
missing one file, and in another the definition comes too late.
This commit adds an extra patch that fixes this up, and makes fastboot
build properly on mips64 and powerpc64.
Fixes:
http://autobuild.buildroot.net/results/8528ff876e695f79bdfe64f5330d9d51eeef66cb/ (powerpc64)
http://autobuild.buildroot.net/results/36ac6af73b618c28d1636093da333f7ebd9d6cfe/ (mips64)
This issue has been occurring as far as Feb 2021, with the first
occurence apparently being:
http://autobuild.buildroot.net/results/d9521b4bfeafb1140c21745dbfe28d476a9b71ec/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit ee65a2119a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This will make it easier to modify the patch series moving forward. No
functional changes.
On one patch, we added the SoB from Giulio, which was missing. Giulio
was the original contributor of the patch, and nobody touched it since
it was introduced.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 3ee745782a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
losetup -f returns the next free loop device, which may not be
/dev/loop0. If you blindly follow the readmy you may end up destroying
an existing device.
Make it more robust with a variable to store the loop device.
Signed-off-by: Cherniaev Andrei <dungeonlords789@naver.com>
[Arnout: keep the actual losetup atomic]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 7dd56b6cd9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
nfs-utils configure script uses "systemd-escape" to determine the
rpc_pipefs mount point unit name in the non-default case.
If the host build system has no systemd this will silently result in an
empty name, causing rpc_pipefs.target to incorrectly depend on ".mount".
Fix that by depending on host-systemd for build.
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Acked-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 4c9b13b8dd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As it happens, I am unable to keep maintaining those entries, and it is
misleading to others about whether they should Cc me on their changes.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 773a89d414)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When halting the boot process in u-boot, the 'usb start' command does not
automatically run. Since the SD card is connected over a USB to SD card
bridge on the kd240 and kr260 boards, the readme.txt instructions should
document that the 'usb start' command needs to be manually enterred when
following the reflashing instructions. Otherwise, the command to read the
boot.bin and u-boot.itb files from the SD card will fail.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit e02e59d124)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8.5.5 fixes the following security issues:
- CVE-2024-31948: bgpd: Fix error handling when receiving BGP Prefix SID
attribute
ba6a8f1a31
- CVE-2024-31950: ospfd: Solved crash in RI parsing with OSPF TE
f69d1313b1
- CVE-2024-31951: ospfd: Correct Opaque LSA Extended parser
5557a289ac
8.5.6 fixes the following security issues:
- CVE-2024-44070: bgpd: Check the actual remaining stream length before taking TLV value
0998b38e4d
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The mosquitto runtime test can randomly fail on slow
runners, see [1].
This commit improves this test in the following ways:
- the mosquitto_sub subscriber process is now started in a subshell
to suppress the job control messages (to prevent any spurious
messages when the job stops),
- the standard error is redirected to /dev/null, to prevent the
printing of any messages,
- the mosquitto_pub publisher process is started later, by increasing
the sleep time,
- finally, a new sleep time is introduced between the mosquitto_pub
publisher process and the check of the mosquitto_sub subscriber, to
make sure it will have time to write its output and exit.
Fixes: [1]
[1] https://gitlab.com/buildroot.org/buildroot/-/jobs/8453386454
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 07a444d088)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Host bmap-tools runs using host-python3, but did not select it,
leading to the confusing situation that BR2_PACKAGE_HOST_PYTHON3=n
even though it was built and working.
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit dbb019db73)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 29409c9d34 ("package/systemd: fix
build with recent kernels") added a patch from upstream that adds the
BCACHEFS_SUPER_MAGIC definition if not provided by the kernel headers.
However, this commit from upstream was bogus: in the case
BCACHEFS_SUPER_MAGIC was defined, it does an assert_cc() to verify
that the value matches what we expect, but this assert_cc() statement
lacks the final semi-colon, causing build breakage on host systems
that do have BCACHEFS_SUPER_MAGIC defined in their kernel headers,
with a weird error occuring in another header file... because only the
next statement after assert_cc() was considered as having a syntax
error.
Fixes:
http://autobuild.buildroot.net/results/9f99a97df2efd5e4ae4ad5cc5882607f0c8766bc/
This issue only exists in 2024.02.x at this point, because in master
we have moved to systemd 256.x, which has dropped entirely this piece
of code related to defining BCACHEFS_SUPER_MAGIC (and we wonder how
systemd can then build with slightly older kernel headers, as
BCACHEFS_SUPER_MAGIC is only in the public kernel headers since Linux
6.10).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This test started failing at commit
0cad947b96
"support/testing/infra/emulator.py: fix qemu prompt detection" with the
error message
AttributeError: 'NoneType' object has no attribute 'run_command'
This is because we changed emulator.run() so that emulator.login() must
be called first. But this test skips the login and goes directly to a
shell. Use the new emulator.connect_shell() function which prepares the
shell without logging in.
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5ed1fab018)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The TestInitSystemNone bypasses the normal init and instead launches
directly into a shell. So it needs to bypass the login code and go
directly to a shell.
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 95e1043013)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Asaf has privately requested to be removed from the DEVELOPERS file as
he will no longer be contributing to Buildroot in the forseeable
future.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 353a37b04d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The rootfs partition is the first partition, not the second one: the
Grub configuration file already contains root=/dev/sda1 by default,
and it should be changed to root=/dev/vda1 if Qemu emulation is used.
Signed-off-by: Cherniaev Andrei <dungeonlords789@naver.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9e3d572ff5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The systemd service deployed to the target is derived from an example
hardcoded for the /usr/local/sbin/ path, but we install sshguard at
/usr/sbin/. Thus, by default we get this error message:
$ journalctl -b -u sshguard.service -f
systemd[1]: Started SSHGuard - blocks brute-force login attempts.
(sshguard)[612]: sshguard.service: Unable to locate executable '/usr/local/sbin/sshguard': No such file or directory
(sshguard)[612]: sshguard.service: Failed at step EXEC spawning /usr/local/sbin/sshguard: No such file or directory
systemd[1]: sshguard.service: Main process exited, code=exited, status=203/EXEC
systemd[1]: sshguard.service: Failed with result 'exit-code'.
systemd[1]: sshguard.service: Scheduled restart job, restart counter is at 5.
systemd[1]: sshguard.service: Start request repeated too quickly.
systemd[1]: sshguard.service: Failed with result 'exit-code'.
systemd[1]: Failed to start SSHGuard - blocks brute-force login attempts.
Fix up the path in the service after the $(INSTALL) command has run.
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 750d0e377d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch fixes a regression [1] introduced in ntpd 4.2.8p18 [2].
ntpd[200]: Listen normally on 3 lo [::1]:123
ntpd[200]: bind(20) AF_INET6 [fe80::bf3d:254d:dee0:d345%3]:123 flags 0x811 failed: Cannot assign requested address
ntpd[200]: unable to create socket on enp0s3 (4) for [fe80::bf3d:254d:dee0:d345%3]:123
ntpd[192]: daemon control: got EOF
ntpd[192]: daemon child died with signal 11
systemd[1]: ntpd.service: Control process exited, code=exited, status=70/SOFTWARE
systemd[1]: ntpd.service: Failed with result 'exit-code'.
systemd[1]: Failed to start Network Time Service.
If the IPv6 link-local interface was not ready for binding on the first
attempt, ntpd would segfault in update_interfaces(). The segfault would
only occur when ntpd was started as part of the boot sequence. Most
- but not all - boots were affected. Evidently it could happen that the
timing of ntpd's start up was delayed enough that the IPv6 link-local
interface was ready for the bind() call when it was first issued by
open_socket() via create_interface().
[1]: https://bugs.ntp.org/show_bug.cgi?id=3928
[2]: https://bugs.ntp.org/show_bug.cgi?id=3913
Signed-off-by: TIAN Yuanhao <tianyuanhao3@163.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 489e38fd2c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit
a39e0b95e1 ("package/qt6/qt6base: add
support for concurrent module"), we have an explicit option that
enables/disables concurrent support, so it no longer makes sense to
explicitly disable it unconditionally first.
Signed-off-by: Hannah Kiekens <hannah.kiekens@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2de79d7065)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The homepage has moved, the previous one links to the new URL.
Signed-off-by: Fiona Klute (WIWA) <fiona.klute@gmx.de>
[yann.morin.1998@free.fr: split into its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3ee7c891a0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When compiling jailhouse with BR2_PACKAGE_JAILHOUSE_HELPER_SCRIPTS=y,
build is failing with error:
Traceback (most recent call last):
File "/buildroot/output/build/jailhouse-e57d1eff6d55aeed5f977fe4e2acfb6ccbdd7560/setup.py", line 18, in <module>
setup(name="pyjailhouse", version=version,
File "/buildroot/output/host/lib/python3.12/site-packages/setuptools/__init__.py", line 108, in setup
return distutils.core.setup(**attrs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
...
File "/buildroot/output/host/lib/python3.12/sysconfig.py", line 549, in _init_posix
_temp = __import__(name, globals(), locals(), ['build_time_vars'], 0)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ValueError: Empty module name
This is due to a missing dependency on the target python3 package.
Jailhouse Python scripts are using setuptools with host-python3 which
reads its sysconfig data from the target-python3. See:
https://gitlab.com/buildroot.org/buildroot/-/blob/2024.08.1/package/pkg-python.mk?ref_type=tags#L33
If the target python3 is not installed, this get expanded as an empty
string, leading to this "ValueError: Empty module name" error.
Pure Python packages which are using the python-package infrastructure
usually get this dependency automatically from:
https://gitlab.com/buildroot.org/buildroot/-/blob/2024.08.1/package/pkg-python.mk?ref_type=tags#L295
Here, the jailhouse package rather uses the generic-package
infrastructure, then installs the Python scripts (if enabled) with
dedicated macros. This is why the target python3 is needed.
This commit fixes the issue by adding this missing dependency.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c808e271e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
0001-nano.patch: both MOD_NANO and MOD_TAI were added to glibc 2.12
on 2011-03-30 in commit 83fe108b0a9bc4f2deb14695bb0c8b2011e79f28.
They were added to musl 0.7.5 in commit f5ba2bc9c on 2011-03-18. And
they were added to uClibc 1.0.23 in commit 2d8ea0524b on 2017-03-17. We
consider all of these old enough to assume they always exist.
Renumber the remaining patches.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit eee73d0cc0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix pthread_detach() detection that is broken when building
with GCC 14.x:
checking for pthread_kill... yes
checking for pthread_rwlock_destroy with <pthread.h>... yes
checking for pthread_detach with <pthread.h>... no
configure: error: could not locate pthread_detach()
make[1]: *** [package/pkg-generic.mk:273:
/home/user/buildroot/bsp-barebox/build/ntp-4.2.8p17/.stamp_configured]
Error 1
make: *** [Makefile:82: _all] Error 2
Reference: https://bugs.ntp.org/show_bug.cgi?id=3926
Additionally, refresh patch 0002 to fix the offset of hunk 1.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 40d0797027)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is bugfix release of stable libmdbx branch.
The most significant fixes since v0.12.10 (the previous version pinned to
buildroot):
- Fixed the possibility of `SIGSEGV` inside the `coherence_check()` after
changing the geometry by another process with an increase in the upper
DB size above the previous in-process limit.
- Fixed cursor(s) handling opened in parent transactions and closed before
the completion of nested/child transactions. In such case, closed
cursors were "resurrected", which led to a leak of memory allocated for
such cursors.
- Fixed a possibility of `SIGSEGV` when enabling logging of the
`MDBX_LOG_TRACE` level in debug builds.
- Correction of the missing `TXN_END_EOTDONE` in the case the start of
a reading transaction fails. The mentioned bit-flag was missing in the
transaction destruction/shutdown path on error its launch. Because of
this, an attempt was made to destroy the cursors, which led to crash
debug builds, since the corresponding array is intentionally filled
with poison pointers.
- Modification of `mdbx_close_by()` to return an error when trying to
close the dbi descriptor of a table created and/or modified in a
still-running transaction. Such premature closure of the descriptor is
an incorrect use of the API and a violation of the contract/preconditions
formulated in the description of `mdbx_close_dbi()`.
However, instead of returning an error, an incorrect closure of the
descriptor was performed, which could lead to the creation of a table
with an empty name, leakage of database pages and/or corruption of a
b-tree structure (wrong reference to the root of a table).
The complete ChangeLog:
https://gitflic.ru/project/erthink/libmdbx/blob?file=ChangeLog.md
Signed-off-by: Леонид Юрьев (Leonid Yuriev) <leo@yuriev.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 81e7806b93)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
in e97fc89e7b a dependency on host-gcc >= 7 was added but
for the comment the condition was not correctly inverted.
Fixes: e97fc89e7b ("package/protobuf-c: bump to version 1.5.0")
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 84ef9bede6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When BR2_LINUX_KERNEL_IMAGE_TARGET_CUSTOM=y,
BR2_LINUX_KERNEL_IMAGE_TARGET_NAME is supposed to be non-empty. But in
the context of genraconfig, we don't know to what value
BR2_LINUX_KERNEL_IMAGE_TARGET_NAME can be set, so let's avoid cases
where BR2_LINUX_KERNEL_IMAGE_TARGET_CUSTOM=y. By dropping this option,
kconfig will revert back to the default image format for the selected
architecture.
Fixes:
http://autobuild.buildroot.net/results/1d104a051c83bb31e98565369a2ec7badfa21eca/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b07d21ab98)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Generating Bitcoins to an address can take longer than the current
timeout, on slow runners. This commit fixes this issue by increasing
the timeout on specific commands. This issue was also observed more
frequently on newer bitcoin-core version 28.0.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/7782083081
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 859c4ea5f7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=52afe563206e753f4c45c014fee2459ad0855826
postgrsql fails to build with toolchains without threads support:
misc.c: In function 'ecpg_gettext':
misc.c:541:51: error: 'PTHREAD_MUTEX_INITIALIZER' undeclared (first use in this function)
541 | static pthread_mutex_t binddomain_mutex = PTHREAD_MUTEX_INITIALIZER;
| ^~~~~~~~~~~~~~~~~~~~~~~~~
misc.c:541:51: note: each undeclared identifier is reported only once for each function it appears in
misc.c:552:24: warning: implicit declaration of function 'pthread_mutex_lock' [-Wimplicit-function-declaration]
552 | (void) pthread_mutex_lock(&binddomain_mutex);
| ^~~~~~~~~~~~~~~~~~
misc.c:569:24: warning: implicit declaration of function 'pthread_mutex_unlock' [-Wimplicit-function-declaration]
569 | (void) pthread_mutex_unlock(&binddomain_mutex);
| ^~~~~~~~~~~~~~~~~~~~
Option "--disable-thread-safety" will be dropped in PG 17, so
this patch is needed only for 16.x branch.
Fixes: 73dd1d6b96 ("package/postgresql: security bump version to 16.3")
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 747a41c19c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The package homepage http url redirects to https. This commit updates
this url to directly use https.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5440d6c446)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The package _SITE url only contains the latest version at a given point
in time. When a new version is published, it is replacing the old one.
This issue was not detected because the archive was downloaded from the
sources.buildroot.org backup mirror, when the primary source became
unavailable.
Since commit 559bb33ae "support/testing: do not use s.b.o" [1], the
runtime test infrastructure is disabling this backup mirror. This
makes the nmap runtime test failing [2], which is using liblinear as
a dependency.
The liblinear package author confirmed in a private email that all the
releases, including the latest version, are all kept in the "oldfiles"
directory.
This commit fixes this download issue by updating the _SITE url to that
location. While at it, this commit also change the url to use https
(since the http equivalent redirects to https).
Fixes:
- [2]
[1] 559bb33ae7
[2] https://gitlab.com/buildroot.org/buildroot/-/jobs/7948008007
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8b18c67f26)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This fixes the following runtime error when importing PyQt5 in python:
from PyQt5.QtCore import *
ModuleNotFoundError: No module named 'PyQt5.sip'
The problem was likely triggered by the atomic upgrade from 5.7 to
5.15 in b36ce7e. This commit is part of the 2022-2024 LTS.
Signed-off-by: Ralf Dragon <hypnotoad@lindra.de>
Tested-by: Andreas Naumann <anaumann@ultratronik.de>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit ba09a448f1)
[Peter: reword commit summary]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Version environment variable VERSION=$(VERSION) is set in the top level
Makefile of the sysvinit:
$(MAKE) VERSION=$(VERSION) -C src $@
Build command SYSVINIT_BUILD_CMDS doesn't use the top level Makefile, but
src/Makefile instead without setting the VERSION variable, which leads to
undefined VERSION macro in src/init.c.
Add VERSION=$(SYSVINIT_VERSION) to SYSVINIT_MAKE_OPTS to make the VERSION
environment variable available in the src/Makefile.
Signed-off-by: Cody Green <cody@londelec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 954098b142)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The check-package tool requires some PyPi package to be installed before
it can run. This is typically done by manually installing them into the
user's global Python environment or setting up a virtual environment,
then manually installing each dependency.
Python recently defined a format for managing script dependencies as
inline metadata[1]. This can be used with the `uv` tool to run a Python
script and automatically install the minimum required version of Python
and PyPi dependencies.
With this change, it's now possible to run check-package with
uv run -s ./utils/check-package
Note that, because check-package does not have the '.py' file extension
we must specify the `-s` or `--script` argument. That argument was added
very recently in release 0.4.19[2].
I set the minimum python to 3.9 as that is the oldest version still
supported[3]. I verified 3.9 works by running
uv run -p 3.9 -s ./utils/check-package `git ls-tree -r --name-only HEAD` --ignore-list=.checkpackageignore
[1] https://packaging.python.org/en/latest/specifications/inline-script-metadata/#script-type
[2] https://github.com/astral-sh/uv/releases/tag/0.4.19
[3] https://devguide.python.org/versions/
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6ffcdb52e8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Call out the requirements to run check-package and mention that Docker
can be used to run check-package without installing dependencies.
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 68de69c4d7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When compiling jailhouse with BR2_PACKAGE_JAILHOUSE_HELPER_SCRIPTS=y,
installation is failing with error:
/bin/sh: -c: line 1: syntax error near unexpected token ')'
This error is due to an extra ')' character in the macro
JAILHOUSE_INSTALL_HELPER_SCRIPTS.
This commit fixes this typo.
Signed-off-by: Raimundo Sagarzazu <rai.sagarzazu@outlook.com>
[Julien: reworded the commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 10d25d98ed)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
I still follow Buildroot development and use it for some personal
projects, but no longer have the time to be an active contributor.
Some of these are important defconfigs and packages to have up-to-date
in Buildroot, and mostly other developers have been doing that work, so
I am dropping them so that someone from the active contributors can be
the maintainer contact for them.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1dc370cc90)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This vulnerability only affects libcurl deployments in Nest products
because of incorrect use.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7e739d49b2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When I initially made the CVE cells collapsible, I neglected to
count the unsure CVEs. This patch adds unsure CVEs to the cell collapsing
calcualation to ensure that cells with lots of unsure CVEs actually get collapsed.
This patch also removes the "+ 1" from the cve_total calculation,
which fixes the cve_total being off-by-one.
I'm not sure *why* I did that in the first place.
demo:
https://sen-h.codeberg.page/pkg-stats-demos/@pages/add-unsure_cves-to-cve_total-calc.html
Signed-off-by: Sen Hastings <sen@hastings.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 87b8428c40)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Security fixes:
- gzip: prevent a hang when processing a malformed gzip inside a gzip
(#2366, OSS-Fuzz)
- tar: don't crash on truncated tar archives (#2364, OSS-Fuzz)
- tar: fix two leaks in tar header parsing (#2377)
Important bugfixes:
- 7-zip: read/write symlink paths as UTF-8 (#2252)
- cpio: exit with an error code if an entry could not be extracted (#2371)
- rar5: report encrypted entries (#2096)
- tar: fix truncation of entry pathnames in specific archives (#2360)
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 55d0c9a9a6)
[Peter: mark as security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The denx.de/wiki/U-Boot link now redirects to docs.u-boot.org/en/latest
Replace the link to the new location for the U-Boot documentation
Signed-off-by: Bryan Brattlof <bb@ti.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 164d9f0546)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a test that runs the dtc commandline tools. To test devicetree
compilation, we use an example devicetree from the dtc project. The
example source is GPL-2.0+ licensed.
Signed-off-by: Brandon Maier <brandon.maier@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 9b69034160)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
linux-pam 1.2.0 removed the use of yywrap, so the flex dependency is not
needed now (host-flex is still needed).
Fixes: #47
Signed-off-by: Damien Thébault <damien.thebault@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 600e273487)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 86bb1b236 "boot/grub2: needs host-python3" [1] introduced a
dependency on host-python3.
Since grub does not have any specific requirements on host Python
modules, or recent host Python version, this commit replaces the
host-python3 dependency with BR2_PYTHON3_HOST_DEPENDENCY. This will
skip the host-python3 compilation if a sufficient version (3.4 or
greater at the time of this commit) is already present on host. This
will save build time.
This optimization was suggested by Peter, in [2].
Note 1: this commit was checked to ensure that grub is building with
Python 3.4.
Note 2: BR2_PYTHON3_HOST_DEPENDENCY was introduced in commit b60729784
"support/dependencies: add a check for python3" [3].
[1] 86bb1b2360
[2] https://lists.buildroot.org/pipermail/buildroot/2024-September/763967.html
[3] b60729784a
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8a71fda371)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3.7.5 fixed a number of security issues:
fix multiple vulnerabilities identified by SAST (#2251, #2256)
cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258)
lzop: prevent integer overflow (#2174)
rar4: protect copy_from_lzss_window_to_unp() (#2172, CVE-2024-20696)
rar4: fix CVE-2024-26256 (#2269, CVS-2024-26256)
rar4: fix OOB in delta and audio filter (#2148, #2149)
rar4: fix out of boundary access with large files (#2179)
rar4: add boundary checks to rgb filter (#2210)
rar4: fix OOB access with unicode filenames (#2203)
rar5: clear 'data ready' cache on window buffer reallocs (#2265)
rpm: calculate huge header sizes correctly (#2158)
unzip: unify EOF handling (#2175)
util: fix out of boundary access in mktemp functions (#2160)
uu: stop processing if lines are too long (#2168)
And 3.7.6 fixed a tar regression introduced in 3.7.5
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ab3c84e5e2)
[Peter: mark as security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Doctoring a defconfig is tedious, and it is not easy to update a
defconfig, as it requires manual copy-pasting, adding comments and so
on...
Instead, just require defconfigs to be generated with 'savedefconfig'.
Any details can/must be provided in the commit log.
Reported-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 17bdd10cb3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes: https://www.python.org/downloads/release/python-31110/
Fixes CVE-2024-4032, CVE-2024-6232, CVE-2024-6923, CVE-2024-7592,
CVE-2024-8088 and CVE-2023-27043.
The fixes for bundled libexpat are irrelevant for us because external expat
is used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This version fixes an out-of-bound reads in the MLSD command, so upgrading is recommended.
It also improves compatibility with various systems.
Update the COPYING hash because of a change in copyright year
Signed-off-by: Michael Fischer <mf@go-sys.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5271e90a6a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also add a missing article one line above.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Arnout: fix additional typo]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 4390361bb5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream curl commit f057de5a1a950 ("libcurl.pc: add `Requires.private`,
`Requires` for static linking") deals with proper pkg-config
configuration since version 8.9.0.
Our local libcurl.pc modification we added back in commit 61d322c3d2
(package/cURL: fix static link whith openSSL) is no longer needed.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
[yann.morin.1998@free.fr: this is not a "revert", reword commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a5cef5339b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2023-7256: Clean up sock_initaddress() and its callers to avoid
double frees in some cases.
CVE-2024-8006: Fix pcap_findalldevs_ex() not to crash if passed a
file:// URL with a path to a directory that cannot be opened.
Changelog: bbcbc9174d/CHANGES
Signed-off-by: Akhilesh Nema <nemaakhilesh@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0982498c67)
[Peter: mark as security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 89d39fc7a3 "initscripts: new package" moved the inittab
packaged for Busybox init from system/skeleton/etc to package/busybox.
The manual, however, still points to the old location, so let's fix it.
Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 99b1685fd8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: s/contents/content/]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit aa79ae24a8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit a87abcf6da (Makefile: run PPD and RPATH fixup in host-fialize)
(sic) moved the fixups peviously done in prepare-sdk, to host-finalize.
This exposed a bug in fix-rpath, when RPATH contains multiple entries,
like: /PPD/host-foo/host/lib:/PPD/host-foo/host/lib/foo
In that situation, we want to get rid of /PPD/host-foo and replace it
with the finale HOST_DIR, so we mangle the RPATH with a sed expression.
However, that sed expression only ever replaces the first match, as it
is missing the 'g' option. Thus, the second (and following) parts of
RPATH are still referring to the PPD, and thus patchelf does not find it
relative to the final HOST_DIR, amd rops it. This eventually lead to a
final RPATH set as $ORIGIN/../lib instead of the expected
$ORIGIN/../lib:$ORIGIN/../lib/foo
This is the case for host-systemd, which installs some of its libraries
in $PREFIX/lib/systemd/ and adds an RPATH set appropriately to
/PPD/host-systemd/host/lib:/PPD/host-systemd/host/lib/systemd and that
gets incorrectly mangled.
Fixes: https://gitlab.com/buildroot.org/buildroot/-/issues/39
Also fix a typo in the comment just above.
Reported-by: José Luis Salvador Rufo @jlsalvador
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: José Luis Salvador Rufo <salvador.joseluis@gmail.com>
Reviewed-by: José Luis Salvador Rufo <salvador.joseluis@gmail.com>
Tested-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Reviewed-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2100a76d9e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Browsers nowadays complain about HTTP downloads (E.G. manual.pdf) from a
site served over HTTPS, so also use HTTPS for the nightly.buildroot.org
manual links.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 06397d26a0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The behaviour of asciidoc on my laptop (Debian 10.2.0-1) changed at the end
of last year, causing the BR2_VERSION logic to no longer work:
grep 'manual generated' buildroot-2023.02.*/docs/manual/manual.text
buildroot-2023.02.6/docs/manual/manual.text:Buildroot 2023.02.6 manual generated on 2023-10-16 08:41:26 UTC from
buildroot-2023.02.7/docs/manual/manual.text:Buildroot ${BR2_VERSION%%-git*} manual generated on 2023-11-14
buildroot-2023.02.8/docs/manual/manual.text:Buildroot ${BR2_VERSION%%-git*} manual generated on 2023-12-04
We don't really NEED to strip the -git suffix; indeed, for a git tag, there
would be not -git suffix, while for any other commit there will be one
and we want to see it (e.g. in the nightly manual, or on a development
branch locally).
So just drop that to unbreak the version output.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: explain why wew don't want to drop it]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ec270a0815)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The qemu.run() method can break when a command happens to output the
string "# " to stdout. This is because qemu.run() detects when a command
has completed by searching for the shell prompt, which by default is
"# ". It then captures everything before the "# " as the commands
output, causing the rest of output to be lost.
Instead use the pexpect libraries REPLWrapper to handle running
commands. It has hooks to set a custom prompt and avoid some other
pitfalls of wrapping a shell.
We unfortunately can't reuse replwrap._repl_sh directly, because it
tries to spawn a command while we already have a qemu started. So we
need to copy that code into _repl_sh_child. While we're at it, also
define our own prompt strings.
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
[Arnout:
- Make all arguments to _repl_sh_spawn non-optional.
- Move non_printable_insert to a local variable instead of an argument,
we don't need to override it.
- Copy the comment from _repl_sh that explains why non_printable_insert
is needed.
- Add a comment about timeouts.
- Rename spawn to child (we don't actually spawn anything so this felt
more natural, even though the class
- Use single quotes instead of triple quotes, and explicitly escape the
nested quotes.
]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 0cad947b96)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the build host does not have a Python interpreter installed,
host-grub2 is failing to configure due to this missing interpreter.
Note that host-grub2 is the first package to fail because it is a
dependency of grub2. The grub2 target package has the same dependency
requirement.
The issue can be quickly reproduced on a host without Python with the
commands:
cat <<EOF >.config
BR2_aarch64=y
BR2_TARGET_GRUB2=y
BR2_TOOLCHAIN_EXTERNAL=y
EOF
make olddefconfig
make grub2
grub2 autotools configure.ac search for a Python interpreter since
upstream commit [1] 8b467844e "python: Use AM_PATH_PYTHON to determine
interpreter for gentpl.py", first included in grub v2.04 released
on 2019-07-04. For reference, grub2 has been updated to that version
in commit [2] ea7ec41c "boot/grub2: bump to verson 2.04".
This commit fixes the issue by adding the host-python3 dependency to
host-grub2 and grub2.
Fixes:
checking for a Python interpreter with version >= 2.6... none
configure: error: no suitable Python interpreter found
[1] https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commitdiff;h=8b467844e11170077c8ca727c39d2bd36eeb5f08
[2] ea7ec41cf6
Reported-by: Vincent Stehlé <vincent.stehle@arm.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 86bb1b2360)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Samuel Martin has not been around in the Buildroot community for many,
many years. His last posting on the mailing list was on July 2018. So
let's not pretend those packages are actually maintained, and let's
stop spamming Samuel with lots of patches and autobuilder failures.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d8b83b861c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following CVEs:
CVE-2024-24789: archive/zip: mishandling of corrupt central directory record
CVE-2024-24790: net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
View the release notes for more information:
https://go.dev/doc/devel/release#go1.22.4
Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d6e0f1b622)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a third bootstrap stage with Go1.21.x necessary for go1.22 bootstrap.
go-bootstrap-stage1 is Go1.4.x, the final version to support bootstrap using a C
compiler (later versions require the Go compiler for bootstrapping).
See: https://go.dev/doc/install/source#bootstrapFromSource
go-bootstrap-stage2 is Go 1.19.13, the last version to support bootstrap using
the Go1.4.x compiler.
go-bootstrap-stage3 is Go 1.21.8, the last version to support bootstrap using
the Go1.19.13 compiler. Go 1.20 requires a minimum of go 1.17.13 to bootstrap.
See: https://go.dev/doc/go1.20#bootstrap
This patch is in preparation for bumping the host-go package to >go1.22.x, which
requires a minimum of Go1.20.x for bootstrap.
See: https://go.dev/doc/go1.22#bootstrap
Signed-off-by: Christian Stewart <christian@aperture.us>
[Arnout: add GOCACHE definition]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit f00eb37de9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Rewrap the whole help text as with the typo fix the line is a bit
longer and no longer fits within the limits defined by our
check-package coding style checking.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 08926081d8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
WirePlumber is a PipeWire session manager, essential to the operation
of PipeWire in most use cases. It is not a graphical application,
nor does it support graphics in any way. It is only there to support
PipeWire and it should be kept together with PipeWire in the menus.
Signed-off-by: George Kiagiadakis <george.kiagiadakis@collabora.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 14b1b8ca8d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The two lines with the Buildroot version and the system os-release
details are rendered on a single line, "because Markdown".
Make that a two-item list, to be sure they are on properly rendered.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6a1e297a31)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: also fix grammar]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e009783505)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, the gdbinit is generated and installed during post install
hooks, either from the gdb package, or from the external-toolchain
package. When using per-package directories (PPD), the staging directory
of the either package is stored in the generated gdbinit, which is not
going to be valid when all the PPD staging dirs get merged into the
final staging: it would lack any library installed afterwards, i.e.
mostly everything would be missing (but the libraries from the C
toolchain in the case of an external toolchain).
Similarly, all the RPATH will point to various PPD drectories. This
does not cause any issue when the final host is aggregated, because the
PPD directories still exist when we call programs from there (e.g. from
the fs infra, or from post-image scripts).
However, we knew that would not always be possible to keep the PPD
directories: we have the prepare-sdk rule that runs a cleanup pass on
the RPATH, and also applies the generic PPD fixups.
When we introduced prepare-sdk in c32ad51cbf (core/sdk: generate the
SDK tarball ourselves), we did not yet have support for PPD for the host
directory, and especially, we did not have the host-finalize rule, which
was only introduced in d0f4f95e39 (Makefile: rework main directory
creation logic) which kick-started the introduction of PPD.
At that point, we did not realise that the rpath fixups from
prepare-sdk, would be better moved to the new host-finalize rule,
because that had no impact unless one would need an SDK.
Later, in 25e60fbe1c (Makefile: fix SDK relocation for
per-package-dirs), we eventually introduced the PPD generic fixups in
the prepare-sdk rule. Again, we did not realise that those fixups would
be better placed in the host-finalize rule rather than the prepare-sdk.
While fixing the RPATH in host-finalize is not critical, fixing up the
PPD paths actually is, as the gdbinit case demonstrate.
As such, move the PPD fixups to the host-finalize step, and while at it,
also move the RPATH fixups.
This now does not leave much to do in the prepare-sdk step, and that
could very well be moved to the host-finalize rule as well. However,
some people may have started to rely on prepare-sdk in its 6 years of
existence, and the little script it installs is not needed unless one
really needs an SDK. So leave it as it is for now.
Reported-by: Casey Reeves <casey@xogium.me>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Casey Reeves <casey@xogium.me>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Brandon Maier <Brandon.Maier@collins.com>
Tested-by: Brandon Maier <brandon.maier@collins.com>
Acked-by: TIAN Yuanhao <tianyuanhao3@163.com>
(cherry picked from commit a87abcf6da)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Following an email exchange with Conrad Sand, one of the maintainers of
the project, I learned that version 9.900.2 has been moved to
https://sourceforge.net/projects/arma/files/retired/.
This patch fixes the package download error, waiting for a subsequent
patch that will restore the previous URL to bump to a more recent
version.
Adding the .RETIRED suffix to the downloaded tarball generated the
following error:
armadillo-9.900.2.tar.xz.RETIRED: OK (sha256: d78658c9442addf7f718eb05881150ee3ec25604d06dd3af4942422b3ce26d05)
>>> armadillo 9.900.2 Extracting
buildroot/dl/armadillo/armadillo-9.900.2.tar.xz.RETIRED | buildroot/output/host/bin/tar --strip-components=1 -C buildroot/output/build/armadillo-9.900.2 -xf -
/bin/bash: line 1: buildroot/dl/armadillo/armadillo-9.900.2.tar.xz.RETIRED: Permission denied
buildroot/output/host/bin/tar: This does not look like a tar archive
buildroot/output/host/bin/tar: Exiting with failure status due to previous errors
make[1]: *** [package/pkg-generic.mk:213: buildroot/output/build/armadillo-9.900.2/.stamp_extracted] Error 2
which required the addition of ARMADILLO_EXTRACT_CMDS to be fixed.
Finally, it was also necessary to modify the tarball's hash.
Fixes:
- http://autobuild.buildroot.org/results/d4e9e7b453960a4f62a199344b30b729a4f235bc
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f69fe48404)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patch v1 not set to 'superseded' when replying to <message-id> with v2.
I'm using git version 2.46.0. The manual says the following is the
correct way to use the '--in-reply-to' option:
git send-email --in-reply-to=<message-id>
Signed-off-by: Roy Kollen Svendsen <roykollensvendsen@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6677d9c4e1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Replace the group name 'nogroup' with 'nobody' in the default ProFTPD
configuration file. This fixes the following error when starting the
server:
proftpd[110]: fatal: Group: Unknown group 'nogroup' on line 30 of '/etc/proftpd.conf'
Fixes: 0d887cc2b4 ("system: replace nogroup with nobody")
Signed-off-by: Mattia Narducci <mattianarducci1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2383768cdf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2024-31080: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
- CVE-2024-31081: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice
- CVE-2024-31082: Heap buffer overread/data leakage in ProcAppleDRICreatePixmap
- CVE-2024-31083: User-after-free in ProcRenderAddGlyphs
For more details, see thee security page of Xorg:
https://www.x.org/wiki/Development/Security/
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
[Peter: add actual list of CVEs]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e33db30aab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
I lack the time (and interest) to properly keep these entries up to
date, so drop them from my section.
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6fdbab87a2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The following build failure on xtensa:
Waf: Entering directory `/home/buildroot/instance-0/output-1/build/ntpsec-1.2.3/build/host'
[1/2] Processing ntpd/ntp_parser.y
[2/2] Compiling build/host/ntpd/ntp_parser.tab.c
gcc: error: unrecognized command-line option '-mlongcalls'
gcc: error: unrecognized command-line option '-mauto-litpools'
reveals that the target's CFLAGS are being used for host compilation.
The patch fixes the host compilation by correctly setting the CFLAGS to
be used.
It should be noted that the build script used by ntpsec applies CFLAGS
for host compilation and --cross-cflags for target compilation.
Fixes:
- http://autobuild.buildroot.org/results/9321a637f2c340ce8dcb24249676bb6c44d0dfc6
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 064e4c09fa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable RNG support so that following build failure does not happen:
In file included from ../../../../src/libstrongswan/plugins/plugin.h:28,
from wolfssl_plugin.h:34,
from wolfssl_plugin.c:29:
wolfssl_plugin.c: In function 'get_features':
../../../../src/libstrongswan/plugins/plugin_feature.h:321:119: error: 'FEATURE_WC_RNG' undeclared (first use in this function); did you mean 'FEATURE_RNG'?
321 | #define __PLUGIN_FEATURE_REGISTER(type, _f) (plugin_feature_t){ FEATURE_REGISTER, FEATURE_##type, .arg.reg.f = _f }
| ^~~~~~~~
../../../../src/libstrongswan/plugins/plugin_feature.h:332:73: note: in expansion of macro '__PLUGIN_FEATURE_REGISTER'
332 | #define _PLUGIN_FEATURE_REGISTER_RNG(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
| ^~~~~~~~~~~~~~~~~~~~~~~~~
../../../../src/libstrongswan/plugins/plugin_feature.h:248:39: note: in expansion of macro '_PLUGIN_FEATURE_REGISTER_RNG'
248 | #define PLUGIN_REGISTER(type, f, ...) _PLUGIN_FEATURE_REGISTER_##type(type, f, ##__VA_ARGS__)
| ^~~~~~~~~~~~~~~~~~~~~~~~~
wolfssl_plugin.c:510:17: note: in expansion of macro 'PLUGIN_REGISTER'
510 | PLUGIN_REGISTER(RNG, wolfssl_rng_create),
| ^~~~~~~~~~~~~~~
../../../../src/libstrongswan/plugins/plugin_feature.h:321:119: note: each undeclared identifier is reported only once for each function it appears in
321 | #define __PLUGIN_FEATURE_REGISTER(type, _f) (plugin_feature_t){ FEATURE_REGISTER, FEATURE_##type, .arg.reg.f = _f }
| ^~~~~~~~
../../../../src/libstrongswan/plugins/plugin_feature.h:332:73: note: in expansion of macro '__PLUGIN_FEATURE_REGISTER'
332 | #define _PLUGIN_FEATURE_REGISTER_RNG(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
| ^~~~~~~~~~~~~~~~~~~~~~~~~
../../../../src/libstrongswan/plugins/plugin_feature.h:248:39: note: in expansion of macro '_PLUGIN_FEATURE_REGISTER_RNG'
248 | #define PLUGIN_REGISTER(type, f, ...) _PLUGIN_FEATURE_REGISTER_##type(type, f, ##__VA_ARGS__)
| ^~~~~~~~~~~~~~~~~~~~~~~~~
wolfssl_plugin.c:510:17: note: in expansion of macro 'PLUGIN_REGISTER'
510 | PLUGIN_REGISTER(RNG, wolfssl_rng_create),
| ^~~~~~~~~~~~~~~
make[6]: *** [Makefile:659: wolfssl_plugin.lo] Error 1
Reported Upstream:
https://github.com/strongswan/strongswan/issues/2410
This build failure started since 5.9.11 update in commit
78959665b9.
Fixes:
http://autobuild.buildroot.net/results/278b3f74c48c858ae368d59069752adb69c05246
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 89d512729c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 8f88a644ed "support/scripts/apply-patches.sh: set the maximum
fuzz factor to 0" reduced the fuzz factor.
Due to this change, asterisk fails to build with output:
Applying 0004-install-samples-need-the-data-files.patch using patch:
patching file Makefile
Hunk #1 FAILED at 779.
1 out of 1 hunk FAILED -- saving rejects to file Makefile.rej
This commit rebase the package patches on the current package version.
Note: the patch 0005 is unchanged, as it is correct in its current
state.
Fixes:
- http://autobuild.buildroot.org/results/92d/92d58ecb67f11a6eb74695bc1efcc672f69a57a9
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a6fabd9610)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following uclibc-ng build failure raised since bump to version
20.7.0 in commit 0e6d4d2171 and
2694792e13:
stasis/control.c: In function 'exec_command_on_condition':
stasis/control.c:313:3: warning: implicit declaration of function 'pthread_kill'; did you mean 'pthread_yield'? [-Wimplicit-function-declaration]
313 | pthread_kill(control->control_thread, SIGURG);
| ^~~~~~~~~~~~
| pthread_yield
stasis/control.c:313:41: error: 'SIGURG' undeclared (first use in this function)
313 | pthread_kill(control->control_thread, SIGURG);
| ^~~~~~
Fixes: 0e6d4d2171
- http://autobuild.buildroot.org/results/d16e4ca4bd26234f84d17da24c04a8c19faba6c5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ebd44d7c5b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 2f260084d5 (utils/genrandconfig: remove support for toolchain
CSV) kept the --no-toolchains-csv option, but in the rework forgot to
keep it as a bool, while argparse default is to expect a string.
Rather than re-introduce the action="store_true" which implies the
argument is a bool, explicit make it a bool.
Fixes: 2f260084d5
Reported-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4dbb87bb66)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Right now, genrandconfig just spits out the random messages from the
different make invocations, which isn't terribly useful. Instead,
let's redirect the output of make invocations to oblivion, and add
some more high level logging.
As part of this logging, we're interested to see how many iterations
were needed to find a valid configuration, so changed the loop logic
to count from 0 to 100 instead of from 100 to 0 so that we can easily
show the iteration number.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ce3dedc26b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In order to test that upstream sites are still working, we need to NOT
fallback to sources.buildroot.net for some builds.
As there is anyway a local cache in the autobuilder instances, we need
to do quite a lot of builds without any BR2_BACKUP_SITE configured to
have a chance to catch issues, which is why a 50% chance is used to
unset BR2_BACKUP_SITE.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit da5c25c9f9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Before calling randpackageconfig/randconfig, we were pre-generating a
snippet of .config with:
(1) minimal.config
(2) BR2_CURL/BR2_WGET settings
(3) some random selection of init system, debug, runtime debug, etc
(4) enabling BR2_REPRODUCIBLE=y when diffoscope was found
Now that we only use randconfig, this whole fine-tuning is completely
irrelevant, as it gets overridden by "make randconfig".
(1) and (3) above are useless, as randconfig does all the
randomization that is needed.
However, we want to preserve (2) and (4) above, so we re-implement
those fixups, but *after* randconfig has done its job.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3d33d394c2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that the support for generating a fully random configuration has
been well-tested, the whole mechanism based on a toolchain CSV isn't
really useful anymore, so let's drop it to simplify the logic.
Note that the autobuilder code still uses --{,no-}toolchains-csv, so we
can't remove those or the autobuilders would fail. Once all supported
branches no longer use those argumetns, we can drop them from the
autobuilder code, then ask people to update their runners, and we will
finally be able to drop those arguments. Eventually.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: keep --{,no-}toolchains-csv and explain why]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2f260084d5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We have accumulated a whole bunch of very old fixups to avoid issues
with super old CT-NG toolchains, which we are not testing anymore, so
remove those fixups.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9e33882568)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The LICENSE file gets installed directly to the root of $(TARGET_DIR),
which clashes with other packages:
FileExistsError: File already exists: /home/autobuild/autobuild/instance-3/output-1/target/LICENSE
This commit fixes this issue for the python-unittest-xml-reporting
package. Other fixes will be needed for the other patches.
The issue in python-unittest-xml-reporting was introduced in upstream
commit c43427611390fba83ca13fbb5311bd8fece5048f, which first appeared
in v3.1.0. We switched from a pre-3.1.0 version to 3.2.0 in Buildroot
in commit 69ba1562d5, which was merged
in 2023.02.
Fixes:
http://autobuild.buildroot.net/results/2c91243b440087bbc7d051d65f553f59d05dd207/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 182d3556a6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The python-huepy has an incorrect data_files statement in its
setup.py, causing the LICENSE file to be installed directly as
$(TARGET_DIR)/LICENSE. This was detected because several packages were
doing this, and the second package doing
it (python-unittest-xml-reporting, fixed separately) was erroring out
when trying to overwrite this already existing file.
This commit fixes the case of python-huepy by adding a patch that has
been submitted upstream.
There are no autobuilder failures related to python-huepy, but this
was detected while fixing
http://autobuild.buildroot.net/results/2c91243b440087bbc7d051d65f553f59d05dd207/
for python-unittest-xml-reporting.
This bug has been in huepy since at least 2018, so this patch can be
backported to previous Buildroot versions.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 4e78b2c8b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
lib/print.c in gnu-efi contains some floating point computation. On
ARM soft-float configurations, these floating point operations
generate calls to __eabi_*() functions that are provided by
gcc. However, gnu-efi builds some freestanding code, so it doesn't
link with libgcc, and therefore the build fails with:
arm-buildroot-linux-gnueabi-ld: /output-1/build/gnu-efi-3.0.18//lib/print.c:1431:(.text+0x78c): undefined reference to `__aeabi_i2d'
arm-buildroot-linux-gnueabi-ld: /output-1/build/gnu-efi-3.0.18//lib/print.c:1431:(.text+0x7a0): undefined reference to `__aeabi_dsub'
arm-buildroot-linux-gnueabi-ld: /output-1/build/gnu-efi-3.0.18//lib/print.c:1431:(.text+0x7a4): undefined reference to `__aeabi_d2f'
arm-buildroot-linux-gnueabi-ld: /output-1/build/gnu-efi-3.0.18//lib/print.c:1432:(.text+0x7b4): undefined reference to `__aeabi_fcmplt'
arm-buildroot-linux-gnueabi-ld: /output-1/build/gnu-efi-3.0.18//lib/print.c:1438:(.text+0x7c8): undefined reference to `__aeabi_fmul'
arm-buildroot-linux-gnueabi-ld: /output-1/build/gnu-efi-3.0.18//lib/print.c:1440:(.text+0x7d4): undefined reference to `__aeabi_fcmpeq'
arm-buildroot-linux-gnueabi-ld: /output-1/build/gnu-efi-3.0.18//lib/print.c:1444:(.text+0x7f8): undefined reference to `__aeabi_fmul'
arm-buildroot-linux-gnueabi-ld: /output-1/build/gnu-efi-3.0.18//lib/print.c:1440:(.text+0x808): undefined reference to `__aeabi_fcmpeq'
arm-buildroot-linux-gnueabi-ld: /output-1/build/gnu-efi-3.0.18//lib/print.c:1440:(.text+0x818): undefined reference to `__aeabi_f2iz'
arm-buildroot-linux-gnueabi-ld: /output-1/build/gnu-efi-3.0.18//lib/print.c:1451:(.text+0x834): undefined reference to `__aeabi_i2f'
arm-buildroot-linux-gnueabi-ld: /output-1/build/gnu-efi-3.0.18//lib/print.c:1451:(.text+0x840): undefined reference to `__aeabi_fcmpeq'
arm-buildroot-linux-gnueabi-ld: /output-1/build/gnu-efi-3.0.18//lib/print.c:1453:(.text+0x858): undefined reference to `__aeabi_fmul'
arm-buildroot-linux-gnueabi-ld: /output-1/build/gnu-efi-3.0.18//lib/print.c:1451:(.text+0x860): undefined reference to `__aeabi_f2iz'
arm-buildroot-linux-gnueabi-ld: /output-1/build/gnu-efi-3.0.18//lib/print.c:1451:(.text+0x868): undefined reference to `__aeabi_i2f'
arm-buildroot-linux-gnueabi-ld: /output-1/build/gnu-efi-3.0.18//lib/print.c:1451:(.text+0x870): undefined reference to `__aeabi_fcmpeq'
arm-buildroot-linux-gnueabi-ld: /output-1/build/gnu-efi-3.0.18//lib/print.c:1451:(.text+0x89c): undefined reference to `__aeabi_f2iz'
Since we don't care about gnu-efi support on ARM soft-float
configurations, let's disable such configurations.
Note that we have chosen to use BR2_ARM_SOFT_FLOAT as we're for now
making this specific to ARM as we're not sure what is the situation on
other CPU architectures (for example RISC-V without FPU maybe). This
can be revisited once we get more data on the behavior on other CPU
architectures that can support soft-float.
Fixes:
http://autobuild.buildroot.net/results/98d955fd2fcf4a3db1ab46e4f553447031a23b92/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit b62f2f7f12)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since the bump of gnu-efi to version 3.0.17 in Buildroot commit
fa9893ad8f, the build of gnu-efi fails
on ARM big endian and AArch64 big endian.
Indeed, since that bump, gnu-efi builds some "apps", using a special
linker file part of gnu-efi that explicitly sets the architecture:
OUTPUT_FORMAT("elf32-littlearm", "elf32-littlearm", "elf32-littlearm")
OUTPUT_FORMAT("elf64-littleaarch64", "elf64-littleaarch64", "elf64-littleaarch64")
Due to this, big endian builds are now failing:
armeb-buildroot-linux-gnueabi-ld: ../gnuefi/crt0-efi-arm.o: compiled for a big endian system and target is little endian
armeb-buildroot-linux-gnueabi-ld: failed to merge target specific data of file ../gnuefi/crt0-efi-arm.o
Since we are not really interested in supporting gnu-efi on ARM big
endian and AArch64 big endian and it is not supported upstream, let's
disabled on those architectures.
Fixes:
http://autobuild.buildroot.org/results/4d385d6759346e19664d0bded1e419f004f82b47/ (ARM big endian)
http://autobuild.buildroot.net/results/b6df43408ca4cd469962c96d49d9ac7935b6dbe9/ (AArch64 big endian)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 308d2c9927)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changes with nginx 1.26.2 14 Aug 2024
*) Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash
(CVE-2024-7347).
Thanks to Nils Bars.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8f31fea6d0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
(CVE-2023-52425) by adding five new methods:
xml.etree.ElementTree.XMLParser.flush()
xml.etree.ElementTree.XMLPullParser.flush()
xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
xml.sax.expatreader.ExpatParser.flush()
- gh-115243: Fix possible crashes in collections.deque.index() when the
deque is concurrently modified.
- gh-114572: ssl.SSLContext.cert_store_stats() and
ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate
store, when the ssl.SSLContext is shared across multiple threads.
For more details, see the changelog:
https://docs.python.org/release/3.11.9/whatsnew/changelog.html#python-3-11-9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit backports two upstream patches needed to fix
CVE-2023-34410. According to the CVE details, both patches are needed
for the fix.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit backports upstream patches that are needed to fix
CVE-2023-37369. The second one is the actual CVE fix, the first one is
needed to only backporting the second patch in a reasonable way.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit backports upstream patches that are needed to fix
CVE-2023-51714. The second one is the actual CVE fix, the first one is
needed to only backporting the second patch in a reasonable way.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit backports an upstream patch to fix CVE-2023-38197, which
requires 3 other patches to be backported in order to work properly.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit backports some upstream commits to fix CVE-2023-32763.
To backport the CVE fix, we had to backport two other related patches
to make the backport reasonably clean/straightforward.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/94fd27ea48c4128033ad10cf0dc5dba3f5d97a02/
Commit 4aff9fae45 (package/am335x-pru-package: fix download
issue) updated the filename and hash of the package, but something went
wrong when adjusting the hash for 2024.02.x.
Investigating the local tarball shows that the permissions in the tarball were
were wrong:
diffoscope old-dl/am335x-pru-package/am335x-pru-package-5f374*-br1.tar.gz \
dl/am335x-pru-package/am335x-pru-package-5f374*-br1.tar.gz | \
grep 96/.gitignore
│ │ --rw-rw-rw- 0 0 0 199 2016-02-10 20:56:25.000000 am335x-pru-package-5f374ad57cc195f28bf5e585c3d446aba6ee7096/.gitignore
│ │ +-rw-r--r-- 0 0 0 199 2016-02-10 20:56:25.000000 am335x-pru-package-5f374ad57cc195f28bf5e585c3d446aba6ee7096/.gitignore
And indeed, the file does have mode 666 in the git repo:
ls -lah old-dl/am335x-pru-package/git/.gitignore
-rw-rw-rw- 1 peko peko 199 Aug 31 18:16 old-dl/am335x-pru-package/git/.gitignore
It is unclear how this happened, maybe an issue with switching between
master/2024.05.x/2024.02.x.
Adjust the hash to match what is should have been instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The download and homepage URL for this project have been
updated. The old site no longer works.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2a547e2c42)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 9f94b3b354 "package/iperf3: bump to version 3.16" updated
the package but forgot to reflect a breaking change mentioned in
the release note [1], "iperf3 now requires pthreads and C atomic
variables to compile and run".
When the toolchain has no atomic support, or the libatomic is not
added in the linker flags, the compilation now fail with output:
arm-buildroot-linux-gnueabi/bin/ld: ./.libs/libiperf.so: undefined reference to '__atomic_load_8'
This issue can be seen when running the iperf3 runtime test, with
command:
support/testing/run-tests \
-d dl -o output_test \
tests.package.test_iperf3
This commit fixes the issue by adding a dependency on
BR2_TOOLCHAIN_HAS_ATOMIC and by adding an upstream patch to detect
if linking to libatomic is needed.
Fixes: [2]
[1] https://github.com/esnet/iperf/releases/tag/3.16
[2] https://gitlab.com/buildroot.org/buildroot/-/jobs/6466933622
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f10488a411)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Django 5.0.7 fixes the following CVEs:
* CVE-2024-38875: Potential denial-of-service vulnerability in django.utils.html.urlize()
* CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords
* CVE-2024-39330: Potential directory-traversal via Storage.save()
* CVE-2024-39614: Potential denial-of-service vulnerability in get_supported_language_variant()
Django 5.0.8 fixes the following CVEs:
* CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat()
* CVE-2024-41990: Potential denial-of-service vulnerability in django.utils.html.urlize()
* CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget
* CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list()
Further release Notes: https://docs.djangoproject.com/en/5.0/releases/
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f777ce1fd6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 9696d27756 "package/gpsd: condition python stuff to the proper
kconfig option" changed the condition in which the gpsd python scripts
are installed. After that change, the "gpsfake" command (which is a
python script) is no longer found and the runtime test is failing.
This commit fixes the issue by reflecting the change in the runtime
test Buildroot configuration.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b6f4d79df2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This didn't work out as planned, neither the restriction of muting
unregistered users, nor the exception for matrix users worked as planned.
The channel mode has been reverted to +R (meaning only registered users
are allowed to join) and an exception for *that* has been introduced for
matrix users via +e. The channel modes are documented in [1].
[1] https://www.oftc.net/ChannelModes/
This reverts commit d1e6d7845b.
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bede54c774)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building with GCC 14 fails at the configure step with:
./configure: error: libatomic_ops library was not found.
The error is not caused by a missing library, but by an unrelated
"incompatible pointer type" error in the test program:
...
checking for atomic_ops library
objs/autotest.c: In function 'main':
objs/autotest.c:9:48: error: passing argument 1 of 'AO_compare_and_swap' from incompatible pointer type [-Wincompatible-pointer-types]
This used to be a warning, but it is an error since GCC 14.[1]
Fix this by patching the test program in order to use the correct
pointer types.
Fixes: http://autobuild.buildroot.net/results/a3d/a3d8c6fd631b31e272e4d8cc6c3318f2e4151882
[1] https://gcc.gnu.org/gcc-14/porting_to.html#incompatible-pointer-types
Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 7d249dab51)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The mysql virtual package was removed in commit 8708f3a23a
"package/mysql: drop virtual package".
The mariadb runtime test was authored before this mysql virtual
package removal, but was merged after it, in commit 5356754d1e
"support/testing: add mariadb runtime test". Due to this, this test
always failed with the error:
Makefile.legacy:9: *** "You have legacy configuration in your .config! Please check your configuration.". Stop.
This commit fixes the issue by removing the legacy
BR2_PACKAGE_MYSQL=y configuration directive.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/7540345406
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3da3361a1b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Maeva told me personally she will no longer contribute to Buildroot
for the time being. This commit removes all the associated DEVELOPERS
entries.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 92d652df48)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, we have a Kconfig symbol to enable the python support in
gpsd, but the condition at configure time is based on whether the python
package is enabled. So, if a user does not enable python support in
gpsd, they still get it.
Switch to using the proper symbol.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Bernd Kuhls <bernd@kuhls.net>
Reviewed-by: Jan Havran <havran.jan@email.cz>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9696d27756)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Pass USE_LIBDRM=OFF to the wpewebkit CMake configuration step when the
libdrm package has not been selected.
WPE WebKit can be built without libdrm support, and it will still work
with backends that use other platform-specific methods to handle
graphics buffers and/or presenting content onto an output. For example
this is the case with wpebackend-rdk configured to use rpi-userland,
which uses dispmanx to produce the output instead of DRM/KMS.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 65f8174648)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mdio-tools depends on CONFIG_MDIO_DEVICE in order for mdiobus driver to
be built, but CONFIG_MDIO_DEVICE depends on CONFIG_NETDEVICES which we
are not enabling so on platforms without it enabled in kernel config
building mdio-tools will fail with:
ERROR: modpost: "mdio_find_bus" [output-1/build/mdio-tools-1.3.1/kernel/mdio-netlink.ko] undefined!
ERROR: modpost: "__mdiobus_c45_read" [output-1/build/mdio-tools-1.3.1/kernel/mdio-netlink.ko] undefined!
ERROR: modpost: "__mdiobus_read" [output-1/build/mdio-tools-1.3.1/kernel/mdio-netlink.ko] undefined!
ERROR: modpost: "__mdiobus_c45_write" [output-1/build/mdio-tools-1.3.1/kernel/mdio-netlink.ko] undefined!
ERROR: modpost: "__mdiobus_write" [output-1/build/mdio-tools-1.3.1/kernel/mdio-netlink.ko] undefined!
So enable CONFIG_NETDEVICES as well to make sure CONFIG_MDIO_DEVICE can be enabled.
Fixes: http://autobuild.buildroot.net/results/edf47df96cde6094c890c0b74034cced90335a39/
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b95fff0185)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
On the architectures that supports libsanitizer (part of gcc), the
build is currently failing with BR2_TIME_BITS_64=y. This is because
some code in libsanitizer unsets _FILE_OFFSET_BITS, but building code
with _FILE_OFFSET_BITS unset, but _TIME_BITS set isn't legal.
To fix this, this commit backports two changes:
- One change to also unset _TIME_BITS in
sanitizer_platform_limits_posix.cpp. This change is upstream in
LLVM, and already part of GCC 14.x, so we only bringing it to GCC
12.x and GCC 13.x.
- A second change doing the same modification, but in
sanitizer_procmaps_solaris.cpp, which as crazy as it might sound,
also gets compiled on Linux platforms (but to basically an empty
file). This change has been submitted upstream to both LLVM and gcc.
Notes:
- the special PowerPC SPE version of GCC cannot be affected, as only
uClibc-ng is used for this architecture, and uClibc-ng doesn't use
_TIME_BITS=64 (but now default to 64-bit time_t on 32-bit
architectures, like musl does).
- the special ARC version doesn't need patching because libsanitizer
doesn't support the ARC architecture, so it doesn't get built
Fixes:
http://autobuild.buildroot.net/results/ff2dbfdabf0bb6a0d82ea8a80122ab97fd75bd3f/https://gitlab.com/buildroot.org/buildroot/-/issues/16
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 81a4b6e7b8)
[Peter: drop 14.1.0 patch]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The kconfig infra defines a 'PKG_KCONFIG_MAKE' var that wraps all the
standard kconfig options. Switch to this so we aren't duplicating the
logic.
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 009d31b438)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The 'linux-diff-config' target fails with the below error when
PER_PACKAGE_DIRECTORIES is enabled and the 'host-finalize' target hasn't
run yet.
scripts/Kconfig.include:39: C compiler '.../buildroot/output/host/bin/arm-buildroot-linux-gnueabihf-gcc' not found
The 'PPD' variable isn't defined for this target, so 'BR_PATH' falls
back to the final host directory.
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 641084bfb3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The 'linux-savedefconfig' target fails with the below error when
PER_PACKAGE_DIRECTORIES is enabled and the 'host-finalize' target hasn't
run yet.
scripts/Kconfig.include:39: C compiler '.../buildroot/output/host/bin/arm-buildroot-linux-gnueabihf-gcc' not found
The 'PPD' variable isn't defined for this target, so 'BR_PATH' falls
back to the final host directory.
Reported-by: Nathaniel Roach <nroach44@gmail.com>
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit de11afaa34)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Runtime tests running on test runners are subject to a high
variability in term of performance and timing. Most or the runtime
test commands are executed with a timeout, in pexpect.
Slow or very loaded test runners can use the timeout_multiplier to
globally increase those timeouts.
Some runtime test commands sometimes needs to poll or query a state,
rather than having purely sequential actions. It is sometimes hard to
know, from the test writer point of view, the maximum timeout to set, or
if a retry logic is needed.
In order to help debugging runtime tests failing due very slow
execution, this commit adds extra information on the host test runner
about its load in the run log. Relevant information are: number of
cpus, the load average at the moment the emulator is started and the
current timeout_multiplier.
Note: this change was discussed in:
https://lists.buildroot.org/pipermail/buildroot/2024-July/759119.html
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7a6edbc7b9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The libpwquality package provides the pam_pwquality PAM module - the
replacement for pam_cracklib that was dropped from linux-pam back in
version 1.5.0. However, it currently installs it to the wrong place,
so passwd and friends fail to find it. This commit sets the security
directory path to /lib/security to match the corresponding setting in
linux-pam.mk.
Note that libpwquality has *always* installed pam_pwquality in the wrong
place, since version 1.3.0 was added to buildroot in 2017 in commit
462040443c. However, back then, linux-pam
version 1.3.0 still provided pam_cracklib for advanced password checking.
Linux-pam deprecated pam_cracklib in 1.4.0 but still built it for us when
linux-pam.mk set --enable-cracklib. Linux-PAM deleted pam_cracklib
altogether in 1.5.0, so it was not until our update to linux-pam-1.5.1
in commit 276f1e0a89 that pam_cracklib
became unavailable. After that point, pam_pwquality was the only
alternative for PAM-based password checking.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 541eb8bf7d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit allows the package patches to be applied with fuzz factor 0.
The fuzz factor specifies how many lines of the patch can be inexactly
matched, so the value 0 requires all lines to be exactly matched.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit f5226cd6b7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When using BR2_STATIC_LIBS=y, tinysshd's build was successful, but the
binary didn't work on the final target: this is because a dynamically
linked ELF was produced, on a target having no dynamic loader at all.
Using $(TARGET_CONFIGURE_OPTS) propagates all the options and not only
"CC", resulting in a correct static binary able to run on the target.
Without the patch:
> tinysshd: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV),
> dynamically linked, interpreter /lib/ld-musl-armhf.so.1, stripped
With the patch:
> tinysshd: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV),
> statically linked, stripped
Fixes: a7b3de8a3b
Signed-off-by: Martin Wetterwald <martin@wetterwald.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 90e22ff48b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Pass an empty value for udevdir to avoid the following host build
failure on one of the autobuilders:
/usr/bin/install -c -m755 -d /usr/lib/udev/rules.d
/usr/bin/install -c -m644 64-btrfs-dm.rules 64-btrfs-zoned.rules /usr/lib/udev/rules.d
/usr/bin/install: cannot create regular file '/usr/lib/udev/rules.d/64-btrfs-dm.rules': Permission denied
/usr/bin/install: cannot create regular file '/usr/lib/udev/rules.d/64-btrfs-zoned.rules': Permission denied
This build failure can be raised since the addition of the host variant
in commit ed69859a72. udev rules were
added by upstream in 2016 by
62c0666378
Fixes: ed69859a72
- http://autobuild.buildroot.org/results/c46238afe8d23cf4bff4e7290a5eaebd0640eb6e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8ce17e304b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This update addresses the issue of uClibc support by skipping ZFS tests
that require SEEK_DATA support.
This is a work-in-progress patch while we wait for an upstream fix.
Current upstream efforts can be followed here:
https://github.com/openzfs/zfs/pull/16169
Context:
- OpenZFS includes a test for a bug that occurs when copying a large
number of PUNCHED files.
- OpenZFS has backported this test to v2.2.x.
- uClibc does not support SEEK_DATA and SEEK_HOLE.
- The ZFS test `cp_stress` can not be compiled using uClibc.
This commit fix:
- https://gitlab.com/buildroot.org/buildroot/-/jobs/7391793226
Signed-off-by: José Luis Salvador Rufo <salvador.joseluis@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f17fa2c905)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Enable DES in openssl to avoid the following build failure raised since
commit a83d41867c:
crypto/apr_crypto_openssl.c: In function 'crypto_cipher_mechanism':
crypto/apr_crypto_openssl.c:385:27: error: implicit declaration of function 'EVP_des_ede3_cbc'; did you mean 'NID_des_ede3_cbc'? [-Wimplicit-function-declaration]
385 | key->cipher = EVP_des_ede3_cbc();
| ^~~~~~~~~~~~~~~~
| NID_des_ede3_cbc
Fixes: a83d41867c
- http://autobuild.buildroot.org/results/4b1088a705f8564f85e629316f5cfc92953f0047
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 8bb67c230b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Change the name from "Micro Python" (two words) to "MicroPython"
(camelcase), to match the official website and documentation.
Signed-off-by: J. Neuschäfer <j.neuschaefer@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 161c25aee1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with host gcc >= 14 which enables
-Werror=implicit-function-declaration
(https://gcc.gnu.org/gcc-14/porting_to.html):
configure:9998: checking build system compiler /usr/bin/gcc
configure:10011: /usr/bin/gcc conftest.c
conftest.c: In function 'main':
conftest.c:4:3: error: implicit declaration of function 'exit' [-Wimplicit-function-declaration]
4 | exit(0);
| ^~~~
conftest.c:1:1: note: include '<stdlib.h>' or provide a declaration of 'exit'
+++ |+#include <stdlib.h>
1 | int
conftest.c:4:3: warning: incompatible implicit declaration of built-in function 'exit' [-Wbuiltin-declaration-mismatch]
4 | exit(0);
| ^~~~
conftest.c:4:3: note: include '<stdlib.h>' or provide a declaration of 'exit'
configure:10014: $? = 1
configure:10021: result: no
configure:10026: error: Specified CC_FOR_BUILD doesn't seem to work
Fixes:
- http://autobuild.buildroot.org/results/3ab381f06d5dc030039b6f6f8d19feb55cf3367d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3bb426628c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the default (newest) kernel headers series changes the build can
break. Example error message:
Incorrect selection of kernel headers: expected 6.8.x, got 6.5.x
In the above case the defconfig used:
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="6.5.9"
The kernel headers were not specified, so the build defaulted to using
the kernel sources as header source and the default (newest) header
series. From .config:
BR2_KERNEL_HEADERS_AS_KERNEL=y
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_8=y
Signed-off-by: Gero Schwäricke <gero.schwaericke@posteo.de>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit eb519ad7cc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
*ucontext functions are only implemented for a subset of
uClibc supported architectures. To allow the external library
libucontext to be used this small patch is required.
Tested for riscv64.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f761a8c451)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release Notes: https://nodejs.org/en/blog/release/v20.15.1
Fixes the following CVE's:
CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High)
CVE-2024-22020 - Bypass network import restriction via data URL (Medium)
CVE-2024-22018 - fs.lstat bypasses permission model (Low)
CVE-2024-36137 - fs.fchown/fchmod bypasses permission model (Low)
CVE-2024-37372 - Permission model improperly processes UNC paths (Low)
Also these additional CVE's were fixed in the v20.12.1 and v20.12.2 releases [1][2]:
CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High)
CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows
NodeJS tests are passing:
$ ./support/testing/run-tests -o ./outputs/ -k tests.package.test_nodejs -d dl
12:02:58 TestNodeJSModuleHostSrc Starting
12:02:58 TestNodeJSModuleHostSrc Building
13:17:15 TestNodeJSModuleHostSrc Building done
13:17:23 TestNodeJSModuleHostSrc Cleaning up
.13:17:23 TestNodeJSModuleHostBin Starting
13:17:23 TestNodeJSModuleHostBin Building
14:06:15 TestNodeJSModuleHostBin Building done
14:06:20 TestNodeJSModuleHostBin Cleaning up
.14:06:20 TestNodeJSBasic Starting
14:06:20 TestNodeJSBasic Building
14:55:40 TestNodeJSBasic Building done
14:55:45 TestNodeJSBasic Cleaning up
LICENSE hash changed due to changes in vendored components:
* copyright year update and adding spdx identifier [1]
[1] https://nodejs.org/en/blog/release/v20.12.1
[2] https://nodejs.org/en/blog/release/v20.12.2
[3] d5a316f5ea
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bffb6a2339)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- fix alphabetical ordering
- put one module per line
- add comment explaining why options are enabled
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 5c20804afa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Lots of people are using broken text editors that 1. do not naturally
terminate text files with a final \n as is customary in UNIX text files,
and 2. do not respect our .editorconfig settings, which explicitly
require adding that final newline. See this nice summary of what a text
file is (with references to applicable standards):
https://stackoverflow.com/questions/12916352/shell-script-read-missing-last-line/12916758#12916758
So, it is not surprising that read does not read the last "line" of a
file, when said "line" does not end with a newline, because it is thus
not really a line.
Even though we do mandate actual text files, let's be a little bit lax
in this respect, because people may write packages, and their hash
files, in a br2-external tree, and they may not have our .editorconfig
in the directory heierarchy (e.g. if buildroot is a submodule of their
br2-external tree, or whatever).
mapfile does not suffer from this limitation, though, and correctly
reads all lines from a file, even the final line-that-is-not-a-line.
mapfile was introduced in bash 4.0, released on 2009-01-20, more than
15 years ago. Debian squeeze, released in 2011 already had bash 4.1.
Those are really ancient. So, it means we can indeed expect bash
version 4.0 or later; which means mapfile is available.
"It should be fine!"
Fixes: #15976
Reported-by: masonwardle@gmail.com
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit ac2e6b3927)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
According to https://spdx.org/licenses/, the correct license code for
the "Clarified Artistic License" is ClArtistic.
The only other package in Buildroot containing code under this license
is google-breakpad, and it is already using the ClArtistic SPDX code.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 2ca698051c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
`b4` is a commandline tool to make patch-based development easier[1]. It
is primarily used for Linux kernel development, but can be configured to
support any project that has a public-inbox endpoint. Buildroot has a
public-inbox mirror at "https://lore.kernel.org/buildroot/".
We configure some basic settings that tell `b4` where to send patches
and how to use get-developers.
[1] https://b4.docs.kernel.org/en/latest/
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 322213e131)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
User may get confused when they see the current hint, and take that as
the proper replacement, while we're only reporting the stem of the
variable name:
.../foo.mk:16: possible typo: BLA -> *FOO*
There is usually no easy way to actually suggest the proper variable
name, though, so let's make it a little bit more obvious that we meant
the variable was improperly prefixed:
.../foo.mk:16: possible typo, variable not properly prefixed: BLA -> *FOO_XXX*
And while at it, throw in the URL to the corresponding manual entry.
Adapt the test accordingly.
Reported-by: "Frager, Neal" <neal.frager@amd.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Ricardo Martincoski <ricardo.martincoski@datacom.com.br>
Reviewed-by: Neal Frager <neal.frager@amd.com>
[Arnout: also update new test, scoped -> prefixed]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 5836b79762)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, when a package defines an unprefixed variable, but its value
contains a properly prefixed expansion (or even just the name of a
variable), there is not error reported (e.g. with the recently fixed
composer issue):
BASE_SITE = https://getcomposer.org/download/$(COMPOSER_VERSION)/composer.phar
The reason is that he check is done on the whole line, rather than on
the variable that is being set.
We fix that by really looking at the variable we found, instead of
looking in the whole line.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Ricardo Martincoski <ricardo.martincoski@datacom.com.br>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit b0964df557)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts (partial) commit
e39ad96136, and
26642e4cc0, but also fixed additional
sites where the !BR2_RISCV_32 dependency is no longer needed, thanks
to the recently added
0001-src-xshmfence_futex.h-fix-build-on-32-bit-architectu.patch in
xlib_libxshmfence.
Signed-off-by: Thomas Devoogdt <thomas@devoogdt.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f30da3dc21)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In preparation to revert e39ad96136,
and (partial) 26642e4cc0.
xshmfence_futex.h: In function 'sys_futex':
xshmfence_futex.h:58:24: error: 'SYS_futex' undeclared (first use in this function); did you mean 'sys_futex'?
58 | return syscall(SYS_futex, addr1, op, val1, timeout, addr2, val3);
| ^~~~~~~~~
| sys_futex
Fixes:
- e39ad96136
Signed-off-by: Thomas Devoogdt <thomas@devoogdt.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 36c7b1f086)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There was an error in the pkg-cmake infra file regarding the selection
of the ASM compiler. Now that this has been fixed, overwriting the
ASM compiler selection is no longer necessary.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 6384744780)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CMAKE_ASM_COMPILER is supposed to point to a compiler wrapper (i.e.
gcc), _not_ to as directly. If it is not set, it will use the value of
CMAKE_C_COMPILER. That's exactly what we want, so there is no need to
set CMAKE_ASM_COMPILER at all.
For target, we don't set CMAKE_ASM_COMPILER either.
Setting CMAKE_ASM_COMPILER leads to build failures for any package that
actually tries to build .S files for the host - like llvm. This is why
llvm has an override for it.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 22af5f2939)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
To give us a chance to catch runtime issues (such as missing
dependencies) more easily, add a test that writes a sample PDF file,
read it back and verify the text that was read.
Like similar packages that lead to a big
rootfs (e.g. python-botocore), this test requires a separate ext2
rootfs to avoid filling the default amount of RAM available
entirely (which would cause missing files from the root filesystem and
in turn, test failures).
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 115e9493b8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that the mandatory dependency of MuPDF on X.org, we can also drop
this dependency from python-pymupdf.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit edfa6f2978)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It turns out that python-pymupdf doesn't require zlib directly, but it
does require the zlib python module.
This fixes the following runtime error:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.11/site-packages/fitz/__init__.py", line 22, in <module>
File "/usr/lib/python3.11/site-packages/fitz/fitz.py", line 3402, in <module>
File "/usr/lib/python3.11/gzip.py", line 9, in <module>
ModuleNotFoundError: No module named 'zlib'
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ba6baa019b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The X11 support in mupdf is actually optional, and it does require
libXext in addition to libX11, so adjust the packaging accordingly.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2c0d7b72c0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that MUPDF_CFLAGS and MUPDF_LDFLAGS are just TARGET_CFLAGS and
TARGET_LDFLAGS, drop them.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 90f0a48467)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
By default mupdf generates static libraries, shared libraries must be
enabled explicitely.
Also, when building shared libraries, mupdf's Makefile properly passes
-fPIC, so adding it manually to MUPDF_CFLAGS is not needed.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 401162d4a9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This variable might have been needed in the very distant past to help
mupdf find libraries, but mupdf's Makefile now properly uses
pkg-config to find the 5 libraries freetype2, gumbo, harfbuzz, libjpeg
and zlib, so our code has become redundant: drop it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f7deaa1330)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The build of gcc with Fortran support is broken on gcc 12.x and gcc
13.x, it fails with:
../../../libgfortran/generated/bessel_r8.c: In function 'bessel_yn_r8':
../../../libgfortran/generated/bessel_r8.c:178:1: internal compiler error: in gen_reg_rtx, at emit-rtl.cc:1167
This issue has been fixed in gcc 14.x, which builds a Microblaze
Fortran-capable toolchain successfully.
Since we're not really interested in figuring out the commit that
fixed the problem, let's simply disallow the selection of Fortran with
gcc12/13 on Microblaze.
Fixes:
http://autobuild.buildroot.net/results/5b4eee1d9b119c9f923f9518618f45a6482ddc85/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
(cherry picked from commit 41f2567618)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In commit 809fdb3a7a ("package/gdb:
remove gdb 10.x") and
030497be18 ("package/gdb: remove support
for GDB 11.x"), we forgot to drop the no longer needed hashes from
gdb.hash. Let's do this now.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
(cherry picked from commit 538a99a33a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cdrkit.org no longer works, and there is no obvious homepage for this
dead project. Use the Wikipedia page as a replacement.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit aa549fb95f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
similar to previous problems with nios2 and not-available atomic ints
the build for Boost.Atomics also fails for ARC Targets which don't
have the ATOMICS_EXT flag set.
according to [0] "Boost.Atomic has a hard requirement of the native
atomic operations on bytes". The same tests mentioned there fail for
ARC without the atomic extension.
Disable BR2_TOOLCHAIN_SUPPORTS_ALWAYS_LOCKFREE_ATOMIC_INTS for BR2_arc
without BR2_ARC_ATOMIC_EXT.
Fixes:
http://autobuild.buildroot.net/results/4ca54a85672d7b9328b1909b457e548c6032a493
[0] https://github.com/boostorg/atomic/issues/42#issuecomment-734130348
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
[Arnout: add to BR2_TOOLCHAIN_SUPPORTS_ALWAYS_LOCKFREE_ATOMIC_INTS
instead of updating all packages]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit ad71b415c1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The build logic in source/cmake/FindNeon.cmake caused the x265 build
system to always think that the CPU supports neon: it was looking in
/proc/cpuinfo, which of course is wrong when cross-compilation, but
then the sequence of grep was interacting badly with CMake, causing
the build system to always conclude that the CPU supports NEON.
This causes runtime issues on ARMv6.
Setting -DCROSS_COMPILE_ARM=1 fixes this, as it tells the x265 build
system we are cross-compiling and it skips its bogus NEON check. So
for ARMv6, we pass -DCROSS_COMPILE_ARM=1.
But then, we still want NEON for ARMv7 processors with NEON, so this
commit adds a patch that allows to explicitly specify whether the CPU
supports NEON, in the -DCROSS_COMPILE_ARM=1 case, and we use this
option when BR2_ARM_CPU_HAS_NEON.
For those wondering why -DCROSS_COMPILE_ARM=1 is not passed for all
ARM platforms: it's because from the perspective of x265, only ARM >=
v6 is ARM: it has assembly code that needs at least ARMv6. Earlier ARM
platforms are not detected as ARM by the x265 build logic, and
therefore fallback on generic code.
This has been build-tested on:
- ARMv5: generic code is used, no assembly
- ARMv6: assembly code is used, but not with NEON support
- ARMv7 with NEON: assembly code is used, with NEON support
Reported-by: David Barbion <davidb@230ruedubac.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1fbd26f831)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As we're about to do some other fixes in x265 ARM build, let's replace
the patch fixing gcc option by:
- A patch generated by git format-patch now that x265 upstream uses
Git
- Is re-submitted upstream
- Only drops the flags, and does not add bogus ARM architecture
aliases that don't exist in the CMake world.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9d62687d00)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
GNU Octave supports the --with-sndfile configure option since v4.0.0.
For reference, commit 40ea68b4b2 "package/octave: new package"
introduced the package at v7.1.0.
This commits adds this optional support.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a5ce48fe45)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This allows uvw to be again in sync with the libuv package, following
the bump of libuv to v1.48 in commit
bd2f99246c ("package/libuv: security
bump to version 1.48")
The hash of the license file has changed due to a copyright year
update.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c54134bf69)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
net/http: denial of service due to improper 100-continue handling
The net/http HTTP/1.1 client mishandled the case where a server responds to
a request with an "Expect: 100-continue" header with a non-informational
(200 or higher) status. This mishandling could leave a client connection in
an invalid state, where the next request sent on the connection will fail.
An attacker sending a request to a net/http/httputil.ReverseProxy proxy can
exploit this mishandling to cause a denial of service by sending "Expect:
100-continue" requests which elicit a non-informational response from the
backend. Each such request leaves the proxy with an invalid connection, and
causes one subsequent request using that connection to fail.
Thanks to Geoff Franks for reporting this issue.
This is CVE-2024-24791
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When build host has a many CPUs (more that 20) and GNU Make 4.4
(included for example in Fedora 40), fwts can randomly fail to build.
This commit adds a package patch to fix the issue.
Fixes:
mv: cannot stat 'dtcompilerparser.tab.c': No such file or directory
mv: cannot stat 'prparser.tab.c': No such file or directory
See also:
https://github.com/fwts/fwts/issues/7
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f6d9fa3692)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add bsdunzip option to avoid the following build failure raised since
bump to version 3.7.1 in commit 7991d2c48a and
c157e4ce8e:
CCLD bsdunzip
/home/autobuild/autobuild/instance-4/output-1/host/lib/gcc/powerpc-buildroot-linux-musl/12.3.0/../../../../powerpc-buildroot-linux-musl/bin/ld: cannot find -lz: No such file or directory
By handling it explicitly, we can specify whether the dynamic or static
library should be used, according to what we actually have available.
Fixes:
- http://autobuild.buildroot.org/results/aaf7fdefa0b7bd7e5ac743487c197544c1a2ce6f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit bbc08b15ae)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This issue was introduced back in 2009 with commit
e11fe847b2 that created the generic
package infrastructure.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit bd0d5498ea)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When BR2_SHARED_LIBS=y (shared libraries only) and BR2_PIC_PIE=y
(Build code with PIC/PIE), the toolchain-wrapper will try to enable
position-independent code/executables. See [1]. This configuration
is a common default.
Xvisor was likely tested only with RISC-V gcc from [2], which will
not enable PIE by default. Since Xvisor is a Type 1 hypervisor, it
needs the same kind of special treatment as U-Boot or Kernel.
This commit adds a patch to explicitly force static linking and
disable PIE for RISC-V architecture.
[1] https://git.buildroot.org/buildroot/tree/toolchain/toolchain-wrapper.c?h=2023.05.1#n392
[2] https://github.com/riscv-collab/riscv-gnu-toolchain
Signed-off-by: Julien Olivain <ju.o@free.fr>
[Arnout: renumber patch]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 28925c6c86)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Integrate a patch, which was submitted upstream, to work-around an
issue with the SPARC kernel headers. The kernel headers have been
fixed in the upstream kernel (in the to-be-released 6.10 kernel), but
we need a workaround for the older toolchains, until we believe 6.10
is "old" enough to be able to drop the workaround.
Fixes:
http://autobuild.buildroot.net/results/272c464ed4f9392535fa3b7613218dbd03acf901/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b162aab7c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Although the asciidoc toolchain accepts any number of ~ to delimit a
listing block (i.e. a code block), it is actually specified to be
exactly four, i.e. ~~~~. Currently, a mix of diffrent numbers of ~ are
being used - sometimes even a different number at the beginning and at
the end of the block.
Normalize this to always use exactly four ~ for the delimiter.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 447fa1fca4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently the text for each package infra that mentions the usage of
variables already provided by the generic infra diverge from each other:
- some (golang, kconfig, python) add a cross-referece to the generic
infra chapter;
- kconfig does not list any example;
- some mention _LICENSE as an example, others don't;
- some (cargo, golang, python) add an 'etc.' at the end of the examples,
giving the idea that can be more symbols provided by the generic
infra than the ones listed;
- most have the text 'works by defining a number of variables before
calling the +<macro-name>+ macro', except golang and kconfig;
- some actually list 'A few additional variables' but keep using some
old reference as 'An additional variable';
- some say 'First, all the package metadata' and other only 'All the
package metadata';
- most mention _SUBDIR as an example of variable supported by the
generic infra, even the generic infra manual not mentioning it.
Improve the correctness for the manual by standardizing the text among
the package infras:
- use the same text "All the package metadata information variables that
exist in the generic package infrastructure also exist in the
<name> infrastructure:" for all of them;
- add the cross-reference for all of them;
- remove the examples of variables inherited from the generic infra -
this also solves the _SUBDIR problem, there no longer is any reference
to _SUBDIR;
- wrap the modified text at 80 columns;
- add "macro" to golang and luarocks infra;
- use "A few additional variables" for qmake and waf.
At same time, add a missing format on golang manual for
BR2_PACKAGE_HOST_GO_HOST_ARCH_SUPPORTS.
Cc: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
[Arnout:
- remove the examples;
- add "the" where "macro" was added;
- rewrite the preceding paragraphs for kconfig to make it more
consistent.
]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 4286c89f9d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Each linux tool uses a fragment of a .mk file, named, for instance:
package/linux-tools/linux-tool-cpupower.mk.in
So currently check-package does not check these files.
Add the support in check-package script.
At the same time, factor out a function to derive package prefix from
the filename being checked, so the fix (calling os.path.splitext twice)
can be applied in a single place.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
[Arnout: add docstring and explain double splitext to
get_package_prefix_from_filename]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit ccc12c0f24)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release Notes: https://nodejs.org/en/blog/release/v20.12.0
LICENSE hash changed due to changes in vendored components:
* copyright year updates [1][2]
* version name update [3]
* change from "Unicode, Inc. License - Data Files and Software"
to the "Unicode License v3" [4]. This is in the icu vendored
dependency which is unused in buildroot.
* new build tooling script [5] under BSD style license
NodeJS tests are passing:
$ ./utils/docker-run ./support/testing/run-tests -o ./outputs/ -k tests.package.test_nodejs
13:40:05 TestNodeJSModuleHostSrc Starting
13:40:06 TestNodeJSModuleHostSrc Building
14:05:52 TestNodeJSModuleHostSrc Building done
14:06:02 TestNodeJSModuleHostSrc Cleaning up
.14:06:02 TestNodeJSModuleHostBin Starting
14:06:03 TestNodeJSModuleHostBin Building
14:24:25 TestNodeJSModuleHostBin Building done
14:24:31 TestNodeJSModuleHostBin Cleaning up
.14:24:31 TestNodeJSBasic Starting
14:24:32 TestNodeJSBasic Building
14:42:53 TestNodeJSBasic Building done
14:43:02 TestNodeJSBasic Cleaning up
.
----------------------------------------------------------------------
Ran 3 tests in 3776.679s
OK
[1] 347e1dd06a
[2] b88170d602
[3] c8233912e9
[4] 625fd69b76
[5] b5bc597871
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e86fa6bdb4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The patch adds .hash files for Arm trusted firmware, Linux, Linux headers
and U-Boot and then enables BR2_DOWNLOAD_FORCE_CHECK_HASHES. With this, we
can now drop the defconfig from .checkpackageignore.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 751228436a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
qt5webkit build currently breaks on the following error:
XSLStyleSheetLibxslt.cpp:148:129: error: invalid conversion from ‘void (*)(void*, xmlError*)’ {aka ‘void (*)(void*, _xmlError*)’} to ‘xmlStructuredErrorFunc’ {aka ‘void (*)(void*, const _xmlError*)’} [-fpermissive]
148 | XMLDocumentParserScope scope(cachedResourceLoader(), XSLTProcessor::genericErrorFunc, XSLTProcessor::parseErrorFunc, console);
| ^
| |
| void (*)(void*, xmlError*) {aka void (*)(void*, _xmlError*)}
This error is due to an API update in libxml2, enforcing const on more
struct in version 2.12.0 (see [1]). Buildroot now tracks v2.12.5.
Upstream Webkit project has already issued the corresponding fix ([2]),
which updates corresponding internal prototypes depending on libxml2
version, but the qt5webkit version tracked in buildroot does not integrate
the corresponding Webkit version.
Fix this build issue by bringing the upstream patch "as is" from Webkit
No autobuilder references because this build error was hidden by
another build error fixed in a previous patch.
[1] https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.0
[2] 1bad176b24
Signed-off-by: Alexis Lothoré <alexis.lothore@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e24a117388)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
qt5webkit build currently fails with the following error:
[...] parser.rb:587:in `block in parseSequence': undefined method `=~' for an instance of Annotation (NoMethodError)
from <internal:kernel>:187:in `loop'
from /home/alexis/src/buildroot_min/output/build/qt5webkit-5.212.0-alpha4/Source/JavaScriptCore/offlineasm/parser.rb:586:in `parseSequence'
from /home/alexis/src/buildroot_min/output/build/qt5webkit-5.212.0-alpha4/Source/JavaScriptCore/offlineasm/parser.rb:654:in `block in parseSequence'
from <internal:kernel>:187:in `loop'
from /home/alexis/src/buildroot_min/output/build/qt5webkit-5.212.0-alpha4/Source/JavaScriptCore/offlineasm/parser.rb:586:in `parseSequence'
from /home/alexis/src/buildroot_min/output/build/qt5webkit-5.212.0-alpha4/Source/JavaScriptCore/offlineasm/parser.rb:814:in `parseData'
from /home/alexis/src/buildroot_min/output/build/qt5webkit-5.212.0-alpha4/Source/JavaScriptCore/offlineasm/parser.rb:818:in `parse'
from /home/alexis/src/buildroot_min/output/build/qt5webkit-5.212.0-alpha4/Source/JavaScriptCore/offlineasm/parser.rb:780:in `block in parseSequence'
from <internal:kernel>:187:in `loop'
from /home/alexis/src/buildroot_min/output/build/qt5webkit-5.212.0-alpha4/Source/JavaScriptCore/offlineasm/parser.rb:586:in `parseSequence'
from /home/alexis/src/buildroot_min/output/build/qt5webkit-5.212.0-alpha4/Source/JavaScriptCore/offlineasm/parser.rb:625:in `block in parseSequence'
from <internal:kernel>:187:in `loop'
from /home/alexis/src/buildroot_min/output/build/qt5webkit-5.212.0-alpha4/Source/JavaScriptCore/offlineasm/parser.rb:586:in `parseSequence'
from /home/alexis/src/buildroot_min/output/build/qt5webkit-5.212.0-alpha4/Source/JavaScriptCore/offlineasm/parser.rb:814:in `parseData'
from /home/alexis/src/buildroot_min/output/build/qt5webkit-5.212.0-alpha4/Source/JavaScriptCore/offlineasm/parser.rb:818:in `parse'
from /home/alexis/src/buildroot_min/output/build/qt5webkit-5.212.0-alpha4/Source/JavaScriptCore/offlineasm/generate_offset_extractor.rb:68:in `<main>'
This issue is due to =~ being marked as deprecated since a few Ruby
versions, and finally removed in 3.2.0 [1]. This now breaks the build since
buildroot has moved to Ruby v3.3.0.
The corresponding fix has already been issued in upstream Webkit project
[2], but qt5webkit version tracked in buildroot does not have the
corresponding webkit version pulled. Fix this build error by bringing the upstream
patch. The patch is slightly modified (exclude part about Changelog file,
which is absent from qt5webkit)
Fixes:
http://autobuild.buildroot.net/results/21397b110fe02e5711ecb1d35be2108221751b0a/
[1] https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released/
[2] c7d19a492d
Signed-off-by: Alexis Lothoré <alexis.lothore@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 51ef6691ac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 8f88a644ed ("support/scripts/apply-patches.sh: set the maximum
fuzz factor to 0") reduced the fuzz factor.
Due to this change, qt5webkit fails to build with output:
Applying 0004-Remove-invalid-g_object-declarations-to-fix-build-wi.patch using patch:
patching file Source/WTF/wtf/glib/GRefPtr.h
Hunk #1 FAILED at 29.
1 out of 1 hunk FAILED -- saving rejects to file Source/WTF/wtf/glib/GRefPtr.h.rej
This commit refreshes the package patch on the current package version.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6d0cce7dab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since there are no more packages using FTP-hosted files, we can drop
the --passive-ftp option from genrandconfig, as it would cause
problems on systems that use wget2.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 881a8f1346)
[Peter: slightly reword commit message, no curl backend here]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We're going to add hashes soon, so we'll need to have that directory
populated with hash files, and it would then be a bit confusing to not
have the patch file in the patches directory...
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Alex Suykov <alex.suykov@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 552a8cec8c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Backport a patch from upstream that adds the magic number for the
bcachefs superblock. Otherwise, systemd 254.13 fails to compile with
the latest kernel versions.
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f3c1f667dc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ENABLE_SYSTEMD option has been removed from ubus by upstream commit:
96ab0b3032f5 ubusd: remove systemd socket activation support
From a Buildroot perspective, this means that this systemd socket
activation feature no longer exists since Buildroot commit
130be80d34 ("ubus: bump version"), as we
bumped ubus from 259450f414d8c9ee41896e8e6d6bc57ec00e2b63 to
34c6e818e431cc53478a0f7c7c1eca07d194d692 in this commit, and the
96ab0b3032f5 ("ubusd: remove systemd socket activation support")
commit is in this range. It was therefore dropped upstream in 2016,
and in Buildroot in 2017.
Signed-off-by: Jan Havran <havran.jan@email.cz>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 60c8807c69)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The package compilation for the raspberrypi3_qt5we_defconfig raises the
following error:
In file included from buildroot/output/build/snappy-1.1.10/snappy.cc:29:
buildroot/output/build/snappy-1.2.1/snappy-internal.h: In function ‘snappy::internal::V128 snappy::internal::V128_Shuffle(V128, V128)’:
buildroot/output/build/snappy-1.2.1/snappy-internal.h:109:10: error: ‘vqtbl1q_u8’ was not declared in this scope; did you mean ‘vtbl1_u8’?
109 | return vqtbl1q_u8(input, shuffle_mask);
| ^~~~~~~~~~
| vtbl1_u8
make[4]: *** [CMakeFiles/snappy.dir/build.make:118: CMakeFiles/snappy.dir/snappy.cc.o] Error 1
The issue was raised by commit b3fb0b5b4b076 ("Enable vector byte
shuffle optimizations on ARM NEON") contained in version 1.1.10.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 01f35f8875)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add missing stdio.h include. Without this includes, the build fails
with the following error under GCC 14.x:
../../../com32/lib/syslinux/debug.c: In function ‘syslinux_debug’:
../../../com32/lib/syslinux/debug.c:91:5: error: implicit declaration of function ‘printf’ [-Wimplicit-function-declaration]
91 | printf("Dynamic debug unavailable\n");
Signed-off-by: Lance Fredrickson <lancethepants@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3b9d62dac5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
GNU Octave supports the --with-openssl configure option since v4.0.0.
For reference, commit 40ea68b4b2 "package/octave: new package"
introduced the package at v7.1.0.
This commits adds this optional support.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0e2c2810dc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 8f88a644ed "support/scripts/apply-patches.sh: set the maximum
fuzz factor to 0" reduced the fuzz factor.
Due to this change, exim fails to build with output:
Applying 0004-exim_lock-fix-lstat-related-build-errors.patch using patch:
patching file src/exim_lock.c
Hunk #1 FAILED at 13.
Hunk #2 succeeded at 27 (offset 1 line).
1 out of 2 hunks FAILED -- saving rejects to file src/exim_lock.c.rej
This commit rebases the package patches on the current package version
when needed.
Fixes:
http://autobuild.buildroot.net/results/ff27d5ebd7f24ac8cb236b83c67c2c75255e51c6/
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Reviewed-by: Yann E. MORIN <yann.morin@orange.com>
Tested-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 20973140c1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mathieu privately informed me that he no longer has access to the
TS4900 board, he is therefore unable to maintain this board moving
forward. Let's drop his entry from the DEVELOPERS file.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 39d23ce823)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Import a patch that has been backported by upstream to the 2.44 release
branch that fixes the build when the target is an ARM processor that
supports NEON instructions.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8502ac71aa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit ecc0c1fb12 (package/openssh: disable async-signal-unsafe code in
sshsigdie()) add a patch for CVE-2024-6387 but forgot to add an _IGNORE_CVES
entry. Fix that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The "msd" (mass storage device) firmware files in 2021.07.01 don't
work with some newer CM4 based devices, the one I had issues with is a
RevPi Connect 4. Updating fixes the issue. Mass storage device mode is
required to flash the eMMC of CM4 devices.
Signed-off-by: Fiona Klute <fiona.klute+wiwa@gmx.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fbd9a3f311)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, the stmmac driver is configured as a module in the defconfig, which
means that the network functionality is not available until the driver module
is manually inserted.
Use extra config fragment to integrate it directly into the kernel, ensuring that network
functionality is available immediately upon boot.
Signed-off-by: Aleksandr Makarov <aleksandr.o.makarov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 54c82a2375)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit c366ecb95e.
While the change is correct, it causes quite some fallout from packages
using the ENGINE_* API functions without selecting
BR2_PACKAGE_LIBOPENSSL_ENGINES, so drop it from the stable branch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This introduces the default issue template, to help users provide issues
that are meaningful, and that will help reproduce the issue.
If needed, we can add more templates in the future.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
[Arnout:
- add link to mailing list;
- rephrase "pristine Buildroot";
- add a checklist item for "I'm using latest commit";
- add a checklist item for "make clean; make";
- add formal items for Buildroot commit sha1 and distro.]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 32aacc4737)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream has changed the archive for the 2.0.7 release since we bumped
in c1f820bd88 (package/daq: bump version to 2.0.7). Comparing the old
archive as it is on s.b.o. with the one currently available on upstream,
gives a few deltas, mostly;
- (C) years changed in comments
- version string changed from 2.0.6 to 2.0.7
- changes (that look legit) to autostuff
- a file dropped (Visual Studio related)
Of course, that means the hashes changed, and no longer match what we
have.
Downloading the file manually and letting wget set the timestamp on it,
reveals the archive is dated 2022-06-08T13:51:59. So, for more than two
years now, we've been relying on the archive we cached on s.b.o.
So, we can't just change the hashes to the new ones, nor can we replace
the archive on s.b.o.
Instead, we use the same trick as was used in c617ebbc97
(package/python-*: fix hashes for cargo-vendored python packages): we
use the actual, real URL with a query parameter as the _SITE, and we set
_SOURCE to a different name so as not to conflict with the previous
archive.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 9e00cceb60)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The commit fixes the following compilation error:
i686-buildroot-linux-gnu-gcc.br_real: error: unrecognized command-line option ‘-fforce-mem’
From GCC 4.3 release notes [1]:
The -fforce-mem option has been removed because it has had no effect
in the last few GCC releases.
[1] https://gcc.gnu.org/gcc-4.3/changes.html
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 89ba9c5a0b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 8f88a644ed ("support/scripts/apply-patches.sh: set the maximum
fuzz factor to 0") reduced the fuzz factor.
Due to this change, libmad fails to build with output:
Applying mips-gcc4.4.diff using series:
patching file fixed.h
Hunk #1 FAILED at 297.
1 out of 1 hunk FAILED -- saving rejects to file fixed.h.rej
The package applied the patches in two steps, first the local ones and
then the official ones downloaded from the repository. The commit fixes
the issue by reversing the order of patch application steps.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit b21184a877)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerability:
- CVE-2024-4323: A memory corruption vulnerability in Fluent Bit versions
2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing
of trace requests and may result in denial of service conditions,
information disclosure, or remote code execution.
https://fluentbit.io/announcements/v2.2.3/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Even though the "no-engine" option effectively disables the compilation
of the engine, it still creates the installation directory, which ends up
being empty. For this reason, the patch does not remove the hook for
removing the directory if the BR2_PACKAGE_LIBOPENSSL_ENGINES option is
not enabled.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 623d3bbe43)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With version 3.2.0 of OpenSSL, the "no-apps" configuration option was
added, which does not build apps, e.g. the openssl program. This is
handy for minimization. This option also disables tests.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e0bdc5ddb8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The patch expresses the same condition in positive logic, consistent
with what has been coded in other parts of the module and generally
in Buildroot.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c2761b5266)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The bump to version 3.0.9 in commit 3c66f65a6a (package/libopenssl:
bump version to 3.0.9), and all subsequent updates, forgot to change
the directory name, which remained that of version 1.1. The patch
fixes the directory name to be consistent with the version.
In the case the library was not built with engine support, this resulted
in the presence of files in the root file system that should have been
removed.
Fixes: 3c66f65a6a
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7f9291bfe4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit f77d698f83 changed apply-patches to
use $TAR instead of `tar`, but did not define a fallback if $TAR is not
defined. This results in an error when calling apply-patches.sh from
outside Buildroot's Makefile. Our team uses this script to setup local
checkouts of Buildroot package's with patches for development.
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 118c824b56)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Note that here, it is in fact not really relevant. We only extract a
tarball, and we don't use any "modern" or GNU-only options like
--strip-components. However, for consistency it's better to use the same
tar everywhere.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: "Maier, Brandon L Collins" <Brandon.Maier@collins.com>
Reviewed-by: brandon.maier@collins.com
[Arnout: quote TAR="..."]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit f77d698f83)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the release notes:
================================================================================
Redis 7.2.5 Released Thu 16 May 2024 12:00:00 IST
================================================================================
Upgrade urgency MODERATE: Program an upgrade of the server, but it's not urgent.
Bug fixes
=========
* A single shard cluster leaves failed replicas in CLUSTER SLOTS instead of removing them (#12824)
* Crash in LSET command when replacing small items and exceeding 4GB (#12955)
* Blocking commands timeout is reset due to re-processing command (#13004)
* Conversion of numbers in Lua args to redis args can fail. Bug introduced in 7.2.0 (#13115)
Bug fixes in CLI tools
======================
* redis-cli: --count (for --scan, --bigkeys, etc) was ignored unless --pattern was also used (#13092)
* redis-check-aof: incorrectly considering data in manifest format as MP-AOF (#12958)
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 61a7edc0c8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It is perfectly valid for a patch file to have trailing spaces, when for
example an empty or space-only line is appears in a hunk: if the line if
part of the context, whether it be empty or with only spaces, there will
aways be the leading space introduced by the patch itsef, making for a
sapce-only line; if the line is space-only and removed (or added) that
will also appear as a space-only line.
Currently, our editorconfig wants to unconditionally drop trailing
spaces, so when one edits a patch file to add their SoB and Upstream
tags, such a patch would get badly mangled and would not apply, causing
quite some grief and questioning (sad experience looming in the recent
past here)...
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 85736a27c8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The matching in genrandconfig is idiomatically done by matching whole
lines, i.e. with the terminating \n but a few places are missing that.
Those are only matching against '=y', a boolean symbol, so it is in
practice not causing any issue. Still, for consistency, fix those.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8b8f5e3366)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Previously, when running `PYTHON3_REMOVE_USELESS_FILES`, the hook to
clean up files from the python config directory assumed a pattern of
"config-$(VERSION)m-$(PLATFORM_TRIPLET)".
However, the "m" ABI suffix was dropped in python 3.8, so the hook would
never actually find files to delete. No error was raised due to the use
of a subshell to invoke find.
Also, if a platform triplet is not detected during the configure stage,
the config directory (LIBPL) defaults to `config-$VERSION`, and has no
trailing `-$PLATFORM_TRIPLET`.
Now, we glob anything after the version to ensure files get deleted.
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a1efb5427b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When running a test that uses host-python-setuptools using the Buildroot
Docker image, for example running the following command,
> ./utils/docker-run ./support/testing/run-tests -o output -s -k tests.package.test_python_pytest.TestPythonPy3Pytest
The build fails with the following error,
> File "/home/blmaier/buildroot/output/TestPythonPy3Pytest/build/host-python-setuptools-69.2.0/setuptools/_distutils/dist.py", line 354, in _gen_paths
> yield pathlib.Path('~').expanduser() / filename
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> File "/home/blmaier/buildroot/output/TestPythonPy3Pytest/host/lib/python3.11/pathlib.py", line 1385, in expanduser
> raise RuntimeError("Could not determine home directory.")
> RuntimeError: Could not determine home directory.
>
> ERROR Backend subprocess exited when trying to invoke get_requires_for_build_wheel
Python setuptools is looking for $HOME but failing to find it.
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 4dafb8b5c2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Later commits will start using this variable.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
[Arnout: quote TAR="..."]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit ce6b48c2cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The Debian control aarchive does not contain any patch for liblockfile
1.17; it has had no patch since Debian packaged version 1.16-1.1.
Drop the path tarball now.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
[Arnout: also drop from hash file]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit f84c8d1716)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
No functional change as we install a python symlink, but use python3 for
consistency with the other scripts.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit ed9288505c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Host build fails on updated Arch Linux desktop.
My current /usr/bin/gcc version is 14.1.1 20240522, where
implicit-function-declaration cause build to fail:
2024-06-05T07:03:20 libtool: compile: /home/roy/hymatek/connexi-touchpanel-firmware/mxxf1/output/host/bin/ccache /usr/bin/gcc -DHAVE_CONFIG_H -I. -I.. -I. -I../include -Iinclude -I../src -I/home/roy/hymatek/connexi-touchpanel-firmware/mxxf1/output/host/include -Wall -O2 -I/home/roy/hymatek/connexi-touchpanel-firmware/mxxf1/output/host/include -fexceptions -c ../src/tramp.c -fPIC -DPIC -o src/.libs/tramp.o
2024-06-05T07:03:20 ../src/tramp.c: In function ‘ffi_tramp_get_temp_file’:
2024-06-05T07:03:20 ../src/tramp.c:262:22: error: implicit declaration of function ‘open_temp_exec_file’ [-Wimplicit-function-declaration]
2024-06-05T07:03:20 262 | tramp_globals.fd = open_temp_exec_file ();
2024-06-05T07:03:20 | ^~~~~~~~~~~~~~~~~~~
Patch from master was added to fix build.
Signed-off-by: Roy Kollen Svendsen <roy.kollen.svendsen@akersolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following CVEs:
CVE-2024-24789: archive/zip: mishandling of corrupt central directory record
CVE-2024-24790: net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When using imx-mkimage 6.1.36_2.1.0 or later, an additional data structure
is inserted in the generated image. The FIT external data position passed
to the uboot mkimage program needs to be adjusted accordingly.
Fixes: https://bugs.busybox.net/show_bug.cgi?id=15973
Fixes: 72de789023 ("package/imx-mkimage: bump version to lf-6.1.36-2.1.0")
Tested-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Sébastien: Tested on i.MX8MM EVK and i.MX8MP EVK]
[Sébastien:
- fix subject
- add Tested-by tag
- fix Fixes tags
]
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit baaf7f738a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It has been well over 10 years since glibc 2.14 was released; the last
Debian version that had an earlier glibc was Wheezy, which Freexian
stopped to maintain as an ELTS in June 2020, 4 years ago, while the
oldest still maintained Ubuntu has glibc 2.21. It is now safe to assume
glibc 2.14 on all major, relevant distributions nowadays.
The distutils module is no longer bundled with python 3.12 so this
eliminates the need to install additional python modules under python
3.12.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr: add Debian and Ubuntu references]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 929a491f40)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When systemd and tpm2-tss with fapi support are enabled, the fakeroot
script fail with:
<stdin>:35: Failed to resolve user 'tss': No such process.
When fapi support is enabled, tpm2-tss package install additional
configuration files that are expecting tss user and group exist [1].
/etc/sysusers.d/tpm2-tss.conf
/etc/tmpfiles.d/tpm2-tss-fapi.conf
The build fail in the fakeroot environment while handling tmpfiles
installed by tpm2-tss with fapi by host-systemd.
tss user and group is currently created by the tpm2-abrmd package but
tpm2-tss package also provide a udev rule file tpm-udev.rules [2] that
set the ownership of dev nodes /dev/tpmX and /dev/tpmrmX to tss
user/group. So tpm2-tss package must define TPM2_TSS_USERS to create
tss user and group, not tpm2-abrmd package.
So, move TPM2_ABRMD_USERS to TPM2_TSS_USERS.
Note: tpm2-abrmd is nowadays deprecated since the in-kernel Resource
Manager (available since kernel 4.12) is preferred [3].
[1] https://github.com/tpm2-software/tpm2-tss/blob/4.1.3/INSTALL.md?plain=1#L184
[2] https://github.com/tpm2-software/tpm2-tss/blob/4.1.3/dist/tpm-udev.rules
[3] https://github.com/tpm2-software/tpm2-abrmd/blob/3.0.0/README.md?plain=1#L39
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2cdd3d1ccf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The tarball (with .tar.gz extension but same content) is also available over
https from sourceforge, so use that instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e5993e6cd4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The ftp server does not respond, so change to https:// instead. Here the
3.2.6 version is under older_versions.
wget ftp://ftp.ncftp.com/ncftp/ncftp-3.2.6-src.tar.gz
--2024-06-03 08:10:44-- ftp://ftp.ncftp.com/ncftp/ncftp-3.2.6-src.tar.gz
=> ‘ncftp-3.2.6-src.tar.gz’
Resolving ftp.ncftp.com (ftp.ncftp.com)... 209.197.102.38
Connecting to ftp.ncftp.com (ftp.ncftp.com)|209.197.102.38|:21... ^C
http redirects to https, so update the help text to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3eb84214a1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The ftp server does not allow anonymous login, causing the download to fail:
wget --passive-ftp -nd -t 3 -O '/home/peko/source/buildroot/output-qt/build/.lynx2.8.9rel.1.tar.bz2.XlcdCK/output' 'ftp://ftp.invisible-island.net/lynx/tarballs/lynx2.8.9rel.1.tar.bz2'
--2024-06-02 22:21:49-- ftp://ftp.invisible-island.net/lynx/tarballs/lynx2.8.9rel.1.tar.bz2
=> ‘/home/peko/source/buildroot/output-qt/build/.lynx2.8.9rel.1.tar.bz2.XlcdCK/output’
Resolving ftp.invisible-island.net (ftp.invisible-island.net)... 216.194.253.29
Connecting to ftp.invisible-island.net (ftp.invisible-island.net)|216.194.253.29|:21... connected.
Logging in as anonymous ...
Login incorrect.
Luckily the tarball is also available over https://, so use that instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr:
- use https, not http
- drop trailing '/' in _SITE
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d946d31325)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ftp.astrom.com also serves the files over https://, so use that instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: use https, not http]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 02f6617b68)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For consistency, adapt the reference in the hash file too.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: switch to https as suggested by Baruch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 1efc1e7b90)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since qt5base was last bumped in 8ab4a0a348 (package/qt5: bump packages
to latest kde submodule versions), the hash for the downloaded tarball
has changed:
$ make qt5base-source
[...]
ERROR: expected: 935d01f5c34903ad9e979431cec7a8a59332ed3fc539e639f5ba87e8d6989b9d
ERROR: got : 3067c4d84ba9927bfe65bf606c17af082199e0a3b22781fbf9bc6c6bc3de26dd
We know the hash was good back when 8ab4a0a348 was applied, because
the tarball has been cached on sources.buildroot.org with the expected
hash:
$ curl 'https://sources.buildroot.net/qt5base/qtbase-da6e958319e95fe564d3b30c931492dd666bfaff.tar.bz2' 2>/dev/null |sha256sum -
935d01f5c34903ad9e979431cec7a8a59332ed3fc539e639f5ba87e8d6989b9d -
But now, the archive generated by the KDE gorge (Gitlab underneath) has
another hash (as seen above). This means that the KDE forge (Gitlab) has
changed the way it generates archives. So, what's the delta? It turns
out that the only changes are about CRLF that were present in the
original archive, and are no longer in the new one. It is to be noted
that the affected files do not have CRLFS in the repository. It further
turns out that the archive was previously generated with .gitattibutes
of the main branch ('dev' in Qt repositories), while now they are
generated with the .gitattibutes of the commit for which they are
generated.
Switch to using the git download method for really reproducible
archives...
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Sebastian Weyer <sebastian.weyer@smile.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 75da04c817)
[Peter: adjust for filename/hash used on 2024.02.x]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, when we generate archives, e.g. for git, svn, cargo or go, we
use the package _BASENAME_RAW as the root directory of the generated
archive. For example, for package foo at version 1.2.3, that would generate
an archive rooted at foo-1.2.3/.
This is usually what we want, except in one specific condition: when the
package shares its download with another package *and* it is a generated
archive. In that case, the root directory will be different for each of
the two packages, which is incorrect, but was so far benign: we never
had any hash for such generated archives, and they were only generated
in two cases:
- linux and linux-headers
- barebox and barebox-aux
As we skip one directory depth when extracting the archives, we did not
care what the root directory was; whether it was that of one package or
the other was of no consequence.
But now that we can have hashes for archives generated from custom
versions, this breaks the usual case where the headers used for the
toolchains are those of the kernel to build for the target. In this
case, we may end up downloading the linux-headers package before we
download the linux package, so we'd get the hash for an archive rooted
at linux-headers-XXX/, but the one for the linux package the archive
would be rooted at linux-XXX/, or we may end up (e.g. with parallel
builds) downloading the linux package first and linux-headers next.
That would cause conflicts in hashes, as demonstrated by the only defconfig
we have in that situation, olimex_stmp157_olinuxino_lime_defconfig.
_BASENAME_RAW is a construct that is expanded to include the RAWNAME
followed by a dash and the version, if there is a version, or with just
the RAWNAME when there is no version.
We tweak the download macro to use _DL_SUBDIR followed by the version.
This is only used by VCS backends (cvs, git, svn...) and so there will
always be a version string, so no need to duplicate the case without a
version like is done for _BASENAME_RAW
_DL_SUBDIR defaults to _RAWNAME, so this is a noop by default, unless
the package declares it shares its download with another one, in which
case the generated archive will now be rooted as for the shared package.
This was triggered by:
https://patchwork.ozlabs.org/project/buildroot/patch/20240602070634.597337-1-francois.perrad@gadz.org/
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ebe238f2b5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The gcc 13.x. version was bumped to 13.3.0 by commit 5d9c54de0c
(package/gcc: update to 13.3.0), so update gcc-bare-metal to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Restarting dnsmasq can cause constant issues: stop works, but start
fails because the new instance can't bind the socket. Another restart
immediately after works just fine:
# /etc/init.d/S80dnsmasq restart
Stopping dnsmasq: OK
Starting dnsmasq:
dnsmasq: failed to create listening socket for 192.168.128.1: Address in use
FAIL
# /etc/init.d/S80dnsmasq restart
Stopping dnsmasq: FAIL
Starting dnsmasq: OK
Solve this by waiting for process to actually stop before returning
from the stop command. Clean up the PID file after to avoid potential
issues with the PID being reused after stop. The wait could also be
placed inside the restart block, but putting it into the stop block
has the advantage that it also avoids similar issues for any other
callers.
Signed-off-by: Fiona Klute <fiona.klute+wiwa@gmx.de>
[yann.morin.1998@free.fr:
- fix shellcheck
- reflow commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 507caef3dd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This requires python 3.5 or newer but is a bit cleaner than the
previous coroutine method.
This should also fix a python3.12 issue:
[Tue, 28 May 2024 13:09:05] INFO: generate the configuration
Traceback (most recent call last):
File "/home/autobuild/autobuild/instance-0/buildroot/utils/genrandconfig", line 833, in <module>
ret = asyncio.run(gen_config(args))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/asyncio/runners.py", line 194, in run
return runner.run(main)
^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/asyncio/runners.py", line 89, in run
raise ValueError("a coroutine was expected, got {!r}".format(coro))
ValueError: a coroutine was expected, got <generator object gen_config at 0xffff7bd822c0>
[Tue, 28 May 2024 13:09:06] WARN: failed to generate configuration
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Vincent Fazio <vfazio@xes-inc.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 584ebdea6e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Most boards use BR2_KERNEL_HEADERS_AS_KERNEL with their custom kernels.
So when creating their custom hash files, the linux-headers.hash is the
same as linux.hash. In this case we symlink linux-headers to linux to
make maintenance easier. Update the add-custom-hashes tool to explicitly
handle this case.
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
[Peter: use cmp -s]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d506e232e7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Ccache CMake build system has some conditions that automatically
enables a developer mode (sets CCACHE_DEV_MODE=ON). See [1].
More specifically, if CCACHE_DEV_MODE is unset AND the environment
variable "CI" is set, CCACHE_DEV_MODE is set to "ON".
This situation can happen when Buildroot builds are executed in
Jenkins jobs, for example. Since Buildroot does not set
CCACHE_DEV_MODE and Jenkins sets the "CI" environment variable,
this ccache developer mode can be enabled in an unexpected way
for the Buildroot user. For example, it happened that a Jenkins build
breaks, while the build with the same configuration in the user
session is working.
One of the effects of enabling this ccache developer mode, is to treat
compiler warnings as errors, see [3]. This can lead to build error,
depending on the ccache version and the host compiler being used.
This behavior can be reproduced and observed, with commands:
cat > .config <<EOF
BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_CCACHE=y
BR2_PACKAGE_BUSYBOX=y
EOF
make olddefconfig
make clean
make host-ccache
Outputs:
...
-- Ccache version: 4.9.1
-- Ccache dev mode: OFF
-- Setting CMAKE_BUILD_TYPE to Release as none was specified.
...
Whereas:
make clean
CI=true make host-ccache
Outputs:
...
-- Ccache version: 4.9.1
-- Ccache dev mode: ON
-- Setting CMAKE_BUILD_TYPE to Debug as none was specified.
...
For a failure example: on Fedora 40 with host gcc 14.1.1, Buildroot at
tag 2024.02 has ccache 4.8.2. Host ccache can fail, when building with
"CI=true make host-ccache" with output:
/buildroot/output/build/host-ccache-4.8.2/src/third_party/fmt/core.h:3119:44: in 'constexpr' expansion of 'fmt::v8::make_format_args<>(args#0, args#1)'
/buildroot/output/build/host-ccache-4.8.2/src/third_party/fmt/core.h:1706:15: error: possibly dangling reference to a temporary [-Werror=dangling-reference]
1706 | const auto& arg = arg_mapper<Context>().map(std::forward<T>(val));
| ^~~
This commit sets CCACHE_DEV_MODE=OFF to make the ccache behavior more
deterministic in Buildroot, independently of being used in a CI tool
or not.
[1] https://github.com/ccache/ccache/blob/v4.9.1/CMakeLists.txt#L56
[2] https://github.com/jenkinsci/jenkins/blob/jenkins-2.459/core/src/main/java/jenkins/model/CoreEnvironmentContributor.java#L43
[3] https://github.com/ccache/ccache/blob/v4.9.1/cmake/StandardWarnings.cmake#L5
Reported-by: Xavier Roumegue <xroumegue@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 197be7ed87)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This new stable series brings in support for pointer lock, customization
of subprocess launching, and a build fix that allows using EGL
implementations that do not ship a pkg-config module. Version 1.16.x is
recommended for WPE WebKit 2.44.x, which will be updated in a follow-up
patch.
Release notes:
https://wpewebkit.org/release/libwpe-1.16.0.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8845a796bb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Run-time dependency xcb-cursor found: NO (tried pkgconfig and cmake)
../../br-test-pkg/bootlin-armv7-glibc/build/weston-13.0.0/tests/meson.build:340:2: ERROR: Problem encountered: xcb and xcb-cursor required for running xwayland tests
Fixes:
- https://bugs.busybox.net/show_bug.cgi?id=15766
Signed-off-by: Thomas Devoogdt <thomas@devoogdt.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fb952e1116)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 2e349be94a (configs/orangepi_pc_defconfig: bump U-boot to
v2024.01 to fix compatibility with setuptools >= 69) bumped U-Boot, but
forgot to add a dependency on host-openssl. Fix that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 96e41a849e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with kernel >= 6.7:
/home/buildroot/autobuild/instance-0/output-1/build/cryptodev-linux-1.13/./cryptlib.c: In function ‘cryptodev_hash_init’:
/home/buildroot/autobuild/instance-0/output-1/build/cryptodev-linux-1.13/./cryptlib.c:384:28: error: implicit declaration of function ‘crypto_ahash_alignmask’; did you mean ‘crypto_aead_alignmask’? [-Werror=implicit-function-declaration]
384 | hdata->alignmask = crypto_ahash_alignmask(hdata->async.s);
| ^~~~~~~~~~~~~~~~~~~~~~
| crypto_aead_alignmask
Fixes:
- http://autobuild.buildroot.org/results/466360c7baec2edf42dc6f0ad9a8d757dd471c88
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 15ec07403f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following or1k build failure raised since bump to version 0.2.2
in commit 079d992b27:
In file included from /home/buildroot/autobuild/run/instance-0/output-1/host/or1k-buildroot-linux-uclibc/sysroot/usr/include/lua.hpp:6,
from ../src/lua.hh:23,
from ../src/parser.hh:4,
from ../src/ffilib.cc:7:
../src/ffilib.cc: In static member function 'static void ffi_module::setup(lua_State*)':
../src/ffilib.cc:1616:28: error: expected ')' before 'FFI_ARCH_NAME'
1616 | lua_pushliteral(L, FFI_ARCH_NAME);
| ^~~~~~~~~~~~~
Fixes: 079d992b27
- http://autobuild.buildroot.org/results/4e14753732c5b6fe8ba9ecc4050ffb35f471c428
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9b07b4bf6d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/6865597706
setuptools.extern.packaging.version.InvalidVersion: Invalid version: 'u-boot-2020.10'
make[5]: *** [scripts/dtc/pylibfdt/Makefile:30: scripts/dtc/pylibfdt/_libfdt.so] Error 1
make[4]: *** [scripts/Makefile.build:419: scripts/dtc/pylibfdt] Error 2
make[4]: *** Waiting for unfinished jobs....
make[3]: *** [scripts/Makefile.build:419: scripts/dtc] Error 2
make[2]: *** [Makefile:577: scripts] Error 2
make[1]: *** [package/pkg-generic.mk:283: /builds/buildroot.org/buildroot/output/build/uboot-2020.10/.stamp_built] Error 2
Commit 6b62384e3d (package/python-setuptools: bump to version 69.0.3)
bumped setuptools, which now errors out when passed a version with a prefix
string. This u-boot- prefix string is dropped since U-Boot 2023.01 with
commit c977b1843504 (libfdt: Fix invalid version warning), so bump U-Boot to
v2024.01 to fix this issue.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2e349be94a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Mutt 2.2.13 was released on March 9, 2024. This is a bug-fix release,
fixing a possible dangling pointer reference in the SMTP client.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 730de6c00e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/6865597717
setuptools.extern.packaging.version.InvalidVersion: Invalid version: 'u-boot-2020.10'
make[5]: *** [scripts/dtc/pylibfdt/Makefile:30: scripts/dtc/pylibfdt/_libfdt.so] Error 1
make[4]: *** [scripts/Makefile.build:419: scripts/dtc/pylibfdt] Error 2
make[4]: *** Waiting for unfinished jobs....
make[3]: *** [scripts/Makefile.build:419: scripts/dtc] Error 2
make[2]: *** [Makefile:577: scripts] Error 2
make[1]: *** [package/pkg-generic.mk:283: /builds/buildroot.org/buildroot/output/build/uboot-2020.10/.stamp_built] Error 2
Commit 6b62384e3d (package/python-setuptools: bump to version 69.0.3)
bumped setuptools, which now errors out when passed a version with a prefix
string. This u-boot- prefix string is dropped since U-Boot 2023.01 with
commit c977b1843504 (libfdt: Fix invalid version warning), so bump U-Boot to
v2024.01 to fix this issue.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
(cherry picked from commit 113eeb55d6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following warning:
orangepi_r1_defconfig:35:warning: override: reassigning to symbol BR2_PACKAGE_HOST_UBOOT_TOOLS
While we're at it, move the HOST_UBOOT_TOOLS_* options where savedefconfig
would put them.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
(cherry picked from commit 0ba568276a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The python-magic-wormhole runtime test can randomly fail on slow
runners, see [1].
The issue is that the sending command is started first in background
_without_ redirecting its output to /dev/null. The receiving command
is started after, expecting the message to be printed on the first
standard output line. On slower systems, the sending command still
print messages while the test controller expect output from the
receiving command. The expected string finally appear, but not on the
first line. This makes the test fail.
This commit fixes the issue by redirecting all outputs (stdout, stderr)
of the sending command to /dev/null. To help even more, the sleep time
is moved from the emulator to the test controller. The sleep time is
also multiplied by the timeout_multiplier.
Fixes: [1]
[1] https://gitlab.com/buildroot.org/buildroot/-/jobs/6888691508
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
(cherry picked from commit 9a734700d7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ivi-homescreen needs C++17 filesystem resulting in the following build
failure with gcc < 8 since its addition in commit
9d8497e79d:
In file included from /home/buildroot/instance-0/output-1/build/ivi-homescreen-5ab78a19e95c88cc5d6b173ab1260a211e78cf0a/third_party/flutter/shell/platform/common/path_utils.cc:5:0:
/home/buildroot/instance-0/output-1/build/ivi-homescreen-5ab78a19e95c88cc5d6b173ab1260a211e78cf0a/third_party/./flutter/shell/platform/common/path_utils.h:8:10: fatal error: filesystem: No such file or directory
#include <filesystem>
^~~~~~~~~~~~
Fixes: 9d8497e79d
- http://autobuild.buildroot.org/results/a5e88d5a4264a6165be31a99f1c123af53fa382e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 898cf04e47)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following python build failure:
In file included from /home/buildroot/instance-0/output-1/host/include/python3.11/Python.h:38,
from /home/buildroot/instance-0/output-1/host/arc-buildroot-linux-gnu/sysroot/usr/include/pybind11/detail/common.h:266,
from /home/buildroot/instance-0/output-1/host/arc-buildroot-linux-gnu/sysroot/usr/include/pybind11/attr.h:13,
from /home/buildroot/instance-0/output-1/host/arc-buildroot-linux-gnu/sysroot/usr/include/pybind11/detail/class.h:12,
from /home/buildroot/instance-0/output-1/host/arc-buildroot-linux-gnu/sysroot/usr/include/pybind11/pybind11.h:13,
from /home/buildroot/instance-0/output-1/build/gr-osmosdr-0.2.4/python/bindings/device_python.cc:1:
/home/buildroot/instance-0/output-1/host/include/python3.11/pyport.h:596:2: error: #error "LONG_BIT definition appears wrong for platform (bad gcc/glibc config?)."
596 | #error "LONG_BIT definition appears wrong for platform (bad gcc/glibc config?)."
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/f009958c37902a224512b336fcb431903bdd0b96
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8759d81b00)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The busybox sysctl applet expects all arguments after -p to be filenames to
read:
sysctl -p file -h
sysctl: -h: No such file or directory
VS:
sysctl -h -p file
sysctl: invalid option -- 'h'
BusyBox v1.36.1 (2024-05-17 15:27:21 CEST) multi-call binary.
Usage: sysctl [-enq] { -a | -p [FILE]... | [-w] [KEY[=VALUE]]... }
Show/set kernel parameters
-e Don't warn about unknown keys
-n Don't show key names
-q Quiet
-a Show all values
-p Set values from FILEs (default /etc/sysctl.conf)
-w Set values
This seems to be the intented behaviour:
https://git.busybox.net/busybox/tree/procps/sysctl.c#n317
Notice: The procps-ng variant is happy with both:
sysctl -p file -h
Usage:
sysctl [options] [variable[=value] ...]
VS:
sysctl -h -p file
Usage:
sysctl [options] [variable[=value] ...]
So pass SYSCTL_ARGS before the -p args so custom sysctl arguments can be
passed.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 60b02eb6c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit ee59023794 (package/libvncserver: bump to version 0.9.12)
changes the package from autotools to cmake and accidently inverted the
threads logic.
The reason this was not noticed is that the build system verifies if threads
support works and otherwise disables it even when -DWITH_THREADS=ON is
passed, E.G. for a nothread configuration:
cmake ... -DWITH_THREADS=ON ...
..
-- Performing Test CMAKE_HAVE_LIBC_PTHREAD
-- Performing Test CMAKE_HAVE_LIBC_PTHREAD - Failed
-- Looking for pthread_create in pthreads
-- Looking for pthread_create in pthreads - not found
-- Looking for pthread_create in pthread
-- Looking for pthread_create in pthread - not found
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7b3c0b19d4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
webkitgtk/wpewebkit needs a host-ruby with yaml support, otherwise the build
fails with errors like:
cd /home/peko/source/buildroot/output/build/webkitgtk-2.42.2/Source/WebCore && \
/home/peko/source/buildroot/output/host/bin/ruby \
/home/peko/source/buildroot/output/build/webkitgtk-2.42.2/Source/WebCore/Scripts/GenerateSettings.rb \
--outputDir /home/peko/source/buildroot/output/build/webkitgtk-2.42.2/WebCore/DerivedSources \
--template /home/peko/source/buildroot/output/build/webkitgtk-2.42.2/Source/WebCore/Scripts/SettingsTemplates/InternalSettingsGenerated.cpp.erb \
--template /home/peko/source/buildroot/output/build/webkitgtk-2.42.2/Source/WebCore/Scripts/SettingsTemplates/InternalSettingsGenerated.idl.erb \
--template /home/peko/source/buildroot/output/build/webkitgtk-2.42.2/Source/WebCore/Scripts/SettingsTemplates/InternalSettingsGenerated.h.erb \
--template /home/peko/source/buildroot/output/build/webkitgtk-2.42.2/Source/WebCore/Scripts/SettingsTemplates/Settings.cpp.erb \
--template /home/peko/source/buildroot/output/build/webkitgtk-2.42.2/Source/WebCore/Scripts/SettingsTemplates/Settings.h.erb \
/home/peko/source/buildroot/output/build/webkitgtk-2.42.2/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml \
/home/peko/source/buildroot/output/build/webkitgtk-2.42.2/Source/WebCore/page/Settings.yaml
/home/peko/source/buildroot/output/host/lib/ruby/3.3.0/yaml.rb:3: warning: It seems your ruby installation is missing psych (for YAML output).
To eliminate this warning, please install libyaml and reinstall your ruby.
We do not currently have any Config.in.host options for ruby or libyaml, but
given how small/fast libyaml is to build just do it unconditionally.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 95093854e4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
--without-readline is interpreted as --with-readline=builtin since bump
to version 5.4.0 in commit 263da09323 and
b492ea63bd
so add a mandatory dependency to readline or libedit to gnuplot
As a side-effect, this will avoid the following build failure with
builtin readline raised since bump to version 6.0.0 in commit
5f11ce4aea:
/home/autobuild/autobuild/instance-14/output-1/host/lib/gcc/arm-buildroot-linux-gnueabi/13.2.0/../../../../arm-buildroot-linux-gnueabi/bin/ld: history.o: in function `read_history':
history.c:(.text+0xa8): undefined reference to `gp_read_history'
Fixes: 5f11ce4aea
- http://autobuild.buildroot.org/results/5e45dd8f9071694110c8481f222b9b07b6a97ef3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 93864cef0b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Kodi added detection for atomic/libatomic with commit
1673f476b8
so we can remove our own code to handle the dependency.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 31e7ca6026)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is bugfix release of stable libmdbx branch.
The most significant fixes since v0.12.8 (previous version pinned to
buildroot):
- Fixed an major bug inherited from LMDB (Lightning Memory-Mappe
Database) that causes database corruption during use the
MDBX_DUPFIXED mode, and that has existed for more than 10 years.
- Fixed of a false error MDBX_CORRUPTED (-30796) in the scenario of
working in the mode MDBX_DUPFIXED with odd length of multi-values.
- Fixed a bug in adjusting the cursors in the case splitting a page by
adding a new page on the left.
- Troubleshooting an error when opening a database on a read-only file
system.
- A set of C++ API improvements.
The complete ChangeLog:
https://gitflic.ru/project/erthink/libmdbx/blob?file=ChangeLog.md
Signed-off-by: Леонид Юрьев (Leonid Yuriev) <leo@yuriev.ru>
[yann.morin.1998@free.fr: ammend and reflow the commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit aea54eab47)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
FSID daemon and its systemd unit file both depend on
BR2_PACKAGE_NFS_UTILS_RPC_NFSD but they're now always installed. Remove them
both if BR2_PACKAGE_NFS_UTILS_RPC_NFSD is disabled.
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Jan Čermák <sairon@sairon.cz>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit dc3464c4b6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Osmosdr failed to build docs when python support is enabled.
[ 41%] Copying osmosdr docstring templates as pybind headers ...
Traceback (most recent call last):
File "/home/martb/Schreibtisch/DiscoSAT/satos/output/build/gr-osmosdr-0.2.4/docs/doxygen/update_pydoc.py", line 22, in <module>
from doxyxml import DoxyIndex, DoxyClass, DoxyFriend, DoxyFunction, DoxyFile
File "/home/martb/Schreibtisch/DiscoSAT/satos/output/build/gr-osmosdr-0.2.4/docs/doxygen/doxyxml/__init__.py", line 69, in <module>
from .doxyindex import DoxyIndex, DoxyFunction, DoxyParam, DoxyClass, DoxyFile, DoxyNamespace, DoxyGroup, DoxyFriend, DoxyOther
File "/home/martb/Schreibtisch/DiscoSAT/satos/output/build/gr-osmosdr-0.2.4/docs/doxygen/doxyxml/doxyindex.py", line 31, in <module>
from .generated import index
File "/home/martb/Schreibtisch/DiscoSAT/satos/output/build/gr-osmosdr-0.2.4/docs/doxygen/doxyxml/generated/index.py", line 13, in <module>
from . import compound
File "/home/martb/Schreibtisch/DiscoSAT/satos/output/build/gr-osmosdr-0.2.4/docs/doxygen/doxyxml/generated/compound.py", line 15, in <module>
from . import compoundsuper as supermod
File "/home/martb/Schreibtisch/DiscoSAT/satos/output/build/gr-osmosdr-0.2.4/docs/doxygen/doxyxml/generated/compoundsuper.py", line 15, in <module>
import six
ModuleNotFoundError: No module named 'six'
make[2]: *** [python/bindings/CMakeFiles/osmosdr_docstrings.dir/build.make:73: python/bindings/docstring_status] Fehler 1
make[1]: *** [CMakeFiles/Makefile2:332: python/bindings/CMakeFiles/osmosdr_docstrings.dir/all] Fehler 2
Fixes:
http://autobuild.buildroot.net/results/b60e339e52fbc7ed7607a94381aaab6ec64b7a99/
Signed-off-by: Martin Böh <contact@martb.dev>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cfda1f0b87)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add -fPIC to CFLAGS to fix the following build failure raised since
commit de6415ad9c:
/home/autobuild/autobuild/instance-5/output-1/host/lib/gcc/x86_64-buildroot-linux-gnu/12.3.0/../../../../x86_64-buildroot-linux-gnu/bin/ld: misc/misc.o: warning: relocation against `stdout@@GLIBC_2.2.5' in read-only section `.text'
/home/autobuild/autobuild/instance-5/output-1/host/lib/gcc/x86_64-buildroot-linux-gnu/12.3.0/../../../../x86_64-buildroot-linux-gnu/bin/ld: log/log.o: relocation R_X86_64_PC32 against symbol `stdout@@GLIBC_2.2.5' can not be used when making a shared object; recompile with -fPIC
Fixes: de6415ad9c
- http://autobuild.buildroot.org/results/0349c6bfd66f5e50429e4a5cc07fb7abf2b07345
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 880066bad6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The patch fixes the following linking failure:
/home/buildroot/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i586-buildroot-linux-musl/9.3.0/../../../../i586-buildroot-linux-musl/bin/ld: /home/buildroot/instance-0/output-1/host/i586-buildroot-linux-musl/sysroot/lib/libc.a(getopt.o): in function `getopt':
getopt.c:(.text.getopt+0x0): multiple definition of `getopt'; src/getopt.o:getopt.c:(.text+0x0): first defined here
/home/buildroot/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i586-buildroot-linux-musl/9.3.0/../../../../i586-buildroot-linux-musl/bin/ld: /home/buildroot/instance-0/output-1/host/i586-buildroot-linux-musl/sysroot/lib/libc.a(getopt.o):(.data.optind+0x0): multiple definition of `optind'; src/getopt.o:(.data+0x0): first defined here
Fixes:
- http://autobuild.buildroot.net/results/d5b1b4e5e9d9c8eca5e75c345db4d1f3f0cd84ed
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5a7c40bd1c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Our index.html page still points to git.buildroot.net as the Git
repository, and to the defunct gmane for the mailing list
activity. Fix these by pointing to Gitlab and lore respectively.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3e3bcd6338)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Builds with GCC 14 print the following error
> zip.h:726:10: error: conflicting types for 'memset'; have 'char *(char *, int, unsigned int)'
This is because with GCC 14, Zip incorrectly detects that the memset functions
exist. Which enables the ZMEM flag and declares its own version of memset.
This is because the ./unix/configure script attempts to compile a C file using
'memset' but it does not include the <string.h>. This was allowed in gnu89, but
in GCC 14 -Werror=implicit-function-declaration is enabled by default[1].
We forcefully set '-std=gnu89' so that Zip will compile everything against
gnu89, which suppresses the warning.
[1] https://gcc.gnu.org/gcc-14/porting_to.html#warnings-as-errors
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 29c6fe13d3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
opencv and qt handling can be dropped since switch to an active fork in
commit 456a739831 as they are only used
when examples are enabled resulting in the following warning:
CMake Warning:
Manually-specified variables were not used by the project:
BUILD_DOC
BUILD_DOCS
BUILD_EXAMPLE
BUILD_TEST
BUILD_TESTING
BUILD_TESTS
CMAKE_DISABLE_FIND_PACKAGE_OpenCV
CMAKE_DISABLE_FIND_PACKAGE_Qt5
While at it, also drop BUILD_EXAMPLES which is already passed by
pkg-cmake.mk
Fixes: 456a739831
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fd64c544d3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump to latest git commit to fix the following powerpc64 build failure
raised at least since commit 25956b29e4
thanks to
c7bf7590bc:
In file included from /home/autobuild/autobuild/instance-7/output-1/build/rtl8189fs-5d523593f41c0b8d723c6aa86b217ee1d0965786/./include/drv_types.h:30,
from /home/autobuild/autobuild/instance-7/output-1/build/rtl8189fs-5d523593f41c0b8d723c6aa86b217ee1d0965786/./core/rtw_cmd.c:17:
/home/autobuild/autobuild/instance-7/output-1/build/rtl8189fs-5d523593f41c0b8d723c6aa86b217ee1d0965786/./include/wifi.h:459:32: error: conflicting types for 'get_ra'; have 'unsigned char *(unsigned char *)'
459 | __inline static unsigned char *get_ra(unsigned char *pframe)
| ^~~~~~
Fixes: 25956b29e4
- http://autobuild.buildroot.org/results/83153ed38a583ce2712df9b142ac3fc55a8413e3
- http://autobuild.buildroot.org/results/63186c7adb5ecc8b8a16a6ae641ecfb9c03478bd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0dd00cbce5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2023-36054: lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5)
before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer
- CVE-2023-39975: kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before
1.21.2 has a double free that is reachable if an authenticated user can
trigger an authorization-data handling failure
Signed-off-by: André Zwing <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit dd1ea28b07)
[Peter: mark as security bump, add CVE details]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable -Werror to fix the following build failure raised at least since
bump to version 3.9.0 in commit e76d9868c9
and
81db1fa371:
/home/autobuild/autobuild/instance-8/output-1/build/libuhttpd-3.14.1/src/file.c: In function '__serve_file':
/home/autobuild/autobuild/instance-8/output-1/build/libuhttpd-3.14.1/src/file.c:322:50: error: format '%llu' expects argument of type 'long long unsigned int', but argument 4 has type '__off_t' {aka 'long int'} [-Werror=format=]
322 | conn->send_header(conn, "Content-Range", "bytes */%" PRIu64, st->st_size);
| ^~~~~~~~~~~ ~~~~~~~~~~~
| |
| __off_t {aka long int}
In file included from /home/autobuild/autobuild/instance-8/output-1/build/libuhttpd-3.14.1/src/file.c:36:
/home/autobuild/autobuild/instance-8/output-1/per-package/libuhttpd/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/inttypes.h:91:41: note: format string is defined here
91 | # define PRIu64 __PRI64_PREFIX "u"
cc1: all warnings being treated as errors
Fixes: e76d9868c9
- http://autobuild.buildroot.org/results/46349a1409f9cff027b462456078284459e75511
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5961b21918)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The rock5b_defconfig contained a
# BR2_LINUX_KERNEL_INTREE_DTS_NAME is not set
line. This caused check-dotconfig.py to throw a warning in the
buildroot CI, because the explicit unsetting of the parameter is not
taken on in the actual dotconfig, but instead the dotconfig will
contain the line 'BR2_LINUX_KERNEL_INTREE_DTS_NAME=""'.
This patch removes the parameter from the rock5b_defconfig. The
resulting dotconfig from the original rock5b_defconfig and the
rock5b_defconfig without the parameter is identical, but the
check-dotconfig.py does not throw a warning anymore.
Signed-off-by: Kilian Zinnecker <kilian.zinnecker@mail.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0f0660ad2d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes: https://www.postgresql.org/docs/release/16.2/
The hash of the license file is updated due to a change in copyright
years:
-Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group
+Portions Copyright (c) 1996-2024, PostgreSQL Global Development Group
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 360d2da3fa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a bugfix release which mainly imroves device detection,
specially inside the Flatpak sandbox. Additionally, this version
includes the patch for building as a static library, and the patch
file can be removed.
Release notes:
27554bd118
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a4a90ee603)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Buildroot commit f95069814b disabled the
build of test programs unconditionally without considering the option
BR2_PACKAGE_LIBDRM_INSTALL_TESTS.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 91848e73ae)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since version 2.1, LuaJIT follows a rolling-release scheme, which means
that any commit is as good as any other; LuaJIT uses the comitter's UNIX
timestamp as its semver patch level. It uses the git-attribute
export-subst for the .relver file that contains the %ct placeholder for
git-archive to expand it.
In c9dcd9e459 (package/luajit: bump to version 41fb94defa8f...), we
switched to such an upstream version. There was some confusion around
the handling of the git-attribute and where/when it is generated, and
the first revision of the patch used the git download method, so had to
use post-extract hooks to do the replacement, but the second iteration
kept retrieving the archive generated by github, which has the
replacement already done, but the post-extract hooks were not dropped
although now useless...
With the current code, it is easy to bump the LuaJit version and forget
to update the timestamp stored in the .relver file, which would override
the value that was generated on the github side.
Since the post-extract hook is useless, drop it.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Francois Perrad <fperrad@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 1bcb51517c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The upstream host, arago-project.org, has vanished, bringing down the
git repository with it.
Switch to another, github-hosted repository, that has the commit we're
interested in.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit b1977d933b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current version of docker-compose is un-vendorable, because the
dependencies it referenmces (directly or indirectly) are not available:
go: github.com/docker/compose/v2/cmd/compose imports
github.com/moby/buildkit/util/progress/progressui:
github.com/crazy-max/buildkit@v0.7.1-0.20240130133234-d9aa289bd124:
invalid version: unknown revision d9aa289bd124
And indeed, that commit does not exist in that repository. The v0.7.1
tag does exist, but there is not commit that matches the short hash
d9aa289bd124, or even the whole version string. Sigh...
There is no way anyone can vendor the version we currently package, and
all they and us can hope for is that we never lose s.b.o ever.
Bump the version. That one can be vendored. Well, at least it can
_still_ be vendored _now_...
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 1b189f5491)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
While bumping kodi, we figured out that the kodi-texturepacker and
kodi-jsonschemabuilder were both re-downloading the main Kodi tarball,
even though they contain:
KODI_JSONSCHEMABUILDER_DL_SUBDIR = kodi
KODI_TEXTUREPACKER_DL_SUBDIR = kodi
Both are host packages, and turns out that changing those variables to
HOST_ ones made the download sharing work.
Commit efa7712b09 ("package/pkg-generic:
host variant inherits target download settings") introduced
inheritance of host variables from target variables from a number of
variables, including DL_SUBDIR. But it missed the fact that earlier in
pkg-generic.mk, the following line was defined:
$(2)_DL_SUBDIR ?= $$($(2)_RAWNAME)
So, when this later code kicked in:
ifndef $(2)_DL_SUBDIR
ifdef $(3)_DL_SUBDIR
$(2)_DL_SUBDIR = $$($(3)_DL_SUBDIR)
endif
endif
In fact it never did anything because $(2)_DL_SUBDIR would never be
undefined. This commit fixes this issue by properly adjusting the
logic to inherit the value of the target variable when it exists, or
defaulting to $$($(2)_RAWNAME) otherwise.
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a1c4d6c884)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The Config.in comment was mentioning both "NPTL" and "threads" as
dependencies, while mentioning only the former is sufficient.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit dabd983c0d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When ImageMagick is selected, the "zbarimg" program is compiled and
installed on target. It allows to decode a QR code from an image file.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 84ad5c22d0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As part of the review process of the ivi-homescreen package, which
landed in commit 9d8497e79d, it was
deemed that the dependency on BR2_TOOLCHBAIN_HAS_THREAD_NPTL was not
needed, as it was implied by glibc. According to the commit log:
[yann.morin.1998@free.fr:
- propagate BR2_PACKAGE_HOST_FLUTTER_SDK_BIN_ARCH_SUPPORTS to comments
- drop NPTL, implied by glibc
- reorder dependencies in a more logical way
- reorder comments
- drop undefined BR2_PACKAGE_IVI_HOMESCREEN_HAS_CLIENT
- grammar ("for to change")
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
However, while the BR2_TOOLCHBAIN_HAS_THREAD_NPTL dependency was
removed from the BR2_PACKAGE_IVI_HOMESCREEN option definition, the
corresponding dependency in the Config.in comment was not
dropped. Let's bring things back in sync.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b9b072f83c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The following defconfig:
BR2_aarch64=y
BR2_cortex_a72=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_INIT_NONE=y
BR2_SYSTEM_BIN_SH_NONE=y
# BR2_PACKAGE_BUSYBOX is not set
BR2_PACKAGE_GSTREAMER1=y
BR2_PACKAGE_GST1_PLUGINS_BASE_LIB_OPENGL=y
BR2_PACKAGE_GST1_PLUGINS_GOOD=y
# BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_AVI is not set
# BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_ISOMP4 is not set
# BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_WAVPARSE is not set
BR2_PACKAGE_GST1_PLUGINS_GOOD_PLUGIN_QMLGL=y
BR2_PACKAGE_MESA3D=y
BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_SWRAST=y
BR2_PACKAGE_MESA3D_OPENGL_EGL=y
BR2_PACKAGE_MESA3D_OPENGL_ES=y
BR2_PACKAGE_QT5=y
BR2_PACKAGE_WAYLAND=y
# BR2_TARGET_ROOTFS_TAR is not set
fails to build in gst1-plugins-good, with:
build/gst1-plugins-good-1.22.9/ext/qt/meson.build:48:4: ERROR: Problem encountered: qt5 qmlglsink plugin is enabled, but qt specific tools were not found
This is due to qt5tools being missing. This commit adds this missing
dependency.
Signed-off-by: Charles Hardin <ckhardin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c107dd33e6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The lvm2 package now enables the required Kernel configuration. The
Kernel config fragment included in this test is no longer needed.
This commit removes it.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9339343111)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
LVM2 has a hard dependency on the device-mapper presence in the Kernel.
This commit enables those mandatory Kernel configuration by defining
the _LINUX_CONFIG_FIXUPS macro. This will make sure the final system
image will end up in a working configuration.
This was suggested by Arnout in [1].
[1] https://lists.buildroot.org/pipermail/buildroot/2024-April/688776.html
Suggested-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 419d39b261)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When building on hosts with libstdc++ without demangle support this error
shows up:
checking for __cxa_demangle in -lstdc++... no
configure: error: __cxa_demangle not found in libstdc++, use --disable-demangler to disable demangler support.
make[1]: *** [package/pkg-generic.mk:273: /home/giuliobenetti/br_reproduce/c2524c7580d97f7387ec22da62be71d77f2ed8ec/output/build/host-elfutils-0.189/.stamp_configured] Error 1
make: *** [Makefile:23: _all] Error 2
So let's disable demangler for host by default.
Fixes: still not showed by autobuilders. Reproduced on Ubuntu 22.04 with
Ubuntu APT g++ 11.4.0
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5f2c9f882d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pppd fails to start on a systems with buildroot 2024.02.x because of
missing pppd directory in /var/run. There are some logs hinting at this
issue:
Warning: couldn't open ppp database /var/run/pppd/pppd2.tdb
Can't create lock file /var/run/pppd/lock/LCK..ppp-tty-fifo1: No such file or directory
Can't create lock file /var/run/pppd/lock/LCK..ppp-tty-fifo1: No such file or directory
Can't create lock file /var/run/pppd/lock/LCK..ppp-tty-fifo1: No such file or directory
Can't create lock file /var/run/pppd/lock/LCK..ppp-tty-fifo1: No such file or directory
Can't create lock file /var/run/pppd/lock/LCK..ppp-tty-fifo1: No such file or directory
Can't create lock file /var/run/pppd/lock/LCK..ppp-tty-fifo1: No such file or directory
Can't create lock file /var/run/pppd/lock/LCK..ppp-tty-fifo1: No such file or directory
The issue has already been detected and fixed upstream (see [1]) and is
expected to be released on a v2.5.1, but this release seems to be stalled
for now (see [2]). Bump on current master, which currently reflects what
will likely be the 2.5.1.
[1] https://github.com/ppp-project/ppp/issues/419
[2] https://github.com/ppp-project/ppp/issues/460
Signed-off-by: Alexis Lothoré <alexis.lothore@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c1b04a3254)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
openocd is not compatible with libgpiod2 resulting in the following
build failure since the addition of libgpiod2 in commit
57391fad2e:
src/jtag/drivers/linuxgpiod.c: In function 'helper_get_line':
src/jtag/drivers/linuxgpiod.c:283:19: error: 'GPIOD_LINE_REQUEST_DIRECTION_INPUT' undeclared (first use in this function); did you mean 'GPIOD_LINE_DIRECTION_INPUT'?
283 | int dir = GPIOD_LINE_REQUEST_DIRECTION_INPUT, flags = 0, val = 0, retval;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| GPIOD_LINE_DIRECTION_INPUT
Fixes: 57391fad2e
- http://autobuild.buildroot.org/results/7195e8b76350f26ab3b963702d88b254512e6928
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit be3252fe01)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following static build failure raised since bump to version
version 6.0.14 in commit ce17f93e82 and
31ba4fd152:
configure:22378: checking for pcap_open_dead in -lpcap
configure:22407: /home/buildroot/autobuild/run/instance-3/output-1/host/bin/x86_64-linux-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -g0 -static -std=c11 -march=native -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -static -rdynamic conftest.c -lpcap -ljansson -lpthread -lyaml -lpcre -latomic -lz >&5
/home/buildroot/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-musl/12.3.0/../../../../x86_64-buildroot-linux-musl/bin/ld: /home/buildroot/autobuild/run/instance-3/output-1/host/x86_64-buildroot-linux-musl/sysroot/usr/lib/../lib64/libpcap.a(pcap-linux.o): in function `nl80211_init':
pcap-linux.c:(.text+0xc34): undefined reference to `nl_socket_alloc'
[...]
checking for pcap_open_dead in -lpcap... no
Fixes: ce17f93e82
- http://autobuild.buildroot.org/results/9e25c2508bd4100d2d1d3180e79060d762361213
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a3ee47ef22)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Now that the TestPerlDBDmysql can be run normally, a new runtime issue
appear due to switch from oracle-mysql to MariaDB:
# perl -MDBI -e '1'
# echo $?
0
# perl -MDBD::mysql -e '1'
Can't load '/usr/lib/perl5/site_perl/5.38.2/arm-linux/auto/DBD/mysql/mysql.so'
for module DBD::mysql: /usr/lib/perl5/site_perl/5.38.2/arm-linux/auto/DBD/mysql/mysql.so:
undefined symbol: net_buffer_length at /usr/lib/perl5/5.38.2/arm-linux/DynaLoader.pm line 206.
This is fixed by an upstream commit [1] from 4.046_01 release.
[1] 0f0cebe87f
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6735654506
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cefcd5bbad)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The CPIO filesystem generated by TestPerlDBDmysql is too large, and
doesn't fit as an initramfs in the 256MB of RAM available in the
versatilepb machine. This causes a failure while running a basic
test "perl -MDBI -e '1'" since "/usr/lib/perl5", and many files
being missing from the root filesystem, ultimately causing the test
to fail.
Can't locate DBI.pm in @INC (you may need to install the DBI module)
(@INC entries checked: /usr/lib/perl5/site_perl/5.38.2/arm-linux
/usr/lib/perl5/site_perl/5.38.2 /usr/lib/perl5/5.38.2/arm-linux
/usr/lib/perl5/5.38.2).
It would make sense to switch all test cases to use ext2 + a
hard-drive, but for now, let's fix the few test cases that are causing
problems.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6735654506
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8937cd065c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
PIE will be set by buildroot if the user wants it so set
{COMPILE,LINK}_PIE to an empty value to fix the following build failure
raised since the addition of the package in commit
02c818bc5c:
/home/buildroot/autobuild/run/instance-3/output-1/host/bin/m68k-linux-gcc -W -Wall -Waggregate-return -Wcast-align -Wconversion -Wdisabled-optimization -Wmissing-declarations -Wmissing-format-attribute -Wmissing-noreturn -Wmissing-prototypes -Wpointer-arith -Wredundant-decls -Wshadow -Wstrict-prototypes -Wwrite-strings -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -g0 -std=gnu99 -DLIBEXECDIR=\"/usr/lib\" -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Wl,-z,relro -Wl,-stats -fPIE -pie -Wl,-z,now utempter.c -o utempter
[...]
/home/buildroot/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/12.3.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: /home/buildroot/autobuild/run/instance-3/output-1/host/m68k-buildroot-linux-uclibc/sysroot/usr/lib/Scrt1.o: in function `lib_main':
(.text+0x4): undefined reference to `__shared_flat_add_library'
Fixes: 02c818bc5c
- http://autobuild.buildroot.org/results/3a5581fd4edf56bbdc48ab111a2351fc70f1c703
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 36b06928c8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
And enable BR2_DOWNLOAD_FORCE_CHECK_HASHES.
Generated by utils/add-custom-hashes, with the (redundant)
linux-headers.hash replaced by a symlink.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 56ce35d235)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following error/warnings with kconfig from linux-6.9-rc5:
package/x11r7/Config.in:14: syntax error
package/x11r7/Config.in:14:warning: ignoring unsupported character '/'
package/x11r7/Config.in:14:warning: ignoring unsupported character '/'
package/x11r7/Config.in:14:warning: ignoring unsupported character '/'
package/x11r7/Config.in:14:warning: ignoring unsupported character '.'
package/x11r7/Config.in:14: invalid statement
[...]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a214c4568b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following error/warnings with kconfig from linux-6.9-rc5:
package/python-pydal/Config.in:2: syntax error
package/python-pydal/Config.in:2: invalid statement
package/python-pydal/Config.in:3: invalid statement
[...]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9f8d3f47d7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following error/warnings with kconfig from linux-6.9-rc5:
package/dovecot/Config.in:36: syntax error
package/dovecot/Config.in:36:warning: ignoring unsupported character '/'
package/dovecot/Config.in:36:warning: ignoring unsupported character '/'
package/dovecot/Config.in:36:warning: ignoring unsupported character '.'
package/dovecot/Config.in:36: invalid statement
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ff70f9ee4c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following error/warnings with kconfig from linux-6.9-rc5:
package/cmocka/Config.in:2: syntax error
package/cmocka/Config.in:2: invalid statement
package/cmocka/Config.in:3: invalid statement
package/cmocka/Config.in:4: invalid statement
[...]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4abda655e6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following error/warnings with kconfig from linux-6.9-rc5:
boot/barebox/Config.in:79: syntax error
boot/barebox/Config.in:79:warning: ignoring unsupported character '/'
boot/barebox/Config.in:79:warning: ignoring unsupported character '/'
boot/barebox/Config.in:79:warning: ignoring unsupported character '/'
boot/barebox/Config.in:79:warning: ignoring unsupported character '.'
boot/barebox/Config.in:79: invalid statement
boot/barebox/Config.in:93: syntax error
boot/barebox/Config.in:93:warning: ignoring unsupported character '/'
boot/barebox/Config.in:93:warning: ignoring unsupported character '/'
boot/barebox/Config.in:93:warning: ignoring unsupported character '/'
boot/barebox/Config.in:93:warning: ignoring unsupported character '.'
boot/barebox/Config.in:93: invalid statement
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e86aec1663)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With the bump to version 8.1.1, the patch that disabled the compilation
of the fp-bench test is no longer applicable, even though the package
compilation process does not report any errors in applying the patch
itself. The new patch does not disable the test by default but only if
the file fenv.h is not missing, with the hope that this approach will be
considered acceptable by the maintainer and merged upstream.
The patch is an adaptation of the one sent upstream.
Link: https://lists.nongnu.org/archive/html/qemu-devel/2021-03/msg00492.html
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2bb0c57ca2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
NPTL is mandatory since bump to version 9.3.0 in commit
57aba033e6 and
ce08025122:
/home/buildroot/instance-0/output-1/build/proj-9.3.0/src/iso19111/factory.cpp: In member function 'std::shared_ptr<osgeo::proj::io::SQLiteHandle> osgeo::proj::io::SQLiteHandleCache::getHandle(const std::string&, PJ_CONTEXT*)':
/home/buildroot/instance-0/output-1/build/proj-9.3.0/src/iso19111/factory.cpp:622:9: error: 'pthread_atfork' was not declared in this scope; did you mean 'pthread_attr_t'?
622 | pthread_atfork(nullptr, nullptr,
| ^~~~~~~~~~~~~~
| pthread_attr_t
Fixes: 57aba033e6
- http://autobuild.buildroot.org/results/392664375c5bc5f047d39bff31534a226e8ea526
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 4eeb69c983)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The http URL redirects to https. This commit updates this URL to
directly use https.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2aa3a23bbe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Wireless regulatory database lists the allowed radio frequencies for
each local jurisdiction. Since linux-4.15 the kernel supports loading
the files regulatory.db/regulatory.db.p7s directly from the
/lib/firmware directory. Currently this package is not enabled and
kernel complains with the following message on every boot:
"""
platform regulatory.0: Direct firmware load for regulatory.db failed
with error -2
cfg80211: failed to load regulatory.db
"""
Add wireless regulatory database package to fix the issue.
Signed-off-by: Konstantin Aladyshev <aladyshev22@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 16e9f51490)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since the toolchain Bootlin update to 2023.11-1 [1], the arm Linux
kernel build is broken with binutils >= 2.41 with:
arch/arm/mm/proc-v7.S: Assembler messages:
arch/arm/mm/proc-v7.S:640: Error: junk at end of line, first unrecognized character is `#'
A similar issue has already be fixed for qemu m68k [2].
Bump to the latest kernel 4.19 that already include the backport
of 790756c7e022 ("ARM: 8933/1: replace Sun/Solaris style flag on section directive")
[1] 7e0e6e3b86
[2] a1ce9474e4
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6703222383
Signed-off-by: Romain Naour <romain.naour@smile.fr>
(cherry picked from commit 7e126bd38d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
GCC14 now treats implicit int types as error so when check() from
check-lxdialog.sh is called to check whether we can link against ncurses
it will fail silently and the help text indicating to install ncurses is
printed.
However, this is not due to missing ncurses but once the stderr redirect
to /dev/null is removed we can see the root cause:
<stdin>:2:1: error: return type defaults to ‘int’ [-Wimplicit-int]
So, in order for menuconfig to work with GCC14 lets just specify the
return type of main() as int.
Npte that the upstream kconfig in the linux kernel source tree no longer
carries or uses the check-lxdialog.sh script since commit 1c5af5cf9308
(kconfig: refactor ncurses package checks for building mconf and nconf),
so there is no commit we can backport to our kconfig copy.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Tested-by: Petr Vorel <petr.vorel@gmail.com>
[yann.morin.1998@free.fr: add note about upstream kernel]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a6210d28db)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2021-3575: A heap-based buffer overflow was found in openjpeg in
color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An
attacker could use this to execute arbitrary code with the permissions of
the application compiled against openjpeg.
Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ff36bc68cd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
To ensure the correct prefix is used in the generated tinycbor.pc instead of
/usr/local:
>>> tinycbor 0.6.0 Building
..
sed > tinycbor.pc < tinycbor.pc.in \
-e 's,@prefix@,/usr/local,' \
-e 's,@exec_prefix@,/usr/local,' \
-e 's,@libdir@,/usr/local/lib,' \
-e 's,@includedir@,/usr/local/include,' \
-e 's,@version@,0.6.0,'
>>> tinycbor 0.6.0 Installing to staging directory
..
install -m 644 tinycbor.pc /path/to/buildroot/output/host/aarch64-buildroot-linux-gnu/sysroot/usr/lib/pkgconfig/tinycbor.pc
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b059e08420)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because
strcpy is used instead of strncpy.
Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit dfaa34ddd3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
/dev/shm is a world-writable directory, like /tmp, and should also
have the sticky bit set. Without this, any user can delete and
replace another user's files in /dev/shm.
This bug has been present since /dev/shm was added to the skeleton
/etc/fstab, but appears to have been fixed for systems using systemd
by commit 76fc9275f1 "system: separate sysv and systemd parts of the
skeleton" which went into Buildroot 2017.08.
Signed-off-by: Ben Hutchings <ben.hutchings@mind.be>
Fixes: 22fde22e35
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0b2967e158)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
TestATFVexpress is using vexpress_aemv8a_juno as as u-boot defconfig
but the Buildroot defconfig of this board was removed in 2022.11 [1]
Since both TestATFVexpress and TestATFAllwinner are now using mainline
ATF, we don't really need several ATF test anymore. Initially [2],
several runtime test were added to test ATF/U-Boot combinations when
ATF was provided by a vendor: vexpress (mainline), Allwinner and
Marvell.
Keep TestATFAllwinner as ATF mainline test.
[1] 347c108738
[2] 8cf3ce04e9
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 107bcd536d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
u-boot-2021.04 seems to be broken when pylibfdt support is enabled
and the latest python3/setuptools are used.
Since the TestATFAllwinner is using bananapi_m64 as u-boot defconfig
but the Buildroot defconfig of this board was removed in 2022.11 [1]
update TestATFAllwinner to use a newer BSP. Use the one provided
by orangepi_zero_plus2_defconfig.
[1] daf3c6661f
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6477656317 (TestATFAllwinner)
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit eb16148ddd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since the toolchain Bootlin update to 2023.11-1 [1], the arm Linux
kernel build is broken with binutils >= 2.41 with:
arch/arm/mm/proc-v7.S: Assembler messages:
arch/arm/mm/proc-v7.S:640: Error: junk at end of line, first unrecognized character is `#'
A similar issue has already be fixed for qemu m68k [2].
Bump to the latest kernel 4.19 that already include the backport
of 790756c7e022 ("ARM: 8933/1: replace Sun/Solaris style flag on section directive")
[1] 7e0e6e3b86
[2] a1ce9474e4
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6414160106 (TestFileCapabilities)
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 07ef00df9b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
--with-xdebug is not recognized since the addition of the package in
commit 7b7dffd098:
configure: WARNING: unrecognized options: --disable-gtk-doc, --disable-gtk-doc-html, --disable-doc, --disable-docs, --disable-documentation, --with-xmlto, --with-fop, --disable-dependency-tracking, --enable-ipv6, --disable-nls, --with-xdebug
Fixes: 7b7dffd098
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 98ee9f8b49)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
zlib is an optional dependency dependency (enabled by default) since the
addition of the package in commit
8aaa7ecbce
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 05f5e5b6f8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Although -Wmain-return-type is not considered as error (unlike
-Wimplicit-int), but just a warning, let's fix it for the future.
<stdin>:1:1: warning: return type of 'main' is not 'int' [-Wmain-return-type]
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3c9d067590)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with gcc >= 13:
In file included from ../src/basic/macro.h:446,
from ../src/basic/alloc-util.h:10,
from ../src/shared/install.c:12:
../src/shared/install.c: In function ‘install_changes_dump’:
../src/shared/install.c:444:64: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
444 | err = log_error_errno(changes[i].type, "Failed to %s unit, unit %s does not exist.",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/e0d6b7d41fefec539a17a3ef5c89c192ce29fd04
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 066c3e67d7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix a potential denial of service caused by accepting arbitrary
length primes as potential elliptic curve parameters in ASN.1
encodings. With very large inputs the primality verification
can become computationally expensive. Now any prime field larger
than 1024 bits is rejected immediately.
https://botan.randombit.net/news.html#version-3-3-0-2024-02-20
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 2fcc74594c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Vulnerabilities
- [High] CVE-2024-0901 Potential denial of service and out of bounds
read. Affects TLS 1.3 on the server side when accepting a connection
from a malicious TLS 1.3 client. If using TLS 1.3 on the server side
it is recommended to update the version of wolfSSL used.
- [Med] CVE-2024-1545 Fault Injection vulnerability in
RsaPrivateDecryption function that potentially allows an attacker
that has access to the same system with a victims process to perform
a Rowhammer fault injection.
- [Med] Fault injection attack with EdDSA signature operations. This
affects ed25519 sign operations where the system could be susceptible
to Rowhammer attacks.
No official tarball provided so switch to github and set autoreconf
https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 3a2891621c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The LIBS environment variable is ignored since bump to version 1.0.1 and
switch to cmake build system in commit
203725a46b resulting in the following
build failure:
/home/buildroot/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-musleabihf/12.3.0/../../../../arm-buildroot-linux-musleabihf/bin/ld: CMakeFiles/clamonacc.dir/inotif/hash.c.o: in function `onas_ht_add_hierarchy':
hash.c:(.text+0xa84): undefined reference to `fts_open'
Fixes: 203725a46b
- http://autobuild.buildroot.org/results/fe71ab29d02caeed609f1a181fccbd46b6feff65
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit b526b2aa15)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This bump will fix the following build failure with gcc 5 raised since
bump to version 57 in commit 65c8a9b662
thanks to
4e618f77d4:
In file included from /home/buildroot/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/mips-linux-gnu/include/c++/5.3.0/cstdint:35:0,
from ../cpp/INIReader.h:17,
from ../cpp/INIReader.cpp:16:
/home/buildroot/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/mips-linux-gnu/include/c++/5.3.0/bits/c++0x_warning.h:32:2: error: #error This file requires compiler and library support for the ISO C++ 2011 standard. This support is currently experimental, and must be enabled with the -std=c++11 or -std=gnu++11 compiler options.
#error This file requires compiler and library support for the \
^
https://github.com/benhoyt/inih/releases/tag/r58
Fixes: 65c8a9b662
- http://autobuild.buildroot.org/results/7a5ba516cde536e103669a0422d336dd8a3b1dbc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit bfa4dd299f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
QorIQ processors family also includes LS Series wich are based on aarch64
Signed-off-by: David Gouarin <dgouarin@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 2656ca8912)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Only the 32bit ARM blob provides the framebuffer backend. This is
apparently independent of which imx8 derivate is used, so changed
the condition for the config option accordingly.
Signed-off-by: Andreas Naumann <anaumann@ultratronik.de>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 47a02a5afc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
dmraid is a very old package from 2010 with an awkward configure script
which doesn't honor CFLAGS:
ac_cv_env_CFLAGS_set=set
ac_cv_env_CFLAGS_value='-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g0 '
[...]
## ----------------- ##
## Output variables. ##
## ----------------- ##
AWK='gawk'
CC='/home/autobuild/autobuild/instance-3/output-1/host/bin/sh4a-buildroot-linux-musl-gcc'
CFLAGS='-O2'
resulting in the following build failure with musl >= 1.2.4 and
25e6fee27f
because _LARGEFILE64_SOURCE is not set:
/home/autobuild/autobuild/instance-3/output-1/host/lib/gcc/sh4a-buildroot-linux-musl/12.3.0/../../../../sh4a-buildroot-linux-musl/bin/ld: misc/file.o: in function `rw_file':
file.c:(.text+0x150): undefined reference to `lseek64'
To fix this issue, pass TARGET_CONFIGURE_OPTS through DMRAID_MAKE_OPTS
Fixes:
- http://autobuild.buildroot.org/results/5c7c82959ce92db908d3ca20e2c1137509c2f981
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit de6415ad9c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
sortGrid()'s handling of git hashes and other large hex numbers
has been inconsistent, they can be detected as strings or numbers
depending on what type of character they start with.
This patch fixes the behaviour by using a regex to capture everything
that looks like a big hex number and treat it as a string.
This means when you sort by current version ascending all the version
strings with big hex numbers should show up first, sorted 0-9,a-f.
First we check for a string length >= 39, and then apply a regex
to return an array with every char from that string that matched
the regex. If the length of this array is still >= 39 we can assume
we are looking at something containing a git hash.
The reason why the length is defined as ">= 39" and not "40" or
"39 or 40" is twofold:
Firstly, 39 was chosen as a minimum to match stuff with 39 char git
hashes, like the rockchip-mali package.
Secondly, there is no max because we actually want to catch not
just explicitly git hashes, but any verson string with big gnarly
hex numbers in it.
Stuff like: "1.4.2-168-ged3039cdbeeb28fc0011c3585d8f7dfb91038292"
Why? Well, the idea is less about git hashes and sorting
and more about grouping similarly formatted version strings.
It would be impossble (or at least annoyingly complicated) and of
dubious utility to get a real sequential sort out of the
current version column, so the attempt here is to at the very
least collect all the similarly formatted things together.
This isn't perfect, but it's a (arguably) more useful sorted
output than before.
A demo is available here:
https://sen-h.codeberg.page/pkg-stats-demos/@pages/fix-improve-git-hash-sorting.html
Signed-off-by: Sen Hastings <sen@hastings.org>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit ce7363524c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Because the div_class variable was not reassigned a value,
cells in the latest_version column were still being assigned
hash_file classes and so were being picked up as elements in
the hash_file sort. This lead to execessive grid gap elements
stacking up and creating huge blank spaces at the top of the page.
This is very noticable on pages with a large number of packages,
like the ones the autobuilder creates.
original behaviour(click the "Hash file" column label twice):
http://autobuild.buildroot.org/stats/master.html
demo of fixed behaviour:
https://sen-h.codeberg.page/pkg-stats-demos/@pages/fix-bug-when-sorting-by-hash-file.html
Signed-off-by: Sen Hastings <sen@hastings.org>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 6e3d79f52e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following x86 build failure raised since bump to version 1.8.0
in commit 81802e263a and
8df5540c53:
/home/buildroot/autobuild/run/instance-1/output-1/build/tcf-agent-1.8.0/agent/tcf/services/tcf_elf.c: In function 'unpack_elf_symbol_info':
/home/buildroot/autobuild/run/instance-1/output-1/build/tcf-agent-1.8.0/agent/tcf/services/tcf_elf.c:2079:27: error: 'STT_ARM_16BIT' undeclared (first use in this function)
2079 | if (info->type == STT_ARM_16BIT) {
| ^~~~~~~~~~~~~
/home/buildroot/autobuild/run/instance-1/output-1/build/tcf-agent-1.8.0/agent/tcf/services/tcf_elf.c:2079:27: note: each undeclared identifier is reported only once for each function it appears in
/home/buildroot/autobuild/run/instance-1/output-1/build/tcf-agent-1.8.0/agent/tcf/services/tcf_elf.c: In function 'create_symbol_addr_search_index':
/home/buildroot/autobuild/run/instance-1/output-1/build/tcf-agent-1.8.0/agent/tcf/services/tcf_elf.c:2228:78: error: 'STT_ARM_16BIT' undeclared (first use in this function)
2228 | if (type == STT_FUNC || type == STT_ARM_TFUNC || type == STT_ARM_16BIT) {
| ^~~~~~~~~~~~~
Fixes: 81802e263a
- http://autobuild.buildroot.org/results/8388acf59689ed7e621bdf158483e3df1cf9bef7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit dd595d3b06)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current version is more than 2 years old. Update to the latest.
This fixes runtime issues with the newer kernel used in our defconfigs
since commit 13ba668a2d.
License file changed name from LICENCE to LICENSE but is otherwise
unchanged.
There is a new directory "synaptics", install this one as well.
A lot of the files are symlinks. "install" creates copies for these,
which consumes a lot of unnecessary space. Instead of individually
restoring the links, using `cp --remove-destination --no-dereference`
and `chmod` instead of `install`.
Fixes: 13ba668a2d
Signed-off-by: Nisarg Jhaveri <nisargjhaveri@gmail.com>
[Arnout: correct license file name]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit ab24100537)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
According to https://www.sourceware.org/gdb/:
This is a minor corrective release over GDB 14.1, fixing the following issues:
PR symtab/31112 (DLL export forwarding is broken)
PR c++/31128 (gdb crashes when trying to print a global variable stub without a running inferior)
PR tdep/31254 ([gdb/tdep, arm] FAIL: gdb.threads/staticthreads.exp: up 10)
PR gdb/31256 (Crash with basic 'list .')
PR python/31366 (Frame.static_link() segfaults)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit bfefed17a9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_PACKAGE_TIFF_JBIG did actually not do anything, as no explicit
--enable-jbig was passed to configure and there is no libjbig in Buildroot,
so drop it and instead explicitly disable jbig support.
Also add --disable-jbig for the host build, which was missed when host
support was added in commit 91b16fbbf9 (tiff: add host variant).
As the TIFF_JBIG option was a noop, do not add legacy handling for it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a7d491b0ff)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We do not have liblerc in Buildroot and it may cause linking issues for
host-tiff on build hosts with liblerc:
libtool: link: /usr/bin/gcc -O2
-I/home/dragon/src/ft/ftcommunity-TXT/output/build/rootfs/per-package/host-tiff/host/include
-Wall -W -Wl,-rpath
-Wl,/home/dragon/src/ft/ftcommunity-TXT/output/build/rootfs/per-package/host-tiff/host/lib
-o tiffcp tiffcp.o
-L/home/dragon/src/ft/ftcommunity-TXT/output/build/rootfs/per-package/host-tiff/host/lib
../libtiff/.libs/libtiff.so ../port/.libs/libport.a -lLerc -ljbig -lm
-Wl,-rpath
-Wl,/home/dragon/src/ft/ftcommunity-TXT/output/build/rootfs/build/host-tiff-4.6.0/libtiff/.libs
-Wl,-rpath
-Wl,/home/dragon/src/ft/ftcommunity-TXT/output/build/rootfs/per-package/host-tiff/host/lib
/usr/bin/ld: ../libtiff/.libs/libtiff.so: undefined reference to
`deflateInit_'
/usr/bin/ld: ../libtiff/.libs/libtiff.so: undefined reference to `deflate'
/usr/bin/ld: ../libtiff/.libs/libtiff.so: undefined reference to
`deflateEnd'
/usr/bin/ld: ../libtiff/.libs/libtiff.so: undefined reference to `inflate'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a4011ec1e1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
No longer active in Buildroot. Keeping my name in the list sets the wrong
expectation regarding package updates or support.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1a01554027)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix a typo in the dependencies, and switch the type to 'exec'.
This ensures that the psplash-systemd service will find the
FIFO created by psplash.
Change the psplash-systemd dependency to BindsTo, so stopping
psplash itself will also end this service and free resources.
psplash-start service need to start early, otherwise it might try
to compete/take away the framebuffer from the final graphical
stack. Order it before sysinit.target.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 087115b96a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Run script with 'errexit' bash option to detect any errors from
subcommands.
It will fix situation where 'ddr_fw.bin' was missing but successfull
build created broken boot image. Post image script report this by:
cat: /home/user/buildroot/output/images/ddr_fw.bin: No such file or directory
and build finish with success.
Signed-off-by: Wojciech Nizinski <wojciech.nizinski@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4a1bcbe17e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_PACKAGE_LIBDRM_INTEL was dependent on BR2_i386
or BR2_x86_64, which made sense for integrated GPUs.
This is no longer valid with discrete GPUs so remove
this dependency to allow building on other CPU
architectures.
Signed-off-by: Francois Dugast <francois.dugast@intel.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 02e30af0d0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The trace-cmd runtime test has a typo and fails with output:
Traceback (most recent call last):
File "/build/buildroot/support/testing/tests/package/test_trace_cmd.py", line 53, in test_run
self.assertEquals(exit_code, 0)
^^^^^^^^^^^^^^^^^
AttributeError: 'TestTraceCmd' object has no attribute 'assertEquals'. Did you mean: 'assertEqual'?
The issue can be reproduced with the command:
support/testing/run-tests \
-d dl -o output_test \
tests.package.test_trace_cmd
This commit fixes the issue by removing the extra 's'.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2f507f1da5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The hash files do not use trailing backslash \ to continue lines, so
we don't want them to be interpreted thusly, so we use 'read -r'
(SC2162).
The h_file is used twice in the same loop, once for reading from it,
and once just to print it, so there is no conflict (SC2094).
Integrer variables need not be quoted (SC2086). In any case, should
there be an actual issue and they be set empty, that would cause a
runtime issue, wether they be quoted or not.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9cb421c16f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
the user tables do not use trailing backslash \ to continue lines,
so we don't want them to be interpreted thusly, so we use 'read -r'
(SC2162).
Integer variables need not be quoted (SC2086). In any case, should
there be an actual issue and they be set empty, that would cause a
runtime issue, wether they be quoted or not.
The binary -o and -a ar perfectly defined in bash's test (SC2166).
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 01b3053cec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 41ea61d59c (support/scripts/mkusers: allow option for system
uid/gid) confused GID and UID variables: the GID limits were used to
create UIDs.
Fix that.
Note that this fixes a shellcheck error; although there are many more
shellcheck errors, these fixes are semantically a bug that need to be
fixed separately from the coding style issues reported by shellcheck.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Norbert Lange <nolange79@gmail.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ebbcf5a0a7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Updates containerd to v1.7.14.
Highlights
Fix various timing issues with docker pusher
Register imagePullThroughput and count with MiB
Move high volume event logs to Trace level
Container Runtime Interface (CRI)
Handle pod transition states gracefully while listing pod stats
Runtime
Update runc-shim to process exec exits before init
https://github.com/containerd/containerd/releases/tag/1.7.14
Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2fa0f383b6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop patch that is included in this release. Drop autoreconf that was
introduced for this patch.
Fixes the following security issues:
* CVE-2024-2004
* CVE-2024-2379
* CVE-2024-2398
* CVE-2024-2466
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit fbeec56312)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update to the latest major release of docker-engine.
Fixes CVE-2024-29018: potential data exfiltration from 'internal'
networks via authoritative DNS servers. Do not forward requests to
external DNS servers for a container that is only connected to an
'internal' network.
https://github.com/moby/moby/releases/tag/v26.0.0
Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 1c178b6892)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
zic needs CC defined since version bump to 2024a, and upstream commit
c3ebd8e98846 (make Makefile more compatible with POSIX).
Use HOST_CONFIGURE_OPTS which contains the appropriate host CC setting,
as well as our host CFLAGS and LDFLAGS.
Fixes:
c99 -O1 -c -o zic.o zic.c
make[2]: c99: No such file or directory
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr: reword commit log, refer to upstream commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9139159d39)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 32934b526b (utils/checkpackagelib: check for Upstream trailers)
introduced a new python module to check Upstream tags in patch files. In
doing so, it introduced a flake8 coding style issue. That was not caught
when applying the change, and neither was it caught by our daily checks,
because the .checkpackagefile was regenerated right just in the next
commit, to apply ignore patterns to existing patch files.
It is a bit sad that one of our checks does not itself passes all our
checks...
Fix that trivial issue now.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 81bb14a935)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, we pass BR2_ROOTFS_POST_SCRIPT_ARGS to each of the scripts in
BR2_ROOTFS_PRE_BUILD_SCRIPT, but the option is not exposed in menuconfig
when only pre-build scripts are used.
Add the pre-build scripts to the condition exposing the extra args
option.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 96b3295ca1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
David's e-mail is bouncing:
<david.bachelart@bbright.com>: host aspmx.l.google.com[2a00:1450:400c:c0c::1a]
said: 550-5.1.1 The email account that you tried to reach does not exist.
Please try 550-5.1.1 double-checking the recipient's email address for
typos or 550-5.1.1 unnecessary spaces. For more information, go to 550
5.1.1 https://support.google.com/mail/?p=NoSuchUser
n19-20020a05600c4f9300b00414111d4396si2497070wmq.117 - gsmtp (in reply to
RCPT TO command)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e8fcd9876d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In commit ebe5d9edfe ("boot, package,
support, toolchain: switch to 2 spaces for the hash file"), all hash
files were migrated to use 2 spaces as the separator.
However, in the googlefontdirectory hash file, a command is present in
a comment to indicate how to generate the part of the hash file that
provides the list of license file hashes. This command was not updated
as part of ebe5d9edfe, so it still emits
a result in which a single space is used a separator between the hash
type (sha256) and the hash value.
This commit fixes that by using a 2-space separator.
Signed-off-by: Christian Hitz <christian.hitz@bbv.ch>
[Thomas: extracted from
https://patchwork.ozlabs.org/project/buildroot/patch/20240228145013.411919-2-christian@klarinett.li/
into a separate patch]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f139aab6fe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.21.9 (released 2024-04-03) includes a security fix to the net/http
package, as well as bug fixes to the linker, and the go/types and net/http
packages.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 24e996d14d (package/xvisor: fix build without python interpreter)
added a dependency on host-python3 for the d2c.py script, but this script
does not use any non-standard python modules so we can instead use
BR2_PYTHON3_HOST_DEPENDENCY to only build host-python3 if the build host
does not have python3.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7f08dc612c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 9496ff57e5 (package/openssh: bump to version 9.7p1) dropped
0001-better-detection-of-broken-fzero-call-used-regs.patch but forgot to
drop the autoreconf. Do that now.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7a480207fd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Busybox tc fails to build with kernel >= 6.8
For details see https://bugs.busybox.net/show_bug.cgi?id=15934
In addition, tc is a very rarely used tool, so not something that you
expect to be available in busybox by default.
Therefore, remove it from the default config.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 44c221c856)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The bitcoin Buildroot package has always disabled the wallet support.
This commit adds a config option to enable this support. This allows the
bitcoin-cli command to create wallets, generate addresses and send an
amount to a given address.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 958085d5f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 6ea2a27f90 forgot to add -lucontext
to LIBS resulting in the following build failure with zeromq:
/home/buildroot/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i586-buildroot-linux-musl/9.3.0/../../../../i586-buildroot-linux-musl/bin/ld: /home/buildroot/instance-0/output-1/host/i586-buildroot-linux-musl/sysroot/usr/lib32/libunwind.so.8: undefined reference to `setcontext'
Fixes: 6ea2a27f90
- http://autobuild.buildroot.org/results/893defe1588b2ca03c115b59b47be3f4aed438fb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 766c1613ae)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Buildroot commit 26d5d1c0a2 removed the
configure option --with-rfc2640 due to upstream commit:
33eda763bf
In the same upstream commit the iconv support was also removed because
it was only needed for rfc2640 support, this removal was forgotten in
the forementioned buildroot commit.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit f30f5e4f61)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
GMP does not build if the host gcc is v4.9 due to the following error
gen-sieve.c: In function 'setmask':
gen-sieve.c:99:3: error: 'for' loop initial declarations are only allowed in C99 or C11 mode
for (unsigned i = 0; i < 2 * a * b; ++i)
^
gen-sieve.c:99:3: note: use option -std=c99, -std=gnu99, -std=c11 or -std=gnu11 to compile your code
The gen-sieve utility was added in GMP v6.3.0. It is built using
CC_FOR_BUILD (host compiler) during cross compilation as it generates
build files. Autoconf does not have a macro for add -std=c99 to
CC_FOR_BUILD, so it must be set manually. For the target, it is set
correctly thanks to the AC_PROG_CC_C99 macro.
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 9553dc9a55)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Set default editor to /bin/vi to fix the following build failure when no
editor is found on host:
configure:40833: checking for vim
configure:40862: result: no
configure:40833: checking for vi
configure:40862: result: no
configure:40833: checking for emacs
configure:40862: result: no
configure:40833: checking for nano
configure:40862: result: no
configure:40833: checking for pico
configure:40862: result: no
configure:40833: checking for edit
configure:40862: result: no
configure:40874: error:
Failed to find a text file editor. CVS cannot be compiled
without a default log message editor. Searched for
`vim vi emacs nano pico edit'. Try `configure --with-editor'.
While at it, drop CVS_CONFIGURE_ARGS variable for simplicity
Fixes:
- http://autobuild.buildroot.org/results/5b8a747698bc2e64eb1f001e87577e86e4cb8d14
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 1455d5241b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable tests to avoid the following build failure with amdgpu and gcc 5
if cunit is built before libdrm:
In file included from ../tests/amdgpu/shader_test_util.c:10:0:
../tests/amdgpu/shader_code.h:113:2: error: initializer element is not constant
ps_##_ps##_shader_patchinfo_code_size_gfx##_n, \
^
tests can be disabled since
46d1e99a5d
Fixes:
- http://autobuild.buildroot.org/results/612aad1fa642993da36bbec6c16c9020ac283e34
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit f95069814b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since bump of libressl to version
3.5.2 in commit 8b216927db:
red-stream.cpp: In function 'RedStreamSslStatus red_stream_ssl_accept(RedStream*)':
red-stream.cpp:526:22: error: invalid use of incomplete type 'SSL' {aka 'struct ssl_st'}
526 | stream->priv->ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
| ^~
In file included from /home/buildroot/autobuild/instance-1/output-1/host/i686-buildroot-linux-gnu/sysroot/usr/include/openssl/err.h:120,
from red-stream.cpp:33:
/home/buildroot/autobuild/instance-1/output-1/host/i686-buildroot-linux-gnu/sysroot/usr/include/openssl/ossl_typ.h:173:16: note: forward declaration of 'SSL' {aka 'struct ssl_st'}
173 | typedef struct ssl_st SSL;
| ^~~~~~
Fixes:
- http://autobuild.buildroot.org/results/273eadf9e49af55e0932a8293ca65762fb43114f
- http://autobuild.buildroot.org/results/97601f321efc532de0c2ea6aa618ce11fad9e851
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4e5ea31630)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Enable DES in openssl to avoid the following build failure raised since
commit a83d41867c:
In file included from /home/buildroot/autobuild/run/instance-2/output-1/build/mariadb-10.11.6/libmysqld/../sql/mysqld.cc:50,
from /home/buildroot/autobuild/run/instance-2/output-1/build/mariadb-10.11.6/libmysqld/lib_sql.cc:34:
/home/buildroot/autobuild/run/instance-2/output-1/build/mariadb-10.11.6/libmysqld/../sql/des_key_file.h:26:3: error: 'DES_cblock' does not name a type
26 | DES_cblock key1, key2, key3;
| ^~~~~~~~~~
/home/buildroot/autobuild/run/instance-2/output-1/build/mariadb-10.11.6/libmysqld/../sql/des_key_file.h:31:3: error: 'DES_key_schedule' does not name a type; did you mean 'st_des_keyschedule'?
31 | DES_key_schedule ks1, ks2, ks3;
| ^~~~~~~~~~~~~~~~
| st_des_keyschedule
Fixes: a83d41867c
- http://autobuild.buildroot.org/results/bd067de9c2699dc9628c00b929a01890b14d53c1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8b3497f3ab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
btrfs doesn't depend on btrfs-progs but on headers >= 4.12 since bump to
version 24.0.2 in commit 314f62eda3 and
3208dcabdc
resulting in the following build failure:
daemon/graphdriver/btrfs/btrfs.go:13:6: error: #error "Headers from kernel >= 4.12 are required to build with Btrfs support."
#error "Headers from kernel >= 4.12 are required to build with Btrfs support."
^~~~~
daemon/graphdriver/btrfs/btrfs.go:14:6: error: #error "HINT: Set 'DOCKER_BUILDTAGS=exclude_graphdriver_btrfs' to build without Btrfs."
#error "HINT: Set 'DOCKER_BUILDTAGS=exclude_graphdriver_btrfs' to build without Btrfs."
^~~~~
daemon/graphdriver/btrfs/btrfs.go:18:10: fatal error: linux/btrfs_tree.h: No such file or directory
#include <linux/btrfs_tree.h>
^~~~~~~~~~~~~~~~~~~~
Fixes: 314f62eda3
- http://autobuild.buildroot.org/results/7d07eba37149d341dc86f9742bd166de874dcd5e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e30b38f1c5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
btrfs handling doesn't depend on btrfs-progs but on kernel >= 4.12 since
bump to version 1.7.7 in commit 79e01ef950
and
024a748c09
resulting in the following build failure:
In file included from vendor/github.com/containerd/btrfs/v2/btrfs.go:21:0:
./btrfs.h:19:2: error: #error "Headers from kernel >= 4.12 are required on compilation time (not on run time)"
#error "Headers from kernel >= 4.12 are required on compilation time (not on run time)"
^~~~~
In file included from vendor/github.com/containerd/btrfs/v2/btrfs.go:21:0:
./btrfs.h:22:10: fatal error: linux/btrfs_tree.h: No such file or directory
#include <linux/btrfs_tree.h>
^~~~~~~~~~~~~~~~~~~~
Fixes: 79e01ef950
- http://autobuild.buildroot.org/results/d6afeef47daae1783dcce3e2b6a0a16e3e5d5fbd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 43ca417c0c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, we grab the per-year CVE feeds, in two passes: first, we grab
the meta files, and check whether something has changed since last we
downloaded it; second, we download the feed proper, unless the meta file
has not changed, in which case we use the locally cached feed.
However, it has appeared that the FKIE releases no longer provide the
meta files, which means that (once again), our daily reports are broken.
The obvious fix would be to drop the use of the meta file, and always
and unconditionally download the feeds. That's relatively trivial to do,
but the feeds are relatively big (even as xz-xompressed).
However, the CVE database from FKIE is available as a git tree. Git is
pretty good at only sending delta when updating a local copy. In
addition, the git tree, contains each CVE as an individual file, so it
is relatively easier to scan and parse.
Switch to using a local git clone.
Slightly surprisingly (but not so much either), parsing the CVE files is
much faster when using the git working copy, than it is when parsing the
per-year feeds: indeed, the per-year feeds are xz-compressed, and even
if python is slow-ish to scan a directory and opening files therein, it
is still much faster than to decompress xz files. The timing delta [0]
is ~100s before and ~10s now, about a ten time improvement, over the
whole package set.
The drawback, however, is that the git tree is much bigger on-disk, from
~55MiB for the per-year compressed feeds, to 2.1GiB for the git tree
(~366MiB) and a working copy (~1.8GiB)... Given very few people are
going to use that, that's considered acceptable...
Eventually, with a bit of hacking [1], the two pkg-stats, before and
after this change, yield the same data (except for the date and commit
hash).
[0] hacking support/scripts/pkg-stats to display the time before/after
the CVE scan, and hacking support/scripts/cve.py to do no download so
that only the CVE scan happens (and also because the meta files are no
longer available).
[1] sorting the CVE lists in json, sorting the json keys, and using the
commit from the FKIE git tree that was used for the current per-year
feeds.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit fee7efafd0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Using PLATFORM=k3 can leads to a runtime boot crash on some K3 SoC (e.g.
j721e) because the optee flavor is missing.
We could use BR2_TARGET_OPTEE_OS_PLATFORM=k3 and
BR2_TARGET_OPTEE_OS_PLATFORM_FLAVOR=am64x but we actually can use
BR2_TARGET_OPTEE_OS_PLATFORM=k3-am64x as explained in the optee-os
Makefile [1]:
# If $(PLATFORM) is defined and contains a hyphen, parse it as
# $(PLATFORM)-$(PLATFORM_FLAVOR) for convenience
This is how meta-ti set the optee-os platform:
meta-ti]$ git grep OPTEEMACHINE
meta-ti-bsp/conf/machine/am437x-hs-evm.conf:OPTEEMACHINE = "ti-am43xx"
meta-ti-bsp/conf/machine/am57xx-hs-evm.conf:OPTEEMACHINE = "ti-am57xx"
meta-ti-bsp/conf/machine/beagleplay.conf:OPTEEMACHINE = "k3-am62x"
meta-ti-bsp/conf/machine/dra7xx-hs-evm.conf:OPTEEMACHINE = "ti-dra7xx"
meta-ti-bsp/conf/machine/include/am62axx.inc:OPTEEMACHINE = "k3-am62x"
meta-ti-bsp/conf/machine/include/am62pxx.inc:OPTEEMACHINE = "k3-am62x"
meta-ti-bsp/conf/machine/include/am62xx.inc:OPTEEMACHINE = "k3-am62x"
meta-ti-bsp/conf/machine/include/am64xx.inc:OPTEEMACHINE = "k3-am64x"
meta-ti-bsp/conf/machine/include/am65xx.inc:OPTEEMACHINE = "k3-am65x"
meta-ti-bsp/conf/machine/include/j7200.inc:OPTEEMACHINE = "k3-j721e"
meta-ti-bsp/conf/machine/include/j721e.inc:OPTEEMACHINE = "k3-j721e"
meta-ti-bsp/conf/machine/include/j721s2.inc:OPTEEMACHINE = "k3-j784s4"
meta-ti-bsp/conf/machine/include/j722s.inc:OPTEEMACHINE = "k3-am62x"
meta-ti-bsp/conf/machine/include/j784s4.inc:OPTEEMACHINE = "k3-j784s4"
meta-ti uses the OPTEEMACHINE to set optee-os platform [2].
[1] https://github.com/OP-TEE/optee_os/blob/4.0.0/Makefile#L37
[2] https://git.yoctoproject.org/meta-arm/tree/meta-arm/recipes-security/optee/optee-os.inc?h=4.0.3#n23
Suggested-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit fde806f822)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Using PLATFORM=k3 can leads to a runtime boot crash on some K3 SoC (e.g.
j721e) because the optee flavor is missing.
We could use BR2_TARGET_OPTEE_OS_PLATFORM=k3 and
BR2_TARGET_OPTEE_OS_PLATFORM_FLAVOR=am62x but we actually can use
BR2_TARGET_OPTEE_OS_PLATFORM=k3-am62x as explained in the optee-os
Makefile [1]:
# If $(PLATFORM) is defined and contains a hyphen, parse it as
# $(PLATFORM)-$(PLATFORM_FLAVOR) for convenience
This is how meta-ti set the optee-os platform:
meta-ti]$ git grep OPTEEMACHINE
meta-ti-bsp/conf/machine/am437x-hs-evm.conf:OPTEEMACHINE = "ti-am43xx"
meta-ti-bsp/conf/machine/am57xx-hs-evm.conf:OPTEEMACHINE = "ti-am57xx"
meta-ti-bsp/conf/machine/beagleplay.conf:OPTEEMACHINE = "k3-am62x"
meta-ti-bsp/conf/machine/dra7xx-hs-evm.conf:OPTEEMACHINE = "ti-dra7xx"
meta-ti-bsp/conf/machine/include/am62axx.inc:OPTEEMACHINE = "k3-am62x"
meta-ti-bsp/conf/machine/include/am62pxx.inc:OPTEEMACHINE = "k3-am62x"
meta-ti-bsp/conf/machine/include/am62xx.inc:OPTEEMACHINE = "k3-am62x"
meta-ti-bsp/conf/machine/include/am64xx.inc:OPTEEMACHINE = "k3-am64x"
meta-ti-bsp/conf/machine/include/am65xx.inc:OPTEEMACHINE = "k3-am65x"
meta-ti-bsp/conf/machine/include/j7200.inc:OPTEEMACHINE = "k3-j721e"
meta-ti-bsp/conf/machine/include/j721e.inc:OPTEEMACHINE = "k3-j721e"
meta-ti-bsp/conf/machine/include/j721s2.inc:OPTEEMACHINE = "k3-j784s4"
meta-ti-bsp/conf/machine/include/j722s.inc:OPTEEMACHINE = "k3-am62x"
meta-ti-bsp/conf/machine/include/j784s4.inc:OPTEEMACHINE = "k3-j784s4"
meta-ti uses the OPTEEMACHINE to set optee-os platform [2].
[1] https://github.com/OP-TEE/optee_os/blob/4.0.0/Makefile#L37
[2] https://git.yoctoproject.org/meta-arm/tree/meta-arm/recipes-security/optee/optee-os.inc?h=4.0.3#n23
Suggested-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f68c45f733)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
poco needs C++17 and gcc >=8 since bump to version 1.13.2 in commit
433c4fd38b and
78234857bf10f41c06d9
resulting in the following build failure with gcc 7:
In file included from src/Thread.cpp:28:0:
src/Thread_POSIX.cpp: In member function 'void Poco::ThreadImpl::setNameImpl(const string&)':
src/Thread_POSIX.cpp:162:56: error: no matching function for call to 'std::__cxx11::basic_string<char>::append(const string&, std::__cxx11::basic_string<char>::size_type)'
truncName.append(threadName, threadName.size() - half);
^
Fixes: 433c4fd38b
- http://autobuild.buildroot.org/results/7b1c144f39a8be4ce8f964aa13a52d0bf62dd0aa
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 54dbd8e2c5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Codescape mips toolchains are old (2018) and use glibc 2.20 which is not
compatible with 64-bit time_t raising the following build failure with
libselinux since commit 1c2dbcdcf0:
In file included from selinux_restorecon.c:17:0:
/home/buildroot/autobuild/instance-1/output-1/host/mipsel-buildroot-linux-gnu/sysroot/usr/include/fts.h:41:3: error: #error "<fts.h> cannot be used with -D_FILE_OFFSET_BITS==64"
# error "<fts.h> cannot be used with -D_FILE_OFFSET_BITS==64"
^~~~~
Fixes: 1c2dbcdcf0
- http://autobuild.buildroot.org/results/a4d38af627a42a2c55d60129787c51353d5883bf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 33605ea6d9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
bump to latest version because previous version did not work with python 3.11
Signed-off-by: Jeremy J. Peper <jeremy@jeremypeper.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 8a69af5fa4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
bump to latest version because previous version did not work with python 3.11
Signed-off-by: Jeremy J. Peper <jeremy@jeremypeper.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 0c27711002)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
bump to latest version because previous version did not work with python 3.11
corrected version mismatch with my first submission
Signed-off-by: Jeremy J. Peper <jeremy@jeremypeper.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 242781bb61)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Without python-gobject, we get the following runtime error:
ModuleNotFoundError: No module named 'gi'
Add python-gobject and propagate its dependencies.
While we're at it, split the DEPENDENCIES over several line and sort
them alphabetically.
Signed-off-by: Jeremy J. Peper <jeremy@jeremypeper.com>
Reviewed-by: Adam Duskett <adam.duskett@amarulasolutions.com>
[Arnout: reorder everything alphabeticall, split DEPENDENCIES over
several lines.]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 945b9f8d8e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
While fixing a build error
../src/egl/drivers/dri2/platform_x11.c: In function 'dri2_x11_get_msc_rate':
../src/egl/drivers/dri2/platform_x11.c:1229:44:
error: 'struct dri2_egl_display' has no member named 'screen_resources'
with this defconfig:
BR2_x86_64=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y
BR2_PACKAGE_MESA3D=y
BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_IRIS=y
BR2_PACKAGE_MESA3D_OPENGL_GLX=y
BR2_PACKAGE_MESA3D_OPENGL_EGL=y
BR2_PACKAGE_MESA3D_OPENGL_ES=y
BR2_PACKAGE_XORG7=y
(crocus and i915 drivers are also affected) it turns out that we can
assume the need for dri3 support when X.org is enabled as a hard depen-
dency even if mesa3d's configure does not throw errors when missing,
like for the Intel drivers.
Before this patch these Config.in options were used:
config BR2_PACKAGE_MESA3D_DRI3
select BR2_PACKAGE_XLIB_LIBXSHMFENCE
select BR2_PACKAGE_MESA3D_DRI3 if BR2_PACKAGE_XORG7
which can be translated into:
select BR2_PACKAGE_XLIB_LIBXSHMFENCE if BR2_PACKAGE_XORG7
and used at option BR2_PACKAGE_MESA3D_DRIVER.
Configure option -Ddri3=enabled is passed to mesa3d when at least one
driver is enabled along with X.org:
ifeq ($(BR2_PACKAGE_MESA3D_DRIVER)$(BR2_PACKAGE_XORG7),yy)
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit e2f87b3c15)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
codesourcery arm/aarch64 toolchains are old (2014) and use glibc
2.18/2.20 which are not compatible with 64-bit time_t raising the
following build failure with libcgroup since commit
1c2dbcdcf0:
In file included from ./libcgroup-internal.h:25:0,
from parse.y:21:
/home/buildroot/autobuild/run/instance-3/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/fts.h:41:3: error: #error "<fts.h> cannot be used with -D_FILE_OFFSET_BITS==64"
# error "<fts.h> cannot be used with -D_FILE_OFFSET_BITS==64"
^
Fixes: 1c2dbcdcf0
- http://autobuild.buildroot.org/results/e28f955f2b360f6e7bb231a5a3800cfbd17a23d7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: add Config.in.legacy entries]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 53a8c5150e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable -Werror to fix the following build failure with esp-hosted
raised at least since commit a382a7d554:
In function ‘destroy_cmd_wq’,
inlined from ‘esp_commands_teardown’ at /home/autobuild/autobuild/instance-4/output-1/build/esp-hosted-ce3c50a33fa4bc562a1b6cbcee292c1ae0b0a404/esp_hosted_ng/host/esp_cmd.c:1467:2:
./include/linux/workqueue.h:639:9: error: call to ‘__warn_flushing_systemwide_wq’ declared with attribute warning: Please avoid flushing system-wide workqueues. [-Werror=attribute-warning]
639 | __warn_flushing_systemwide_wq(); \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/home/autobuild/autobuild/instance-4/output-1/build/esp-hosted-ce3c50a33fa4bc562a1b6cbcee292c1ae0b0a404/esp_hosted_ng/host/esp_cmd.c:408:17: note: in expansion of macro ‘flush_scheduled_work’
408 | flush_scheduled_work();
| ^~~~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/6ac7a4601938d3296ed1657c06f8cdf433757d73
- http://autobuild.buildroot.org/results/7997cc8a67645a6e1cf4e24d172c6feae459dcfb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6b56e0b4f0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cf_gen.cc is compiled by host compiler and unconditionally uses auto
since bump to version 6.6 in commit
c13199c932 and
09835feb25
resulting in the following build failure with host gcc < 8:
/usr/bin/g++ -O2 -I/home/buildroot/autobuild/run/instance-1/output-1/host/include -o cf_gen ./cf_gen.cc -I. -I../include/ -I../src
./cf_gen.cc: In function 'int main(int, char**)':
./cf_gen.cc:268:63: error: forming reference to void
auto &newEntry = entries.emplace_back(name);
^
So add a dependency on host gcc >= 8 and gcc >= 8 as advocated by
upstream in
9d3433c4ac/doc/release-notes/release-6.sgml.in:
This release adds a dependency on C++17 support in any compiler used to build Squid.
GCC 8+ and Clang 8+ support C++17.
While at it, drop BR2_TOOLCHAIN_HAS_GCC_BUG_64735 which is always false
with gcc >= 7
Fixes: c13199c932
- http://autobuild.buildroot.org/results/f1766d1a3b2ce7745fa23cdeae1101806cd97aea
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b8db5c4660)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Select libucontext if the toolchain doesn't support ucontext to allow
building php on musl
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2824aa8a23)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Do not remove _FILE_OFFSET_BITS=64 from CFLAGS and CPPFLAGS to avoid the
following build failure with BR2_TIME_BITS_64 raised since commit
3c427c6472:
In file included from /home/fabrice/buildroot/output/host/mips-buildroot-linux-gnu/sysroot/usr/include/features.h:394,
from /home/fabrice/buildroot/output/host/mips-buildroot-linux-gnu/sysroot/usr/include/errno.h:25,
from pp.c:20:
/home/fabrice/buildroot/output/host/mips-buildroot-linux-gnu/sysroot/usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
26 | # error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
| ^~~~~
Indeed, this LFS workaround was there since the addition of the package
in commit cb328f77f8 and is only needed
to fix a build failure with the old codesourcery-arm toolchain from 2014
which uses glibc < 2.23. as glibc 2.23 was released in February 2016:
https://sourceware.org/glibc/wiki/Release/2.23, drop this workaround as
already done for libselinux in commit
c1fa9bc2f7. A follow-up patch will also
drop codesourcery-arm toolchain.
Fixes: 3c427c6472
- No autobuilder failures (yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0ac2d5a41a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Do not remove _FILE_OFFSET_BITS=64 from CFLAGS and CPPFLAGS to avoid the
following build failure with BR2_TIME_BITS_64 raised since commit
3c427c6472:
In file included from /home/fabrice/buildroot/output/host/mips-buildroot-linux-gnu/sysroot/usr/include/features.h:394,
from /home/fabrice/buildroot/output/host/mips-buildroot-linux-gnu/sysroot/usr/include/fts.h:53,
from restore.h:6,
from restore.c:1:
/home/fabrice/buildroot/output/host/mips-buildroot-linux-gnu/sysroot/usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
26 | # error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
| ^~~~~
Indeed, this LFS workaround was there since the addititon of the package
in commit 9d6da7a264 and is only needed to
fix a build failure with the old codesourcery-arm toolchain from 2014
which uses glibc < 2.23. as glibc 2.23 was released in February 2016:
https://sourceware.org/glibc/wiki/Release/2.23, drop this workaround as
already done for libselinux in commit
c1fa9bc2f7. A follow-up patch will also
drop codesourcery-arm toolchain.
Fixes: 3c427c6472
- No autobuilder failures (yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 85acd9b5b9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Do not remove _FILE_OFFSET_BITS=64 from CFLAGS and CPPFLAGS to avoid the
following build failure with BR2_TIME_BITS_64 raised since commit
3c427c6472:
In file included from /home/fabrice/buildroot/output/host/mips-buildroot-linux-gnu/sysroot/usr/include/features.h:394,
from ../include/libcgroup/error.h:9,
from ../include/libcgroup.h:21,
from log.c:15:
/home/fabrice/buildroot/output/host/mips-buildroot-linux-gnu/sysroot/usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
26 | # error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
| ^~~~~
Indeed, this LFS workaround is there since the addition of the package
in commit ff7191c12e and is only needed to
fix a build failure with the old codesourcery-arm toolchain from 2014
which uses glibc < 2.23. as glibc 2.23 was released in February 2016:
https://sourceware.org/glibc/wiki/Release/2.23, drop this workaround as
already done for libselinux in commit
c1fa9bc2f7. A follow-up patch will also
drop codesourcery-arm toolchain.
Fixes: 3c427c6472
- No autobuilder failures (yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1c2dbcdcf0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following CVEs:
CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm
CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm
CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect
CVE-2024-24785: html/template: errors returned from MarshalJSON methods may break template escaping
CVE-2024-24784: net/mail: comments in display names are incorrectly handled
https://go.dev/doc/devel/release#go1.21.8
Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a94f816e45)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-03-20 21:17:21 +01:00
1327 changed files with 20347 additions and 8135 deletions
Be careful when choosing a name: It has to be unique and be made
with only ASCII characters from the set +[A-Za-z0-9_]+.
* Then, change every occurence of +BR2_EXTERNAL+ in your br2-external
* Then, change every occurrence of +BR2_EXTERNAL+ in your br2-external
tree with the new variable:
+
----
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
