Fix the following build failure:
/tmp/cckXvlOO.s:352: Error: selected processor does not support `smull r6,ip,r5,r0' in Thumb mode
Fixes:
- http://autobuild.buildroot.org/results/fdedcc8f68651ec34417d609b40effbac456c80d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: tweak comment]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 90e1a64cb0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the target-finalize-hook for bash was added in commit
311c9eebc4 in order to write bash into
/etc/shells, it was done at the same time as for package/mksh and it was
incorrectly copied and MKSH still appeared in the name of the hook.
The hook is now correctly named BASH_ADD_BASH_TO_SHELLS
Signed-off-by: Sebastian Weyer <sebastian.weyer@smile.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7f96255f4a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2022-29973: relan exFAT 1.3.0 allows local users to obtain
sensitive information (data from deleted files in the filesystem) in
certain situations involving offsets beyond ValidDataLength.
https://github.com/relan/exfat/releases/tag/v1.4.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d7085ab3ea)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2022-29973: relan exFAT 1.3.0 allows local users to obtain
sensitive information (data from deleted files in the filesystem) in
certain situations involving offsets beyond ValidDataLength.
- libfuse3 is supported since
7cbc1544a4https://github.com/relan/exfat/releases/tag/v1.4.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0c29b4281d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- remove 0001-cross-compile.patch
(superseded by upstream commit [1])
- rename 0002-sys-param-h.patch to 0001-sys-param-h.patch
- remove 0003-Merge-r1887279-from-trunk.patch
(from upstream [2])
- remove 0004-apr-1.7.0-CVE-2021-35940.patch
(superseded by upstream commit [3], remove APR_IGNORE_CVES accordingly)
- set new configure option '--disable-sctp' (no libsctp provided by buildroot)
- set new 'ac_cv_strerror_r_rc_int' explicitly to no (default for
cross compile)
- set new 'ac_cv_mmap__dev_zero' explicitly to yes
- revert two upstream commits ([4], [5]) to fix apr-util build, fails
otherwise because of some path mismatch where to find apr_rules.mk copied
to apr-util-1.6.3/build/rules.mk, fixes:
Makefile:50: .../build/apr-util-1.6.3/build/rules.mk: No such file or directory
For details see [6].
[1] 866e1df66b
[2] 0a763c5e50
[3] e0be630b68
[4] f82374627b
[5] b6dbbc77da
[6] https://downloads.apache.org/apr/CHANGES-APR-1.7
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 783cd8d90d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since the addition of the package
in commit 2a636d1521:
sed -i 's,[^ *]power_prep.*;,\tpower_prep="/home/autobuild/autobuild/instance-9/output-1/build/mxs-bootlets-10.12.01/power_prep/power_prep";,' /home/autobuild/autobuild/instance-9/output-1/build/mxs-bootlets-10.12.01/
sed: couldn't edit /home/autobuild/autobuild/instance-9/output-1/build/mxs-bootlets-10.12.01/: not a regular file
Fixes:
- http://autobuild.buildroot.org/results/b4b26f6b02fd1991f46eba5db240e5050b96d333
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8c44351907)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
pcm-tools needs NPTL since its addition in commit
60eb2cec80:
cpucounters.cpp: In constructor 'pcm::TemporalThreadAffinity::TemporalThreadAffinity(pcm::uint32, bool)':
cpucounters.cpp:252:9: error: 'pthread_getaffinity_np' was not declared in this scope; did you mean 'sched_getaffinity'?
252 | pthread_getaffinity_np(pthread_self(), set_size, old_affinity);
| ^~~~~~~~~~~~~~~~~~~~~~
| sched_getaffinity
Fixes:
- http://autobuild.buildroot.org/results/8bbf9c36af332bbf5e7c1abcbb594a0b231ef97e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9d74f85c97)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Daniel Lang <d.lang@abatec.at>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 159df6a531)
[Peter: drop 6.1.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a
heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted
TIFF image.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d7ae47f0c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A flaw was found in all released versions of m2crypto, where they are
vulnerable to Bleichenbacher timing attacks in the RSA decryption API
via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest
threat from this vulnerability is to confidentiality.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a86d44a3eb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d6f194c513)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit bd447bb88c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure:
Can't locate object method "hexhash" via package "MD5" at utils/git-testament.pl line 47
Fixes:
- http://autobuild.buildroot.org/results/3dddcbbe7f6ecae5a2db6fac11fb659719452f73
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b83a9675cb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
locale_t is unconditionally used since version 1.5 and
4ed6f0b3a4
resulting in the following build failure since the addition of the
package in commit 0c52826291:
module.c:33:37: error: unknown type name 'locale_t'
33 | static char *strerror_l(int errnum, locale_t locale UNUSED)
| ^~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/ede9eb1f13d56c77005cc448416fb2efa9d16ff0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a6b4217312)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with libressl by using SSL_is_server
which is available since version 2.7.0 and
d7ec516916:
iostream.c: In function 'ast_iostream_close':
iostream.c:559:41: error: invalid use of incomplete typedef 'SSL' {aka 'struct ssl_st'}
559 | if (!stream->ssl->server) {
| ^~
Fixes:
- http://autobuild.buildroot.org/results/ce4d62d00bb77ba5b303cacf6be7e350581a62f9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c8985cf50c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
threads are mandatory since version 19.1.1 and
9e4aa143fb
resulting in the following build failure since commit
cd206d9b80:
CMake Error at /home/thomas/autobuild/instance-2/output-1/host/share/cmake-3.22/Modules/FindPackageHandleStandardArgs.cmake:230 (message):
Could NOT find Threads (missing: Threads_FOUND)
Fixes:
- http://autobuild.buildroot.org/results/c1120932e8c212820b239ee8cd4a057623a73376
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b5d310772d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with sparc raised since bump to version
1.9.11p2 in commit 9b7f8da96b and
9fbbca7b7a:
hecking for X509_STORE_CTX_get0_cert
configure:21215: /home/thomas/autobuild/instance-3/output-1/host/bin/sparc-buildroot-linux-uclibc-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g0 -static -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DZLIB_CONST -static conftest.c -L/home/thomas/autobuild/instance-3/output-1/host/bin/../sparc-buildroot-linux-uclibc/sysroot/usr/lib -lssl -lz -pthread -latomic -lcrypto >&5
/home/thomas/autobuild/instance-3/output-1/host/lib/gcc/sparc-buildroot-linux-uclibc/10.4.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: /home/thomas/autobuild/instance-3/output-1/host/bin/../sparc-buildroot-linux-uclibc/sysroot/usr/lib/libcrypto.a(x509cset.o): in function `X509_CRL_up_ref':
x509cset.c:(.text+0x108): undefined reference to `__atomic_fetch_add_4'
[...]
In file included from ./hostcheck.c:38:
../../include/sudo_compat.h:342:41: error: conflicting types for 'ASN1_STRING_data'
342 | # define ASN1_STRING_get0_data(x) ASN1_STRING_data(x)
| ^~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/8be59dd94e4916f9457cb435104e36e62a28373b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4655d84ff5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure when OPENSBI_PLAT is empty raised since
commit 9b5b7165de:
/usr/bin/install -m 0644 -D /nvmedata/autobuild/instance-4/output-1/build/opensbi-0.9/build/platform//firmware/fw_jump.bin /nvmedata/autobuild/instance-4/output-1/images/fw_jump.bin
/usr/bin/install: cannot stat '/nvmedata/autobuild/instance-4/output-1/build/opensbi-0.9/build/platform//firmware/fw_jump.bin': No such file or directory
Fixes:
- http://autobuild.buildroot.org/results/8033327f090e4a3d84a7fce1f62b14fdf89dbd89
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bd061466f9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 9fc652a373 was incomplete as
mbedtls can be pulled in libcurl through libssh2 resulting in the
following build failure:
/home/autobuild/autobuild/instance-4/output-1/host/lib/gcc/powerpc64le-buildroot-linux-musl/11.3.0/../../../../powerpc64le-buildroot-linux-musl/bin/ld: /home/autobuild/autobuild/instance-4/output-1/host/powerpc64le-buildroot-linux-musl/sysroot/usr/lib//libmbedcrypto.a(md5.c.o): in function `mbedtls_md5_init':
md5.c:(.text+0x0): multiple definition of `mbedtls_md5_init'; ../../src/.libs/libmodsecurity.a(libmbedtls_la-md5.o):md5.c:(.text+0x0): first defined here
Fixes:
- http://autobuild.buildroot.org/results/4c235e46188f23d1a48297f4e5942cec7b25959a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 97bdc0616c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This minor release fixes a crash. Release notes:
https://wpewebkit.org/release/wpebackend-fdo-1.12.1.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 30c1aa539b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release, with many security fixes, including (but not limited to)
a patch for CVE-2023-23529.
Release notes:
https://webkitgtk.org/2023/02/15/webkitgtk2.38.5-released.html
Accompanying security advisory:
https://webkitgtk.org/security/WSA-2023-0002.html
Also raise the minimal GCC version to 8.3, which was already required since webkitgtk-2.36.4.
Similar to commit ec1ff802df,
we do check on >= GCC 8, because we can't check on >= GCC 8.3.
f812c5db1f
Signed-off-by: Thomas Devoogdt <thomas.devoogdt@gmail.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4c7fcbbe75)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
rockchip-mali pre-built libraries needs C++ since the addition of the
package in commit 97c74a73e5:
readelf -a output/build/rockchip-mali-721653b5b3b525a4f80d15aa7e2f9df7b7e60427/lib/aarch64-linux-gnu/libmali-bifrost-g31-rxp0-gbm.so|grep NEEDED
0x0000000000000001 (NEEDED) Shared library: [libpthread.so.0]
0x0000000000000001 (NEEDED) Shared library: [libdl.so.2]
0x0000000000000001 (NEEDED) Shared library: [librt.so.1]
0x0000000000000001 (NEEDED) Shared library: [libdrm.so.2]
0x0000000000000001 (NEEDED) Shared library: [libm.so.6]
0x0000000000000001 (NEEDED) Shared library: [libstdc++.so.6]
0x0000000000000001 (NEEDED) Shared library: [libgcc_s.so.1]
0x0000000000000001 (NEEDED) Shared library: [libc.so.6]
While at it, add a comment when dependencies are not met
Fixes:
- No autobuilder failures (yet), found when debugging an issue with
rockchip-mali and glslsandbox-player
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5f1858e859)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
wayland-protocols is an optional dependency which is enabled by default
resulting in the following wayland build failure since the addition of
the package in commit f201ca9d0d:
checking for wayland_client... yes
checking for wayland_egl... yes
configure: Wayland EGL support enabled
checking for wayland_protocols... no
configure: error: Package requirements (wayland-protocols >= 1.12) were not met:
Package 'wayland-protocols', required by 'virtual:world', not found
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
Alternatively, you may set the environment variables wayland_protocols_CFLAGS
and wayland_protocols_LIBS to avoid the need to call pkg-config.
Fixes:
- http://autobuild.buildroot.org/results/865af860f9e52fe5311bb0c6a246ff871ae5a989
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ee13e3fb41)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release, fixes zero-day CVE-2023-23529 and includes a few build
and behaviour patches as well.
Release notes:
https://wpewebkit.org/release/wpewebkit-2.38.5.html
Accompanying security advisory:
https://wpewebkit.org/security/WSA-2023-0002.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7852618c23)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In GNU Less before 609, crafted data can result in "less -R" not
filtering ANSI escape sequences sent to the terminal.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 924ca9414f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Shyam's email address at Savoir Faire Linux is bouncing, so drop it
from the DEVELOPERS file.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bd351c4e93)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For an unknown reason, wchar_t is incorrectly detected with uclibc
resulting in the following build failure:
In file included from igetevent.c:136:
imb_api.h:150:5: error: unknown type name 'wchar_t'
150 | wchar_t *Buffer;
| ^~~~~~~
The build failure can be reproduced even when reverting bump to version
3.1.8.
Fixes:
- http://autobuild.buildroot.org/results/e9ff3bd08e106dc834968bf5e4296ce8299027f8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7b4937a170)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
* CVE-2023-22490:
Using a specially-crafted repository, Git can be tricked into using
its local clone optimization even when using a non-local transport.
Though Git will abort local clones whose source $GIT_DIR/objects
directory contains symbolic links (c.f., CVE-2022-39253), the objects
directory itself may still be a symbolic link.
These two may be combined to include arbitrary files based on known
paths on the victim's filesystem within the malicious repository's
working copy, allowing for data exfiltration in a similar manner as
CVE-2022-39253.
* CVE-2023-23946:
By feeding a crafted input to "git apply", a path outside the
working tree can be overwritten as the user who is running "git
apply".
For more details, see the announcement:
https://lore.kernel.org/git/xmqqr0us5dio.fsf@gitster.g/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
dmalloc directly calls into $(LD) to generate a shared library our of
the static one.
To detect what command it should run, ./configure tries various
incantations of ld with various command line options until one does not
fail. One of those is (basically):
$(LD) --whole-archive -o contest.o.t contest.a
This makes ./configure conclude what the command to link a shared
library in the Makefile should be, and thus stores that in a variable:
shlinkargs='$(LD) --whole-archive -o $@'
... which is then AC_SUBST()ed into Makefile.in with a rule like:
$(SHLIB): $(LIBRARY)
@shlinkargs@ $(LIRARY)
which once substiuted, gives:
$(SHLIB): $(LIBRARY)
$(LD) --whole-archive -o $@ $(LIRARY)
However, when SSP is enabled, the __stack_chk_fail_local and co symbols
are provided by additional libraries or object files, and that is the
responsibility of gcc to pass those when linking. But as dmalloc
directly calls ld, it misses those.
Changing dmalloc to use $(CC) is not trivial, however.
First, we can't pass LD=$(TARGET_CC), otherwise the whole package
explodes [0]: indeed --whole-archive is unknown to gcc, so it must be
passed as -Wl,--whole archive instead. So we'd need to add a new test
that uses $(CC), like so:
$(CC) -Wl,--whole-archive -o contest.o.t contest.a
However, in that case, gcc does pass additional libs/objs (like, for
eample, the SSP ones) to the linker. But then those are also included
in the whole-archive section. This causes the linker to add all the
symbols form those libs/objs, even those not needed for SSP; on some
archs, like PPC, that may require floating point symbols (__muldiv3 et
al.) which are in another library, and thus the linker can't find them.
The proper solution wouild be to add -Wl,--no-whole-archive, but that
would have to be added _after_ the library we want to link, i.e.e we
should be able to evntually run:
$(CC) -Wl,--whole-archive -o $@ $(LIRARY) -Wl,--no-whole-archive
That would require that we introduce a new variable that is added
_after_ the $(LIBRARY), e.g. @shlinkargs_post@ or so...
This is a bigger endeavour than we want to pursue...
Since dmalloc is a debugging utility, it is not supposed to go into
production builds, and during debugging, it would not be surprising that
it needs to poke around arrays to debug them.
So, we go the easier route: disable SSP altogether.
[0] with lots of nice colors, but that's not the point, is it?
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3481674ee3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
