Fixes the following security vulnerability:
- CVE-2019-18218: cdf_read_property_info in cdf.c in file through 5.37 does
not restrict the number of CDF_VECTOR elements, which allows a heap-based
buffer overflow (4-byte out-of-bounds write).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We no longer have anything that needs it during the build, so we don't
require it anymore.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Back a few years ago, when we were starting to think about top-level
parallel build, we were not sure how to deal with packages that
installed the same files, so we wanted to catch the situation to assess
how prevalent that was, before we decided what to do and how to address
it.
However, the trend nowadays is that packages will install in a
per-package target/ (and staging/ and host/), and the final directories
will be assembled in a reproducible (alphabetical) order, so if two
packages install the same file, the last one will win (as is currently
the case).
Besides, check-uniq-files reports loads of spurious errors when packages
get reinstalled (e.g. during development).
Finally, check-uniq-files is the only script called during the build,
that is written in python.
So, get rid of check-uniq-files.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 05484f621c ("package/dstat: bump
to 0.7.4 which allows to run on Python3") added:
select BR2_PACKAGE_PYTHON if !BR2_PACKAGE_PYTHON3
Unfortunately, some other packages do it the other way around, which
causes the following Kconfig circular dependency:
package/python/Config.in:5:error: recursive dependency detected!
package/python/Config.in:5: symbol BR2_PACKAGE_PYTHON is selected by BR2_PACKAGE_PYTHON3
package/python3/Config.in:5: symbol BR2_PACKAGE_PYTHON3 is selected by BR2_PACKAGE_PYTHON
Fix that by inverting the python version selection in the dstat
package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Select BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL in order to fix
the following build error:
scripts/Makefile.host:90: recipe for target 'scripts/extract-cert' failed
make[2]: *** [scripts/extract-cert] Error 1
make[2]: *** Waiting for unfinished jobs....
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/332655822
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes https://gitlab.com/buildroot.org/buildroot/-/jobs/332656041
The recent bump of a number of python packages broke docker-compose, as
docker-compose specifies both minimum and maximum versions for (most of) its
dependencies:
Dependencies of docker-compse 1.20.1 (! = unmet):
cached-property: < 2 (currently 1.51)
docopt: < 0.7 (currently 0.6.2)
! pyyaml: < 4.0, patched to < 4.3 (currently 5.1.2)
requests: < 2.19, patched to < 3 (currently 2.22.0)
! texttable: < 0.10 (currently 1.6.2)
websocket-client: < 1.0 (currently 0.56.0)
! docker: < 4.0 (currently 4.1.0)
dockerpty: < 0.5 (currently 0.4.1)
six: < 2 (currently 1.12.0)
jsonschema: < 3 (currently 2.5.1)
enum34: < 2 (currently 1.1.6)
backports.ssl-match-hostname: >= 3.5 (currently 3.7.0.1)
ipaddress: >= 1.0.16 (currently 1.0.23)
To fix this, bump docker-compose to the most recent release (1.24.1). This
is unfortunately not enough, as our docker, pyyaml, requests and texttable
packages are too new, so add 3 patches from upstream to relax the version
checks of dependencies. Notice that patch 0003 is from
https://github.com/docker/compose/pull/6623 and has not been merged yet.
Discussions around the problem of these maximum versions of the dependencies
and the fact that all downstream users have to patch it is ongoing here:
https://github.com/docker/compose/issues/6756
docker-compose 1.24.1 added a requirement for ssh support in python-docker in:
7b82b2e8c7
So add a dependency for python-paramiko and update the toolchain dependency
for C++ (from python-paramiko -> python-cryptography) and adjust the
toolchain configuration of the runtime test to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Or else it becomes a dangling link to
/run/systemd/resolve/resolv.conf, which is never created. Even worst,
it also prevents NetworkManager from updating resolv.conf.
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=9881
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch adds a case in the library pattern logic to prefer static
libraries when the Meson Core option for "default_library" is set to
solely static.
The existing library search order makes sense for cases of shared and
shared / static mixed. However if using a prebuilt cross-toolchain,
they usually provide both a static and shared version of sysroot
libraries. This presents a problem in a complete static build where
there won't be shared libraries at runtime and during build time there
are failures like "ld: attempted static link of dynamic object".
Bug:
https://github.com/mesonbuild/meson/issues/6108
Fixes:
http://autobuild.buildroot.net/results/db1740b4777f436324218c52bc7b08e5c21b667d/http://autobuild.buildroot.net/results/c17/c17bbb12d9deadd64a441b36e324cfbbe8aba5be/
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Supervisor introduced support for Python3 starting with version 4.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This updates Linux kernel from 5.0 to 5.3.4 and U-Boot from 2019.01 to
2019.10.
Signed-off-by: Louis Aussedat <aussedat.louis@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes version parsing for release-monitoring.org support.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Build ID is added to binaries at link time. Building in different
output directories causes some packages to have different Build IDs,
thus resulting in non-reproducibility.
Adding "-Wl,--build-id=none" fixes this issue by disabling setting of
Build ID.
Diffoscope output for Build ID issue:
https://gitlab.com/snippets/1886180/raw
After this patch, build is reproducible - i.e. diffoscope does not
produce any output.
Signed-off-by: Atharva Lele <itsatharva@gmail.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Added config option for new systemd-pstore feature.
Removed patches that have been committed upstream.
Added symlinks required to enable some services.
After extensive discussion with upstream it does not seem there is any
acceptable option to have symlink installation handled on their side.
The recommended solution from upstream is to have systemctl handle
service installation, however this has a number of downsides such as
requiring us to build a host-systemd just to install a few symlinks.
Since we already customize service installation it is simpler for us
to create the symlinks ourselves, this will also simplify service
customization on our side as we will not need to disable any systemd
default services in cases where we need to make customizations.
In addition using systemctl would introduce a minimum host headers
dependency in which we don't have the infrastructure to handle
properly.
The downside to this approach is that we need to track service creation
changes from upstream ourselves, however this is relatively straightforward
and since upstream service file locations are relatively stable regressions
should be limited. This will mostly be a concern in regards to adding
support for new systemd features.
Details:
https://github.com/systemd/systemd/issues/12767https://github.com/systemd/systemd/pull/12164https://github.com/systemd/systemd/pull/12769https://github.com/systemd/systemd/pull/12775
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Tested-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove 0002-Makefile-Add-EXTRA_CFLAGS-variable.patch which is now
applied upstream
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The generated loop.c provided with the tarball was generated with
Cython 0.29.10 and it doesn't compile against the new Python 3.8
headers. Upstream is now working on a new uvloop release which will
use the newest Cython (0.29.13). Until then, we will remove the
current loop.c and force regenration of it.
Fixes:
- http://autobuild.buildroot.net/results/bffe1b2ee7b674f870e15398680ce5b5b22fd296
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
An upstream patch to enable building without setuptools is added.
The original commit is adjusted slightly to fit the current version.
Fixes:
- http://autobuild.buildroot.net/results/8f3c01f0e286c6b15c8c973f91dd69ee816a58b9
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Removed patch which was applied upstream:
cbeda6a9c5
We still need autoreconf however due to using source code retrieved by
the github helper.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Updated link to package homepage since old link is just a redirect now.
Added sha1 and md5 hashes provided by upstream.
Removed -no-pie workaround after upstream added a check in configure,
quoting ChangeLog:
- Added configure script autodetection for x86/amd64 -fno-pie compile
and -no-pie linker flags. These are needed when compiler/linker
produces position independent executable (PIE) by default.
Build-tested host-aespipe on Debian Buster 10.1 using
"gcc version 8.3.0 (Debian 8.3.0-6)"
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Added hashes for tarball and license file.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Rebased patch due to upstream commit
36037bdaf0
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This release includes:
- enable VERITY by default on Android
- introduce some preen mode in fsck.f2fs
- add f2fs_io tool
- add casefolding support
And, there are lots of bug fixes.
Signed-off-by: Grzegorz Blach <grzegorz@blach.pl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Only rs9113_wlan_qspi.rps firmware was present on generated image.
Signed-off-by: Adrien Ricciardi <adrien.ricciardi@hotmail.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
tbl2hex is a host command line that is built with:
$(CC_FOR_BUILD) $(LDFLAGS_FOR_BUILD) -o $@ $(TBL2HEX_OBJECTS) $(EXPAT_LIBS_FOR_BUILD) $(LDLIBS_FOR_BUILD)
It needs cldr.o which can depends on expat and is built through:
%.$B: $(SRC_DIR)/%.c
$(CC_FOR_BUILD) -DFOR_BUILD $(CFLAGS_FOR_BUILD) -o $@ -c $<
When cross-compiling, build fails because expat is not found on host:
gcc -DFOR_BUILD -I. -I. -I./../Programs -I../Programs -I../Headers -I./.. -I.. -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=2 -D_BSD_SOURCE -D_XOPEN_SOURCE=500 -D_XOPEN_SOURCE_EXTENDED -D_GNU_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=2 -D_BSD_SOURCE -D_XOPEN_SOURCE=500 -D_XOPEN_SOURCE_EXTENDED -D_GNU_SOURCE -DHAVE_CONFIG_H -g -O2 -std=gnu99 -Wall -Werror=format-security -o cldr.build.o -c cldr.c
cldr.c:31:10: fatal error: expat.h: No such file or directory
#include <expat.h>
^~~~~~~~~
To fix this issue, add host-expat dependency as well as patch so that
the *_FOR_BUILD variables are properly passed to the sub-configure
script that brltty runs to build the host utilities.
Fixes:
- http://autobuild.buildroot.org/results/362cfb57e4a91a066493269d8078d931529ddf69
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Thomas: use a different, simpler solution.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Following the switch to Python 3.8, the libselinux Python extension
started to fail building. This is fixed by upstream commit
2efa06857575e4118e91ca250b6b92da68b130d5, which we backport as
0003-libselinux-Use-Python-distutils-to-install-SELinux-p.patch.
This patch has the nice merit of switching to using distutils to build
the Python extension of libselinux, instead of some custom logic. This
allows to significantly simplify our libselinux.mk: we can rely on
PKG_PYTHON_DISTUTILS_ENV and HOST_PKG_PYTHON_DISTUTILS_ENV instead of
lots of custom variables.
However, upstream commit 2efa06857575e4118e91ca250b6b92da68b130d5 had
its own issues:
* Hardcode of -I $(DESTDIR)/$(INCLUDEDIR) -L $(DESTDIR)/$(LIBDIR) at
build time, while DESTDIR is normally empty at build time, causing
bogus -I /usr/include -L /usr/lib to be used
This is fixed in
0004-src-Makefile-don-t-pass-bogus-I-and-L-to-python-setu.patch
* New usage of ln --relative, which is not supported in older
distributions.
This is fixed in
0005-Remove-ln-relative-usage-in-install-pywrap.patch
* Usage of the host Python "imp" module to query the extension used
for native Python module, but that returns an incorrect result when
cross-compiling. We chose to simplify the code to not have to query
for this information.
This is fixed in
0006-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
With this patch, the libselinux Python module was built-tested with
Python 2 and Python 3, and run-time tested as well in both
configurations, for both the target and host variants of libselinux.
Fixes:
http://autobuild.buildroot.net/results/aeb58de7ad674b980258e6ed30c7da3949a04452/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove 0004-meson-Link-xvmc-with-libxv.patch witch was backported to mesa3d
19.2. This patch was added to Buildroot at the time when mesa3d version 19.1
was used.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There are some scripts used when building micropython that require
python3 on the build host. Use BR2_PYTHON3_HOST_DEPENDENCY so this can
be either be satisfied by installing it on the build host or by building
the host-python3 package.
Fixes:
- http://autobuild.buildroot.net/results/b85b2214576030026a8e04d142a77a2648379417/
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Set WANT_SWIG={ON,OFF} to {en,dis}able swig and avoid a random build
failures probably due to parallel build issue when extracting
pre-generated tarball:
CMake Error: Problem with archive_write_header(): Can't unlink already-existing object
CMake Error: Current file: swigpyrun.h
CMake Error: Problem extracting tar: /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output/build/znc-1.7.5/modules/modpython/generated.tar.gz
This tarball contains pre-generated files, and is not used when
host-swig is available.
Fixes:
- http://autobuild.buildroot.org/results/f3394de616cea4f474b6d5887aa0d5f5dff05281
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>