A severe bug has been found in Libksba , the library used by GnuPG for parsing
the ASN.1 structures as used by S/MIME. The bug affects all versions of Libksba
before 1.6.2 and may be used for remote code execution.
Fix CVE-2022-3515
Signed-off-by: Michael Fischer <mf@go-sys.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Rename configure options to avoid the following build failure raised
since bump to version 3.2.5 in commit
ae2807821d:
./simd-checksum-x86_64.cpp: In function 'uint32_t get_checksum1_cpp(char*, int32_t)':
./simd-checksum-x86_64.cpp:89:52: error: multiversioning needs 'ifunc' which is not supported on this target
89 | __attribute__ ((target("default"))) MVSTATIC int32 get_checksum1_avx2_64(schar* buf, int32 len, int32 i, uint32* ps1, uint32* ps2) { return i; }
| ^~~~~~~~~~~~~~~~~~~~~
./simd-checksum-x86_64.cpp:480:1: error: use of multiversioned function without a default
480 | }
| ^
If you can't fix the issue, re-run ./configure with --disable-roll-simd.
Fixes:
- http://autobuild.buildroot.org/results/069da8e585da2e51bfd4f475cc12b9a134954b08
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d036dc6ec8)
[Peter: drop Makefile/Vagrantfile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 25680e6aa8)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a header only library which is required by the latest version
of zxing-cpp.
Include paths and pc file are based off of debian libstb package.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Current python-automat version 20.2.0 no longer work with Python 3.11
updated in commit 738500c296.
Running package runtime test with command:
support/testing/run-tests \
-d dl \
-o output_folder \
tests.package.test_python_automat.TestPythonPy3Automat
Fails with output:
Traceback (most recent call last):
File "/root/sample_python_automat.py", line 27, in <module>
led.turn_on()
^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/automat/_methodical.py", line 232, in __get__
File "/usr/lib/python3.11/site-packages/automat/_introspection.py", line 43, in decorator
File "/usr/lib/python3.11/site-packages/automat/_introspection.py", line 35, in copyfunction
File "/usr/lib/python3.11/site-packages/automat/_introspection.py", line 23, in copycode
TypeError: code() argument 13 must be str, not int
This commit fixes this issue by updating the package to the latest
version.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Replaced patches with upstream patch which fixes both problems.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add support for new optional bluez5-backend-native-mm and readline
config options.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- remove all no more required patches
- backport 2 patches to fix failures induces by missing headers
- add dependency to SPDLOG
- add pybind dependency where python is set
Note:
- Since gnuradio 3.10 swig was replaced by pybind. Now python libraries,
bindings and python wrappers are produces using pybind: this
why python-pybind is a buildtime dependency. As mentionned in [1], this one
is a stagging only package: headers must be into staging directory, so it
can't be host and at the same time since this package provides only headers
and .cmake files nothing has to be installed into the target directory. A
select is required because it's not an host package and
GNURADIO_DEPENDENCIES is updated with python-pybind to have pybind present
before gnuradio's build.
- host-python-numpy is now required since some cpp bindings uses numpy's
functions directly. python-numpy (target package) is left required because
python blocks and wrappers needs this library at runtime.
[1] http://lists.busybox.net/pipermail/buildroot/2022-October/653030.html
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libsndfile is only needed by the sbctester utility and the library can
be built without this dependency.
Add a config option to cover not just sbctester but the command-line
utilities as well. While the utilities may be useful for debugging,
normal usage will only need libsbc and these applications can be
omitted.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is the latest point release in the stable 2.13 branch (currently
the latest stable branch available).
Cc: Clément Léger <clement.leger@bootlin.com>
Reported-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The build of lttng-modules will fail if the kernel does not have
CONFIG_TRACEPOINTS enabled. However, CONFIG_TRACEPOINTS is a
prompt-less option, and the most generic option that does enable
CONFIG_TRACEPOINTS is CONFIG_FTRACE.
In addition, CONFIG_FTRACE will also enable CONFIG_STACKTRACE, which
is needed on CPU architectures that don't provide the STACKWALK
mechanism in the kernel, as is the case on ARM 32-bit for example.
Therefore, let's enable CONFIG_FTRACE when building lttng-modules.
Cc: Clément Léger <clement.leger@bootlin.com>
Reported-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch fixes the kv260.sh to generate a working u-boot.itb
now that the CONFIG_MULTI_DTB_FIT u-boot option is no longer used.
This is a follow-up fix of
515319b86f ("board/zynqmp/kria/kv260/uboot.fragment:
remove unnecessary CONFIG_MULTI_DTB_FIT option") to fix the build of:
https://gitlab.com/buildroot.org/buildroot/-/jobs/3310463281
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libvncclient v0.9.13 was discovered to contain a memory leak via the
function rfbClientCleanup().
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is stable bugfix release of libmdbx, in Family Glory and
in memory of Boris Yuriev (the inventor of Helicopter and
Swashplate in 1911) on his 133rd birthday.
It is reasonable to backport this patch to all applicable releases/branches of Buildroot.
Release notes for v0.11.13
--------------------------
Fixes:
- Fixed builds with older libc versions after using `fcntl64()` (backport).
- Fixed builds with older `stdatomic.h` versions,
where the `ATOMIC_*_LOCK_FREE` macros mistakenly redefined using functions (backport).
- Added workaround for `mremap()` defect to avoid assertion failure (backport).
- Workaround for `encryptfs` bug(s) in the `copy_file_range` implementation (backport).
- Fixed unexpected `MDBX_BUSY` from `mdbx_env_set_option()`, `mdbx_env_set_syncbytes()`
and `mdbx_env_set_syncperiod()` (backport).
- CMake requirements lowered to version 3.0.2 (backport).
- Added admonition of insecure for RISC-V (backport).
Minors:
- Minor clarification output of `--help` for `mdbx_test` (backport).
- Added admonition of insecure for RISC-V (backport).
- Stochastic scripts and CMake files synchronized with the `devel` branch.
- Use `--dont-check-ram-size` for small-tests make-targets (backport).
The complete ChangeLog: https://gitflic.ru/project/erthink/libmdbx/blob?file=ChangeLog.md
Signed-off-by: Леонид Юрьев (Leonid Yuriev) <leo@yuriev.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support mounting in /media instead of /run/media for compatibility
with the Filesystem Hierarchy Standard (FHS). This is also required
for backward compatibility with udisks1.
Signed-off-by: Wolfgang Grandegger <wg@grandegger.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Refresh patch
- Drop -lz from Makefile with libressl as this is the only solution for
now: https://github.com/radiator-software/p5-net-ssleay/issues/399
- License has been clarified to be Artistic-2.0 since version 1.86.11:
aa4a0206d6
- This bump will fix the following build failure with libressl:
In file included from /home/autobuild/autobuild/instance-11/output-1/host/armeb-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/perl5/5.34.1/armeb-linux/CORE/perl.h:5748,
from SSLeay.xs:141:
SSLeay.xs: In function 'XS_Net__SSLeay_SESSION_get_master_key':
SSLeay.xs:5569:37: error: invalid use of incomplete typedef 'SSL_SESSION' {aka 'struct ssl_session_st'}
5569 | sv_setpvn(ST(0), (const char*)s->master_key, s->master_key_length);
| ^~
https://metacpan.org/release/CHRISN/Net-SSLeay-1.93_01/changes
Fixes:
- http://autobuild.buildroot.org/results/71337cc496727f2b1173c055d706c5bfc2f5d2bc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove inaccurate comment that claims twisted and treq version/site
variables are shared. They are not shared and the packages aren't
always updated at the same time.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When BR2_XTENSA_CUSTOM=y is used with the internal toolchain, an
overlay file is mandatory, which genrandconfig can't provide. So we
simply disallow such configurations.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 4cbf733691 ("arch/xtensa: custom
configuration requires an overlay") added a check in
arch/arch.mk.xtensa to bail out if a custom Xtensa core is selected
but not overlay file is provided. While this is indeed a perfectly
valid check to make when building an internal toolchain, with an
external toolchain it's entirely possible to build with no overlay
file: the toolchain already exists, and there's no overlay to be
applied in the context of the Buildroot build.
And indeed commit 4cbf733691 broke some
of the runtime test cases that use a custom Xtensa core configuration,
with no overlay, to test the toolchains.bootlin.com Xtensa external
toolchain. By relaxing the check to only apply to internal toolchain
configurations, we fix those test cases.
It is to be noted that this still allows a configuration where gdb gets
built for a custom core, but with no overlay, so basically that means
the fsf variant, which can lead to build or run failures that
4cbf733691 attempted to fix to begin with. This still covers the
most common cases.
Finally, it also means being able to build a kernel with no overlay, but
this is offset by the fact that the kernel may be already patched with
an overlay (as it is possible to specify a custom kernel), which is most
probably what people using a custom core would have.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/3282261966https://gitlab.com/buildroot.org/buildroot/-/jobs/3282261963
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: extend commit log with last two paragraphs]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2022-40284: A buffer overflow was discovered in NTFS-3G before
2022.10.3. Crafted metadata in an NTFS image can cause code execution. A
local attacker can exploit this if the ntfs-3g binary is setuid root. A
physically proximate attacker can exploit this if NTFS-3G software is
configured to execute upon attachment of an external storage device.
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-v4w8-jv3w-7prmhttps://github.com/tuxera/ntfs-3g/releases/tag/2022.10.3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
dracut is not really ready to be installed with a non-/ prefix, and it
has a lot of hard-coded assumptions that it is going to run on the host
for which it is goign to generate an initramfs; for example, it
hard-codes calls to /lib/dracut/some-file in some of its modules. It
also uses the host system layout to decide whether it needs a
merged-usr or not.
Furthermore, dracut populates the temporary directory which content will
be used to generate the cpio, with a bunch of files, even before calling
any of the dracut modules.
The name for that temporary directory is not predictable (looks like the
output of 'mktemp -d dracut.XXXXXX', with names like dracut.1Vfn9F seen
while debugging).
As a consequence, we can't prepare the temporary directory with the
proper symlinks beforehand.
So, we provide a very-early module of our own, that will (hopefully) run
before any other module, to fixup the messed-up layout prepared by
dracut. This module moves the content of /lib, /bin, and /sbin, out and
into their counterparts in /usr, and creates the usual symlinks.
When we do not require a merged-usr, then we have nothing to do, so the
module checks for /lib being a symlink, as the hint that we want a
merged-usr or not.
Note: currently, we've seen nothing that dracut installed in /bin or
/sbin, but for trying to be future-proof, we also handle them; this
causes a spurious warning:
mv: cannot stat '..../build/buildroot-fs/cpio/tmp/dracut.YQnzNP/initramfs/bin/*': No such file or directory
Since there are already quite a bunch of similar failures in the
official modules bundled in dracut, an extra such issue or two should
not be too scary...
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/3282261241https://gitlab.com/buildroot.org/buildroot/-/jobs/3282261239https://gitlab.com/buildroot.org/buildroot/-/jobs/3282261236
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thierry Bultel <thierry.bultel@linatsea.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
systemd does not build with -Ofast (at least with gcc-12), leading to
build errors like:
../src/shared/condition.c: In function ‘condition_dump_list’:
../src/shared/condition.c:1227:33: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
1227 | "%s\t%s: %s%s%s %s\n",
| ^~
cc1: some warnings being treated as errors
It is not really clear what the reason is, but it smells like a compiler
error.
Indeed, the failing format is passed to an fprintf, and the parameter
corresponding to the failing %s directive is a call to a function
which prototype is defined but the implementation only comes later in
the same compilation unit, but is the result of macro expansion, which
yields a function definition like:
const char foo_to_string(foo_type i) {
if (i < 0 || i >= (foo_type) ELEMENTSOF(foo_table))
return NULL;
return foo_table[i]
}
(where ELEMENTSOF(x) is a macros arounf sizeof(x) to determine the
number of elements in the array foo_table).
However, in the failing case, foo_table is a static const array indexed
with constants from an enum, and foo_to_string() is only ever called
with variables that are only ever set to one of those enum values.
Since -Ofast is also explicitly documented as breaking otehrwise
conformant programs, we're not going to debug further the reason for the
build failure.
Instead, just revert to the best alternate optimisation level. We chose
-O3, as -Ofast is based on -O3 with breaking optimisation flags.
With -O3, the build succeeds.
Fixes:
http://autobuild.buildroot.org/results/3ffaa9b3ecacc6ac326be78196af1ad613f195ed/ (sparc64)
http://autobuild.buildroot.org/results/3f6ae2e503dd1539e4240f344865da4881879204/ (arm)
http://autobuild.buildroot.org/results/68c17056490d441c7f862349e9c7e471b4570162/ (ppc64)
...
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Norbert Lange <nolange79@gmail.com>
Cc: Sen Hastings <sen@phobosdpl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
matchbox-startup-monitor is an ageing package, and uses an old
configure.ac with archaic constructs. This had generated a configure
script that incorrectly tries to look for and validate a C++ compiler:
checking for powerpc64le-buildroot-linux-gnu-g++... no
checking whether we are using the GNU C++ compiler... no
checking whether no accepts -g... no
checking dependency style of no... none
checking how to run the C++ preprocessor... /lib/cpp
configure: error: C++ preprocessor "/lib/cpp" fails sanity check
Calling autoreconf fixes the issue, as the generated configure no longer
tries to look for a C++ compiler at all anymore. Running autoreconf does
not add any new dependency, as they are already in the dependency chain
via other packages.
Fixes:
http://autobuild.buildroot.org/results/223/223f43dd76ee907c5f25c4fee94a0f5d75614dd5/
See also similar changes:
9993a36f5e package/pamtester: fix build without C++
c05cc5de86 package/madplay: needs autoreconf
eae18d01ab libmad: needs autoreconf
43274dd3e0 package/libid3tag: needs autoreconf
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch removes the CONFIG_MULTI_DTB_FIT u-boot option for the
zynqmp_kria_kv260_defconfig as it is not necessary. The post build
kv260.sh creates the proper u-boot.itb without needing this option.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/3310463281
Signed-off-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
ATF version 2.2 and older does not disable SSP when
ENABLE_STACK_PROTECTOR is not set. This is because the compiler enables
SSP by default, and ATF does not pass -fno-stack-protector to the
compiler. Upstream commit 7af195e29a42 ("Disable stack protection
explicitly") fixed the issue for v2.3 and newer.
Add -fno-stack-protector in CFLAGS when
BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP is not set to fix older ATF
versions.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/3301821171
Cc: Dick Olsson <hi@senzilla.io>
Cc: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure raised since the addition of the package
in commit 8fdf8731e7:
mdio.c: In function 'mdio_modprobe':
mdio.c:738:15: error: implicit declaration of function 'fork' [-Werror=implicit-function-declaration]
738 | pid = fork();
| ^~~~
Fixes:
- http://autobuild.buildroot.org/results/c53aaeaa34dd4d6d9a57da196687beecaeed9fe2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since upstream commit
07f3b487f9
(which first appeared in version 7.1.0-47), ImageMagick forces the
need of a C++ compiler to build its utilities. Despite the request of
Bernd Kuhls to revert this change, upstream declined.
Since this change is causing build failures in our autobuilders, our
only choice is to follow the choice of upstream, and disable building
the utilities when C++ support is not available.
Fixes:
http://autobuild.buildroot.net/results/4283235d697408cf2e70be5e3769dbe6ebb9ddae/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
sudo's configure script looks up on the host to determine the path where
to install its systemd tmpfiles. That is incorrect in cross-compilation.
We can explicitly tell sudo where to install its tmpfiles, which we do
when systemd is enabled (in Buildroot, systemd-tmpfiles is always
enabled when systemd is), or we can tell it not to install tmpfiles at
all, which we do otherwise.
Signed-off-by: Nuno Gonçalves <nunog@fr24.com>
[yann.morin.1998@free.fr: reword and extend commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
sudo's configure script looks up on the host to determine the path to
the timezone data location. That fails in cross-compilation.
This is used to sanitise the TZ envirnment variable at runtime, and is
not used at buildtime (except to be stored as a string in the program).
We can tell sudo where the tz data will be, which we do when the tzdata
package is enabled, and we can tell it not to use it at all (to not pass
TZ down to sudo-ed executions) othwerwise.
Signed-off-by: Nuno Gonçalves <nunog@fr24.com>
[yann.morin.1998@free.fr: rewrite and extend commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 223516b51e (configs/kontron_bl_imx8mm: U-Boot needs util-linux)
added the needed dependency against host-util-linux, but missed an
earlier comment about u-boot still failing [0]
The U-Boot makefile for the host tools does not handle the
compiler/linker options properly. There are some patches [1][2] that fixes
that issue already applied in the newer U-Boot version 2022.10. So we have to
bump U-Boot to fix an autobuilder failure.
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/3267233833
[0] https://lore.kernel.org/buildroot/CAEyMn7Y3UgT-8dYY5rbnzcPfbGmqRVXG=joWx1fSSCC=WiFzbg@mail.gmail.com/
[1] U-Boot: a638bd349ea43825 (kbuild: add KBUILD_HOSTLDFLAGS to cmd_host-csingle)
[2] U-Boot: 31a7688cbe0ed5ed (tools: mkeficapsule: use pkg-config to get -luuid and -lgnutls)
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
[yann.morin.1998@free.fr:
- update commit log with reference to [0]
- slightly tweak commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Backport upstream patch to fix build with musl libc.
This patch is only a requirement since efivar 38 and was applied
upstream shortly after the 38 version tag.
Fixes:
http://autobuild.buildroot.net/results/c49d894b109d68e2624074eab8b939fefa3b42ef/
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure raised since bump to version 0.9.4 in
commit 5cae1a0d67:
In file included from iw_if.h:26:0,
from conf.c:19:
/home/buildroot/autobuild/instance-1/output-1/host/mips-buildroot-linux-gnu/sysroot/usr/include/linux/if.h:71:2: error: redeclaration of enumerator 'IFF_UP'
IFF_UP = 1<<0, /* sysfs */
^
/home/buildroot/autobuild/instance-1/output-1/host/mips-buildroot-linux-gnu/sysroot/usr/include/net/if.h:44:5: note: previous definition of 'IFF_UP' was here
IFF_UP = 0x1, /* Interface is up. */
^
Fixes:
- http://autobuild.buildroot.org/results/cbdf3e0cf0bee8f1b076581768c24155afc320d9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
