This script gives the address, the offset and the size of binaries have been
stored into U-Boot FIT image that contains TF-A, U-Boot and OP-TEE.
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure with libressl raised since bump to
version 3.5.2 in commit 8b216927db:
crypt.c:71:25: error: field 'h' has incomplete type
71 | _libssh2_cipher_ctx h;
| ^
Fixes:
- http://autobuild.buildroot.org/results/47f492ccd4888fe4a150b36e12c88f1e068d46b6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
sysdig 0.27.1 cannot be cross-compiled to, e.g., aarch64 because it uses open()
syscall [1].
This patch bumps its version to enable cross-compilation. Existing
patches have been upstream, but a new patch (merged upstream) has to be
added to avoid downloading json-for-modern-cpp during the build.
[1] https://marc.info/?l=buildroot&m=164951521629400
Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This is a dependency of newer sysdig. It contains the driver, and also a
few userspace components. The latter however are not meant to be
installed in the sysroot; instead, the whole thing is meant to be
included directly in the build of the project using it. Changing things
so it does work in the normal way of installing to the sysroot turns out
to be pretty complicated.
Basically, falcosecurity-libs is just a component of sysdig. It's
defined as a separate package only because that's an easier way to
download it than defining extra download and extract commands in sysdig
itself. For this reason, it's defined as a blind option in Config.in.
Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The main goal is to use buildroot host-libbpf instead of pahole libbpf
git submodule (which ends up being the same thing anyway). However, this
creates compilation errors due to the use of deprecated APIs (like
btf__get_nr_types). Bump pahole to a commit that is compatible with
current libbpf:
73383b3a39af ("libbpf: Update libbpf to the latest git HEAD")
Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This reverts commit 8e91385a2c.
This commit is incorrect, as it is perfectly valid for
BR2_TOOLCHAIN_EXTERNAL_PATH to be empty. The help text of
BR2_TOOLCHAIN_EXTERNAL_PATH even documents it as a supported case:
If empty, the compiler will be searched in $PATH.
Commit 392b0a26f5 ("toolchain-external:
default BR2_TOOLCHAIN_EXTERNAL_PATH to empty") even made that the
default saying "In addition, it in fact works correctly when it is
empty. In that case, the toolchain will be searched in PATH."
A user has reported that commit
8945ba4948 (the backport of 8e91385a2c to
the 2022.02.x LTS branch) breaks his use-case:
https://lore.kernel.org/buildroot/CADBnMvhgaozAgZgy3njckjL1i0U6bZ0fLrq-kdFF-qpGhFWgmw@mail.gmail.com/
Reported-by: Kristof Havasi <havasiefr@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: reference 8e91385a2c on master]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Now that recent versions of binutils work with FLAT binaries, we can
drop the old 2.32 version, which was kept only to keep support FLAT
binaries.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thanks to the bump of elf2flt to version 2021.08, the issue with
recent versions of binutils has been fixed, so we can re-enable using
the recent binutils versions.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
It contains several fixes and improvements compared to our current
version, and two of our patches have been accepted upstream. Most
notably, it fixes the issue we had in using elf2flt with recent
versions of binutils (upstream commit
ba379d08bb78c9300e84351c11080c26ddcc36b3).
Patch 0001-ld-elf2flt-behave-properly-when-called-with-a-name-d.patch
is upstream as of commit 1c9b454336eaf38f7d037917a3120fae04193fbe
Patch 0002-elf2flt.c-add-new-relocation-types-for-xtensa.patch is
upstream as of commit d7eb73163bcea31168c438fc132a0967ac172e3d
The other two patches are refreshed to apply properly on 2021.08.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The afboot-stm32 build system was initially linking with gcc, but that
was changed upstream following a Buildroot contribution to use ld
instead.
However, the build system was still passing -nostartfiles, which is a
gcc option. By luck, this option was simply ignored by older versions
of ld (such as binutils 2.32), but newer versions of ld (2.36 and
newer, at least) no longer accept/ignore this option.
This commit adds a patch that drops the use of this option, since it
is useless for ld.
The first patch is slightly updated because the upstream pull request
has been updated to contain both build fixes.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Disable builtin harfbuzz which is enabled by default since bump to
version 2.0.18 in commit f4da031a77 and
834ec54127
resulting in the following build failure without threads:
In file included from external/harfbuzz-2.8.0/src/hb.hh:470,
from external/harfbuzz-2.8.0/src/hb-aat-layout.cc:28:
external/harfbuzz-2.8.0/src/hb-mutex.hh:53:10: fatal error: pthread.h: No such file or directory
53 | #include <pthread.h>
| ^~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/ac8b366558bec61ada84ec15cf27652fde2b63b2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix CVE-2022-1381: global heap buffer overflow in skip_range in GitHub
repository vim/vim prior to 8.2.4763. This vulnerability is capable of
crashing software, Bypass Protection Mechanism, Modify Memory, and
possible remote execution
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop patches that are now upstream.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package now requires the flit setup type.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
I was trying to make the ISC dhcp daemon more secure by using the
-user and -group option to let dhcp server run as non-root user.
Unfortunately these options are not available when building ISC dhcp
server with buildroot.
The reason is, that the configure script must be called with the
option --enable-paranoia to activate these options. But this option
is not set in the dhcp.mk file.
To be backward compatible I added a new option to the dhcp's Config.in
file to enable this feature when desired and parse this option in
dhcp.mk.
Signed-off-by: Andreas Ehmanns <universeiii@gmx.de>
[yann.morin.1998@free.fr: fix check-package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
HPA's tftp server init script does not support include of a
configuration file. So changing daemon parameters would cause
a modification of the init script.
Similar to NFS, dropbear, DHCP, SNMP and other network services
in buildroot, this patch adds an include of /etc/default/tftpd
to the init script. So any user can change the default behaviour
by adding its own configuration file instead of changing the init
script.
Signed-off-by: Andreas Ehmanns <universeiii@gmx.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Moved groups render and sgx from UDEV_USERS to SYSTEMD_USERS as they
currently only appear in systemd's udev rules.
In systemd, group render was introduced since commit 4e15a73, and group
sgx was introduced since commit c9c4899.
In eudev, group render was introduced since commit bb070c1, but was
removed since commit a8ffcd1 [1].
[1]: https://github.com/eudev-project/eudev/issues/160
Signed-off-by: TIAN Yuanhao <tianyuanhao3@163.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Carlos Santos <unixmania@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
On m68k building with optimizations results in failures such as:
/tmp/cckiMnG5.s: Assembler messages:
/tmp/cckiMnG5.s:142572: Error: value -39206 out of range
/tmp/cckiMnG5.s:142629: Error: value -40282 out of range
/tmp/cckiMnG5.s:146408: Error: value -53294 out of range
/tmp/cckiMnG5.s:159014: Error: value -39206 out of range
/tmp/cckiMnG5.s:159071: Error: value -40282 out of range
/tmp/cckiMnG5.s:162850: Error: value -53294 out of range
/tmp/cckiMnG5.s:175456: Error: value -39206 out of range
/tmp/cckiMnG5.s:175513: Error: value -40282 out of range
/tmp/cckiMnG5.s:179292: Error: value -53294 out of range
/tmp/cckiMnG5.s:191898: Error: value -39206 out of range
/tmp/cckiMnG5.s:191955: Error: value -40282 out of range
/tmp/cckiMnG5.s:195734: Error: value -53294 out of range
These only appear when building with -O2, the smaller code generated
with -Os does not cause trouble, so workaround by using that.
Fixes:
http://autobuild.buildroot.net/results/2f222d5a86b4237b81ca31dba89f58b0e6e879db/
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
git added restrictions on config files to fix CVE 2022-24765. libgit2
adopted these changes for compatibility reasons, even if the vuln is
not exploitable in libgit2.
https://github.com/libgit2/libgit2/releases/tag/v1.4.3
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
