Commit Graph

70161 Commits

Author SHA1 Message Date
Peter Korsgaard
0ed48b952b Update for 2023.11-rc2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-29 22:57:14 +01:00
Bernd Kuhls
d3eff1cd76 package/samba4: security bump version to 4.19.3
Fixes CVE-2018-14628:
https://www.samba.org/samba/security/CVE-2018-14628.html

Release notes:
https://www.samba.org/samba/history/samba-4.19.3.html

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-29 22:27:00 +01:00
Fabrice Fontaine
cb92494405 package/libgdiplus: needs C++
Unfortunately, libgdiplus unconditionally calls AC_PROG_CXX since
version 6.1 for google-based tests resulting in the following build
failure without C++ since commit
5b6dd17b86 and
4f98022306:

checking whether the C++ compiler works... no
configure: error: in `/home/thomas/autobuild/instance-3/output-1/build/libgdiplus-6.1':
configure: error: C++ compiler cannot create executables

Fixes:
 - http://autobuild.buildroot.org/results/3757921a2160ca209089a0b47414a445cc42e35e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-29 22:26:32 +01:00
Fabrice Fontaine
02e80e06c5 package/gsl: fix musl build on m68k
Update patch to fix the following musl build failure with m68k which is
only raised (for an unknown reason) since bump to version 2.7.1 in commit
3e48f8358e:

In file included from fp.c:6:
fp-gnum68k.c:21:10: fatal error: fpu_control.h: No such file or directory
   21 | #include <fpu_control.h>
      |          ^~~~~~~~~~~~~~~

Add also upstream link to first patch iteration which was sent in
November 2022 but didn't get it any reply (like most of the other emails
sent to bug-gsl@gnu.org ...)

Fixes:
 - http://autobuild.buildroot.org/results/e59636f6ac148807c1c67f09eef0e0a9f5d52303

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-29 10:21:19 +01:00
Fabrice Fontaine
273b634f24 package/openrc: fix uclibc handling
Fix issues spotted by Yann E. Morin in commit
ca169d1d0a:
 - BR2_TOOLCHAIN_BUILDROOT_UCLIBC -> BR2_TOOLCHAIN_USES_UCLIBC
 - Add dependency to openrc package and not only to init system

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-29 10:00:43 +01:00
Fabrice Fontaine
e88823d667 package/refpolicy: fix build with smartmontools
Fix the following build failure with smartmontools raised since bump to
version 2.20231002 in commit 68de45491b:

 Compiling targeted policy.33
 env LD_LIBRARY_PATH="/home/thomas/autobuild/instance-2/output-1/host/lib:/home/thomas/autobuild/instance-2/output-1/host/usr/lib" /home/thomas/autobuild/instance-2/output-1/host/usr/bin/checkpolicy -c 33 -U deny -S -O -E policy.conf -o policy.33
 policy/modules/services/smartmon.te:146:ERROR 'type fsadm_exec_t is not within scope' at token ';' on line 237472:
 	allow smartmon_update_drivedb_t fsadm_exec_t:file { { getattr open map read execute ioctl } ioctl lock execute_no_trans };
 #line 146
 checkpolicy:  error(s) encountered while parsing configuration
 make[1]: *** [Rules.monolithic:80: policy.33] Error 1

Fixes:
 - http://autobuild.buildroot.org/results/a01123de9a8c1927060e7e4748666bebfc82ea44

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-29 09:59:03 +01:00
Fabrice Fontaine
a82ff22698 package/qemu: fix selinux module
Fix the following refpolicy build failure raised since commit
aa8e38a516:

policy.conf:2509:ERROR 'attribute virt_ptynode is not declared' at token ';' on line 2509:
type qemu_device_t;
type qemu_devpts_t, virt_ptynode;

Fixes:
 - http://autobuild.buildroot.org/results/210db01ac72cabd42e1478900cdbfa4cf4b19bcb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-29 09:58:57 +01:00
Yann E. MORIN
fb72418160 package/erlang: disable for uclibc, fix glibc-build
Commit 2cfa86a54882(package/erlang: bump version to 26.0.2) added a
patch to restore building on uClibc.

However, that patch is not upstream, and has been rejected:

    https://github.com/erlang/otp/pull/7500

    Please open a PR to https://github.com/asmjit/asmjit instead and we
    will get the fix next time we sync with upstream. We do not want
    theirs and our implementation to diverge.

Furthermore, it happens to work on uClibc, because uClibc does not
expose sys/auxv.h, but it fails to work on glibc, because the define is
not propagated to "sub-trees", and thus is never defined where it is
checked for, even when sys/auxv.h is available. This causes build
failures such as:

    asmjit/core/cpuinfo.cpp: In function ‘void asmjit::_abi_1_10::detectHWCaps(CpuInfo&, long unsigned int, const LinuxHWCapMapping*, size_t)’:
    asmjit/core/cpuinfo.cpp:840:24: error: ‘getauxval’ was not declared in this scope
      840 |   unsigned long mask = getauxval(type);
          |                        ^~~~~~~~~
    asmjit/core/cpuinfo.cpp: In function ‘void asmjit::_abi_1_10::detectARMCpu(CpuInfo&)’:
    asmjit/core/cpuinfo.cpp:972:21: error: ‘AT_HWCAP’ was not declared in this scope
      972 |   detectHWCaps(cpu, AT_HWCAP, hwCapMapping, ASMJIT_ARRAY_SIZE(hwCapMapping));
          |                     ^~~~~~~~
    asmjit/core/cpuinfo.cpp:973:21: error: ‘AT_HWCAP2’ was not declared in this scope
      973 |   detectHWCaps(cpu, AT_HWCAP2, hwCapMapping2, ASMJIT_ARRAY_SIZE(hwCapMapping2));
          |                     ^~~~~~~~~

Yet, sys/auxv.h was detected at configure time:

    checking for sys/auxv.h... yes

This defconfig is enough to reproduce the error:

    BR2_aarch64=y
    BR2_TOOLCHAIN_EXTERNAL=y
    BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
    BR2_PACKAGE_ERLANG=y

Since upstream refused the patch, and there is no fix that was submitted
to the actual upstream (asmjit), drop the rejectred patch, and disable
for uClibc: the patch is incorrect, and we can't fix a build issue on
uClibc by introducing another on glibc.

Fixes:
    http://autobuild.buildroot.org/results/fc1/fc19bad2263bdfacea594217d5ddfde0e27895b1/
    http://autobuild.buildroot.org/results/114/11416d81d5b27fc0627b335a971154c088d5754a/

Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Bernd Kuhls <bernd@kuhls.net>
Cc: Maxim Kochetkov <fido_max@inbox.ru>

Changes v1 -> v2:
  - update comment when unavailable

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-29 08:41:30 +01:00
Francois Perrad
127986f3ed package/perl: security bump to 5.36.2
fix CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-29 08:37:29 +01:00
Bernd Kuhls
c9222fe0fc {linux, linux-headers}: bump 4.{14, 19}.x / 5.{4, 10, 15}.x / 6.{1, 5, 6}.x series
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-28 23:56:50 +01:00
Fabrice Fontaine
ca169d1d0a system/Config.in: disable openrc with uclibc
openrc raises the following uclibc build failures since bump to version
0.51 in commit 730c90faa3:

../src/rc-abort/rc-abort.c: In function 'main':
../src/rc-abort/rc-abort.c:27:21: error: implicit declaration of function 'kill'; did you mean 'killpg'? [-Werror=implicit-function-declaration]
   27 |                 if (kill(pid, SIGUSR1) != 0)
      |                     ^~~~
      |                     killpg

../src/libeinfo/libeinfo.c: In function 'colour_terminal':
../src/libeinfo/libeinfo.c:319:26: error: implicit declaration of function 'fileno' [-Werror=implicit-function-declaration]
  319 |         if (f && !isatty(fileno(f)))
      |                          ^~~~~~

../src/librc/librc-misc.c: In function 'rc_getfile':
../src/librc/librc-misc.c:79:14: error: implicit declaration of function 'fileno'; did you mean 'd_fileno'? [-Werror=implicit-function-declaration]
   79 |         fd = fileno(fp);
      |              ^~~~~~
      |              d_fileno

../src/librc/librc-daemon.c: In function 'rc_service_daemons_crashed':
../src/librc/librc-daemon.c:633:37: error: implicit declaration of function 'kill'; did you mean 'killpg'? [-Werror=implicit-function-declaration]
  633 |                                 if (kill(pid, 0) == -1 && errno == ESRCH)
      |                                     ^~~~
      |                                     killpg

These build failures could be fixed by patching openrc but upstream
is not happy with this patch: https://github.com/OpenRC/openrc/pull/674.

So, as advised by Yann E. Morin, openrc is hidden away for uClibc, until
upstream has a proper fix.

Fixes:
 - http://autobuild.buildroot.org/results/494ef392a971ddb3c5c7b01e0149c6439018dbe7

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-28 23:55:35 +01:00
Fabrice Fontaine
e5af07dce9 package/libxml2: security bump to version 2.11.6
Fix CVE-2023-45322: libxml2 through 2.11.5 has a use-after-free that can
only occur after a certain memory allocation fails. This occurs in
xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think
these issues are critical enough to warrant a CVE ID ... because an
attacker typically can't control when memory allocations fail."

https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.11.6/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-28 21:54:45 +01:00
Fabrice Fontaine
6bd302c631 package/vim: security bump to version 9.0.2136
Fix CVE-2023-46246, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233,
CVE-2023-48234, CVE-2023-48235, CVE-2023-48236 and CVE-2023-48237

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-28 21:54:25 +01:00
Fabrice Fontaine
7fb3c96a7b package/squid: security bump to version 6.5
Fix CVE-2023-5824, CVE-2023-46724, CVE-2023-46846, CVE-2023-46847 and
CVE-2023-46848

https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255
https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh
https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3
https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g
https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w

https://github.com/squid-cache/squid/blob/SQUID_6_5/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-28 21:52:21 +01:00
Fabrice Fontaine
bc96e9da0d package/memcached: security bump to version 1.6.22
Fix CVE-2023-46852: In Memcached before 1.6.22, a buffer overflow exists
when processing multiget requests in proxy mode, if there are many
spaces after the "get" substring.

Fix CVE-2023-46853: In Memcached before 1.6.22, an off-by-one error
exists when processing proxy requests in proxy mode, if \n is used
instead of \r\n.

https://github.com/memcached/memcached/wiki/ReleaseNotes1622

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-28 21:51:38 +01:00
Fabrice Fontaine
d675873f4f package/vlc: security bump to version 3.0.20
Fix CVE-2023-47359: Videolan VLC prior to version 3.0.20 contains an
incorrect offset read that leads to a Heap-Based Buffer Overflow in
function GetPacket() and results in a memory corruption.

Fix CVE-2023-47360: Videolan VLC prior to version 3.0.20 contains an
Integer underflow that leads to an incorrect packet length.

https://code.videolan.org/videolan/vlc/-/blob/3.0.20/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-28 21:49:49 +01:00
Brandon Maier
8ad1a2eaa5 docs/website: fix favicon
When the favicon image was added in f26e61319f (docs/website: add
favicon.png), it was added to a different directory then where the header's
icon link points. This causes the favicon to fail to load with 404.

While we are here, remove the "shortcut" rel attribute as it is non-standard
and it's recommended not to use it[1].

[1] https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/rel#sect4

Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-28 21:49:36 +01:00
Fabrice Fontaine
aa0f115bf7 package/janet: needs MMU
janet unconditionally uses fork since version 1.32.0 and
4b8c1ac2d2
resulting in the following build failure since bump to version 1.32.1 in
commit c87abf01a9:

janet.c:(.text+0x19bbc): undefined reference to `fork'

Fixes:
 - http://autobuild.buildroot.org/results/f0771fc6c9905d3a6d60ce245df585b3c6096f7f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-28 17:03:41 +01:00
Fabrice Fontaine
1267a234ff package/motion: fix webp build
Fix the following build failure raised since bump of webp to version
1.3.2 in commit c88c1d3319:

/home/autobuild/autobuild/instance-9/output-1/host/lib/gcc/aarch64_be-buildroot-linux-uclibc/13.2.0/../../../../aarch64_be-buildroot-linux-uclibc/bin/ld: picture.o: undefined reference to symbol 'WebPMemoryWriterClear'
/home/autobuild/autobuild/instance-9/output-1/host/lib/gcc/aarch64_be-buildroot-linux-uclibc/13.2.0/../../../../aarch64_be-buildroot-linux-uclibc/bin/ld: /home/autobuild/autobuild/instance-9/output-1/host/aarch64_be-buildroot-linux-uclibc/sysroot/usr/lib64/libwebp.so.7: error adding symbols: DSO missing from command line

Fixes:
 - http://autobuild.buildroot.org/results/9b859a701debeaddf1f9909e16adc6811a620576

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-28 17:01:59 +01:00
Fabrice Fontaine
07dad085fa package/exfatprogs: security bump to version 1.2.2
Fix CVE-2023-45897: exfatprogs before 1.2.2 allows out-of-bounds memory
access, such as in read_file_dentry_set.

https://github.com/exfatprogs/exfatprogs/blob/1.2.2/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-28 16:59:11 +01:00
Peter Seiderer
fbf0a6ea42 board/raspberrypi/config_4_64bit.txt: remove testing dtoverlay entries (vc4-kms-v3d-pi4, imx219)
Remove private/testing dtoverlay entries (vc4-kms-v3d-pi4, imx219 and
commented out ov5647) wrongly introduced by commit 689b9ac439
("package/rpi-firmware: rework boot/config file handling") [1].

[1] https://git.buildroot.net/buildroot/commit/?id=689b9ac439ab7b507c8982b6102bddf59d03efbf

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-27 19:50:46 +01:00
Gaël PORTAY
5be42d8da3 board/raspberrypi: fix autoprobing of bluetooth driver
The commit 689b9ac439 (package/rpi-firmware: rework boot/config file
handling) has split in two the property:

	dtoverlay=miniuart-bt,krnbt=on

Into:

	dtoverlay=miniuart-bt
	dtoverlay=krnbt=on

The initial property contained the dtbo file miniuart-bt[1] and its
parameter krnbt=on[2][3].

The first syntax is correct while the second is not. The krnbt=on is not
a dtoverlay[4] but a dtparam[5]. Therefore the property dtparam must be
used instead.

This fixes:

	# cat /sys/firmware/devicetree/base/chosen/user-warnings
	Failed to load overlay 'krnbt=on'

[1]: https://github.com/raspberrypi/linux/blob/rpi-5.10.y/arch/arm/boot/dts/overlays/miniuart-bt-overlay.dts
[2]: https://github.com/raspberrypi/linux/blob/rpi-5.10.y/arch/arm/boot/dts/overlays/miniuart-bt-overlay.dts#L91
[3]: https://github.com/raspberrypi/linux/blob/rpi-5.10.y/arch/arm/boot/dts/overlays/README#L213-L215
[4]: https://www.raspberrypi.com/documentation/computers/config_txt.html#dtoverlay
[5]: https://www.raspberrypi.com/documentation/computers/config_txt.html#dtparam

Signed-off-by: Gaël PORTAY <gael.portay@rtone.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-27 19:39:34 +01:00
Fabrice Fontaine
3da62675d7 package/exfatprogs: add EXFATPROGS_CPE_ID_VENDOR
cpe:2.3🅰️namjaejeon:exfatprogs is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/detail/F174A846-F275-4AD8-A0E3-6D0CEFDFF308

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-27 18:14:47 +01:00
Fabrice Fontaine
2c055121e7 package/x11r7/xwayland: add XWAYLAND_CPE_ID_VENDOR
cpe:2.3🅰️x.org:xwayland is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/detail/6F35318F-48A3-45B0-B70A-F953B7B0A0E8

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: s/VEBDOR/VENDOR/]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-27 18:14:26 +01:00
Maxim Kochetkov
4d549c071d package/postgresql: security bump version to 15.5
Release notes:
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/

Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870.

Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-26 22:42:26 +01:00
Michel Alex
3e76df02b3 package/libzenoh-pico: needs threads
Fixes:
http://autobuild.buildroot.net/results/c9138c32157042aa5bb1bfd3a8446e4c9361d0f5/

Signed-off-by: Alex Michel <alex.michel@wiedemann-group.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-26 22:34:57 +01:00
Fabrice Fontaine
e8ca87083b package/opensc: fix libressl build
Fix the following build failure with libressl >= 3.8 raised since bump
of libressl to version 3.8.2 in commit
21eca49ed5:

In file included from card-westcos.c:37:
/home/autobuild/autobuild/instance-11/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/openssl/evp.h:627:32: error: macro "EVP_sha3_224" passed 1 arguments, but takes just 0
  627 | const EVP_MD *EVP_sha3_224(void);
      |                                ^

Fixes:
 - http://autobuild.buildroot.org/results/cecee659371f370bf4bd2b27a4752bf20ceff326

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-26 22:28:05 +01:00
Fabrice Fontaine
71bdba661e package/libpam-tacplus: fix build without SSP
The following build failure without stack-protector occurs since commit
160f0e4b5f (package/libpam-tacplus: bump to version 1.7.0):

    cc1: warning: '-fstack-protector' not supported for this target
    In file included from libtac/lib/xstrncpy.c:36:
    libtac/lib/xstrncpy.c: In function 'xstrncpy':
    ./libtac/include/libtac.h:71:15: error: called object is not a function or function pointer
       71 | #define abort exit(EXIT_FAILURE)
          |               ^~~~

Since we are passing the appropriate SSP and fortify flags via our
toolchain wrapper, we need to tell the package not to add its own.
Upstream commit b1054ad8bb33 (Add '--disable-am-ldcflags' configure
option), available since version 1.4.1, has been added for "a
distribution to select its own C/LD flags" which is exactly our
situation.

So that's what we do: replace the ax cache variable by this new
configure flag.

Fixes:
 - http://autobuild.buildroot.org/results/cc8a7c5cca65e002d40a775f09e3c4577fbab5b7

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-26 22:18:55 +01:00
James Hilliard
1185c0256b package/python-msgpack: fix build without cpp toolchain
Prior to being updated to version 1.0.7 in
014a66fcde python-msgpack would
automatically fall back to the pure python version if the cpp based
optimized extension would fail to build for any reason.

This however is no longer the case after updating to 1.0.7 where it
is now required that we explicitely set the MSGPACK_PUREPYTHON=1 if
we do not have cpp support enabled in the toolchain.

Fixes:
 - http://autobuild.buildroot.net/results/361/36185a19bed4bd57421a4d909bce1976c89d130f
 - http://autobuild.buildroot.net/results/477/477f822cb196ebc2246bcbdc1b6eaf940fc018cd

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr: add the comment]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-26 21:55:10 +01:00
Thomas Petazzoni
44243b4c80 package/netsnmp: revert back to 5.9.3, backport security fix
In commit 13fc9dcb34, netsnmp was bumped
from 5.9.3 to 5.9.4 to fix two CVEs.

However, even though it's a minor version bump, there are actually 163
commits upstream between those two minor releases, and some of them
are breaking existing use-cases. In particular upstream
a2cb167514ac0c7e1b04e8f151e0b015501362e0 now requires that config_()
macros in MIB files are terminated with a semicolon, causing a build
breakage with existing MIB files that were totally valid with 5.9.3.

This commit therefore proposes to revert back to 5.9.3, by reverting
those two commits:

56caafceab package/netsnmp: fix musl build
13fc9dcb34 package/netsnmp: security bump to version 5.9.4

and instead backport the one upstream commit that fixes both CVEs.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: fix typo as reported by Baruch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-26 18:23:49 +01:00
Gaël PORTAY
acd833c8c7 board/raspberrypi/readme.txt: fix typos
Signed-off-by: Gaël PORTAY <gael.portay@rtone.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-26 18:23:34 +01:00
José Luis Salvador Rufo
7fe685c510 package/zfs: fix zfs autotools cross-compilation
This commit addresses a long-standing bug encountered during ZFS
compilation in cross-platform environments. The issue arises because ZFS
autoconf triggers a `make modules` to detect if the kernel can compile
modules [1]. The problem occurs when autoconf uses the host environment
instead of the cross-platform environment.

To fix this, we export necessary environment variables to ensure that ZFS
autoconf utilizes the cross-platform environment correctly.

This patch resolves ZFS cross-platform compilations:
- http://autobuild.buildroot.net/results/ebeab256101bcba38c35fd55075c414e62f92caa/
- http://autobuild.buildroot.net/results/03b9f12a106bf100eec695a92b83bf09b22c68b0/
- http://autobuild.buildroot.net/results/c2da90337463607c2fadfeac7ad72e5c3899a61f/
- http://autobuild.buildroot.net/results/465a249f92d2f5db7ac4b61b4111e6cbaaa15688/
- http://autobuild.buildroot.net/results/7e2d3277e26fa5b0c8073a0e8b9e82f47ade9697/
- http://autobuild.buildroot.net/results/a8fb87336b09fef8787a7889dfcccf14fe1215b9/
- https://gitlab.com/kubu93/buildroot/-/jobs/1522848483

And fix a few emails:
- alpine.DEB.2.22.394.2108181630280.2028262@ridzo [build zfs into buildroot for raspberry pi 4]
- https://lists.buildroot.org/pipermail/buildroot/2021-August/621696.html
- https://lists.buildroot.org/pipermail/buildroot/2021-August/621345.html
- https://lists.buildroot.org/pipermail/buildroot/2022-July/646379.html
- https://lists.buildroot.org/pipermail/buildroot/2023-June/668467.html

[1] This is the full callback, you can just check the last link:
- https://github.com/openzfs/zfs/blob/zfs-2.1.12/config/kernel-declare-event-class.m4#L7C11-L7C11
- https://github.com/openzfs/zfs/blob/zfs-2.1.12/config/kernel.m4#L883
- https://github.com/openzfs/zfs/blob/zfs-2.1.12/config/kernel.m4#L868
- https://github.com/openzfs/zfs/blob/zfs-2.1.12/config/kernel.m4#L668

Signed-off-by: José Luis Salvador Rufo <salvador.joseluis@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-26 17:20:05 +01:00
Yann E. MORIN
2c3946fcb4 package/zfs: don't download patch generated from github
Git-generated patches embed the short-hash of the objects in the
repository. The length of those short hashes are subject to change
in at least three cases:

  - the number of objects in the repository increases, so git increases
    the length of short hashes to get a good change there is no
    collision;

  - the git configuration changes, see core.abbrev in git-config;

  - the heuristic to compute the length changes in a newer git version.

Since the bump to zfs 2.1.4 in commit 68dfd09708, the patch generated
by github has changed, causing download failures:

    wget --passive-ftp -nd -t 3 -O '/home/ymorin/dev/buildroot/O/master/build/.bc3f12bfac152a0c28951cec92340ba14f9ccee9.patch.uoFq9e/output' 'bc3f12bfac.patch'
    --2023-11-26 16:53:25--
    bc3f12bfac.patch
    Resolving github.com (github.com)... 140.82.121.3
    Connecting to github.com (github.com)|140.82.121.3|:443...  connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 2976 (2.9K) [text/plain]
    Saving to: ‘/home/ymorin/dev/buildroot/O/master/build/.bc3f12bfac152a0c28951cec92340ba14f9ccee9.patch.uoFq9e/output’

    /home/ymorin/dev/buildroot/O/ 100%[================================================>]   2.91K --.-KB/s in 0s

    2023-11-26 16:53:25 (15.0 MB/s) - ‘/home/ymorin/dev/buildroot/O/master/build/.bc3f12bfac152a0c28951cec92340ba14f9ccee9.patch.uoFq9e/output’ saved [2976/2976]

    ERROR: while checking hashes from package/zfs//zfs.hash
    ERROR: bc3f12bfac152a0c28951cec92340ba14f9ccee9.patch has wrong sha256 hash:
    ERROR: expected: 96a27353fe717ff2c8b95deb8b009c4eb750303c6400e2d8a2582ab1ec12b25a
    ERROR: got     : 246c80f66abca5a7e0c41cc7c56eec0b4cb7f16b142262480401142bbc2f999f
    ERROR: Incomplete download, or man-in-the-middle (MITM) attack

And indeed, the length of short hashes has increased by one since then.

Fix that by bundling the patch, with the short hashes that were known
then, so that it matches the sha256 we had for it.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-26 17:19:36 +01:00
Nicolas Cavallari
f7b9d3ad2b package/gcc: fix disabling the documentation
gcc.mk attempts to disable building the documentation by setting
MAKEINFO=missing, but it is not working.  If makeinfo is installed
and recent enough, gcc still uses it.  This can be checked easily:

grep BUILD_INFO='info' host-gcc-initial-*/build/gcc/config.log

It happens because the root ./configure script will check
$MAKEINFO --version (aka 'missing --version') and will overwrite it with
MAKEINFO='missing makeinfo' because the version does not match.

Having MAKEINFO='missing makeinfo' is a problem because
'missing makeinfo' will actually attempt to run 'makeinfo' before
failing with an error message.  If makeinfo is installed on the host,
then 'missing makeinfo' will successfully run makeinfo anyway.

Many gcc subprojects will check $MAKEINFO --version and enable building
the documentation if it is recent enough.  This patch overrides these
checks by forcing gcc_cv_prog_makeinfo_modern=no.

Building the GCC documentation can fail with the wrong makeinfo version.
It happened at least when building GCC 11.3.0 with makeinfo 7.1.

Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-26 16:37:29 +01:00
Fabrice Fontaine
6a94b0b763 package/oatpp: fix uclibc build
Fix the following uclibc build failure raised since the addition of the
package in commit d5bba26801:

In file included from /home/autobuild/autobuild/instance-4/output-1/build/oatpp-1.3.0/src/oatpp/algorithm/CRC.hpp:28,
                 from /home/autobuild/autobuild/instance-4/output-1/build/oatpp-1.3.0/src/oatpp/algorithm/CRC.cpp:25:
/home/autobuild/autobuild/instance-4/output-1/build/oatpp-1.3.0/src/oatpp/core/base/Environment.hpp:359:93: error: 'va_list' has not been declared
  359 |   static void vlogFormatted(v_uint32 priority, const std::string& tag, const char* message, va_list args);
      |                                                                                             ^~~~~~~

Fixes:
 - http://autobuild.buildroot.org/results/bcdf7548ff752f936defd111d13c63245ea70cbe

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-25 22:40:15 +01:00
Adam Duskett
d59f3d10e8 package/flutter-sdk-bin/Config.in.host: remove comment
flutter-sdk-bin isn't a rust package.

Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-25 12:25:04 +01:00
Adam Duskett
dfe68fc8d5 package/nodejs: downgrade GCC version requirements to 10
NodeJS requires GCC 10.1. However, GCC 10.1 is the first release of the
GCC 10.x series. As such, we can safely downgrade the GCC version
requirements to 10.

Tested with: run-tests tests.package.test_nodejs using Debian 11 and
gcc 10.2.1.

Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-18 22:43:47 +01:00
Antoine Coutant
d6d0f73a2e board/khadas/vim3: add the path of the devicetree in extlinux.conf
Without this patch, the devicetree used by linux at runtime is
the u_boot devicetree.

While using rusticl on the khadas vim3 board with the default
extlinux.conf, mesa's panfrost driver return "gpu shed timeout"
errors. Adding "devicetree /meson-g12b-khadas-vim3.dtb" to the
extlinux.conf file solve the problem. Linux successfully boot
with and without the change but without this patch the devicetree
used by linux at runtime is the u-boot devicetree.

The differences between the u-boot devicetree and the linux
devicetree are:
-The u-boot devicetree contains two more nodes than the linux devicetree. Those nodes are:
    - smbios : compatible option is set to "u-boot,sysinfo-smbios".
    - __symbols__ : present if -@ or --symbols is used during the devicetree compilation.
-Most of u-boot devicetree nodes have a "phandle" property.
-SoC and vpu have a "u-boot,dm-pre-reloc;" property.
-Some aliases are different.
-The u-boot operating points tables contains more nodes.
The size difference between the u-boot devicetree and the linux
devicetree is approximately 3.5kB.

During runtime, the linux devicetree have the "phandle" and
"u-boot,dm-pre-reloc;" properties and the smbios node. So,
The runtime devicetree is the one from u-boot.

Signed-off-by: Antoine Coutant <antoine.coutant@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-18 16:14:45 +01:00
Bernd Kuhls
d82a063ae9 package/kodi-pvr-hts: bump version to 20.6.5-Nexus
Changelog of this bugfix release:
https://github.com/kodi-pvr/pvr.hts/blob/Nexus/pvr.hts/changelog.txt

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-18 15:30:28 +01:00
Adam Duskett
38923639b0 package/flutter-sdk-bin: add target-os as linux
We build for Linux.

Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-18 14:47:21 +01:00
Adam Duskett
439c9516e8 package/flutter-engine: don't pollute user's home directory
flutter-engine will forcibly create ~/.dart/ and ~/.flutter/ and store
stuff in there.

This is however quite dirty and pollutes the user's home, and will also
not work when the home is read-only (e.g. shared in a container).

Forcibly redirect flutter-engine to the same location where we
redirected host-flutter-sdk-bin, using the same trick of redefining
HOME as for host-flutter-sdk-bin.

Ideally, we'd like to have some way to share this with all flutter-based
packages, but we so far have only a few of them, so it is too early to
even think about some commonalities (even less so about a shared infra).
So we just duplicate the setting for now, this can be revisited later.

Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-18 14:35:34 +01:00
Giulio Benetti
751e90e6eb configs/rockpro64_defconfig: add missing depenencies, extend rootfs size
U-Boot requires pylibfdt, pyelftools and openssl so let's enable U-Boot
corresponding BR2_TARGET_UBOOT_NEEDS_*.

Rootfs is not big enough because of Linux modules size so let's extend it
to 120MB.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/5551322041

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-18 14:26:23 +01:00
Peter Korsgaard
c54407541c package/intel-microcode: security bump to version 20231114
Includes fixes for INTEL-SA-00950:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html
https://lock.cmpxchg8b.com/reptar.html
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20231114

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-11-18 14:19:09 +01:00
Peter Korsgaard
de3c1390b3 docs/website: Update for 2023.02.7
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-14 21:34:28 +01:00
Peter Korsgaard
c9e1bbf29a Update for 2023.02.7
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 50d5f8974e)
[Peter: drop Makefile / Vagrantfile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-14 21:31:58 +01:00
Peter Korsgaard
ef0e5f8345 docs/website: Update for 2023.08.3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-14 19:18:06 +01:00
Peter Korsgaard
41978f360a Update for 2023.08.3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8ad64e724c)
[Peter: drop Makefile change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-14 19:15:57 +01:00
Peter Korsgaard
5c9f4d64de Update for 2023.11-rc1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-14 08:25:01 +01:00
Peter Korsgaard
f1ee7015a4 support/dependencies/check-host-tar.sh: blacklist tar 1.35+
GNU tar 1.35 changed the behaviour for the devmajor/devminor fields,
breaking the download hash validation.  For details, see:

https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html
https://patchwork.ozlabs.org/project/buildroot/patch/20231018141155.533944-1-vfazio@gmail.com/

To work around this issue, blacklist tar 1.35+ similar to how we do it for
pre-1.27 versions so Buildroot falls back to building host-tar (which is
currently 1.34).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-13 22:51:20 +01:00
Peter Korsgaard
ad0bb50dc7 package/tar: add upstream security patch for CVE-2022-48303
Fixes CVE-2022-48303: GNU Tar through 1.34 has a one-byte out-of-bounds read
that results in use of uninitialized memory for a conditional jump.
Exploitation to change the flow of control has not been demonstrated.  The
issue occurs in from_header in list.c via a V7 archive in which mtime has
approximately 11 whitespace characters.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: add _IGNORE_CVES entry]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-13 22:51:01 +01:00