gcc 10.x is now used by default but the kernel 4.19 used by
test_docker_compose doesn't build with it.
Bump the kernel to 4.19.204 release that contains a lot of
fixes for newer gcc.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5d60e07e27)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gcc bug 99140 has been fixed on gcc 8.x but reappeared on gcc 9.x while
it's been fixed on gcc 10.x+. So let's update
BR2_TOOLCHAIN_HAS_GCC_BUG_99140 accordingly.
Fixes:
http://autobuild.buildroot.net/results/c55/c55f50a8d657695f0d5492c32efa666254cd7f99/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fe4e06d317)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This package has -fPIC gcc option set by default but we can't use it on
m68k_cf since it doesn't support it throwing a gcc build failure. So let's
disable it by passing -fno-PIC.
Fixes:
http://autobuild.buildroot.net/results/b92980a563fe7ee331e70f288ce041be0bf29d40/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 2a48a6ee9d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure on riscv32:
../src/util/futex.h: In function 'sys_futex':
../src/util/futex.h:39:19: error: 'SYS_futex' undeclared (first use in this function); did you mean 'sys_futex'?
39 | return syscall(SYS_futex, addr1, op, val1, timeout, addr2, val3);
| ^~~~~~~~~
| sys_futex
Fixes:
- http://autobuild.buildroot.org/results/692700a5f967760a0b8cd358b1712f1d5a7b681e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 3298e67ac6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build with kmsdrm is broken since bump to version 2.0.14 in commit
5e0da5c40d. Indeed, first patch was
already applied in this version:
9354aea198
but upstream made other changes that requires EGL so add an upstream
patch to fix the build failure
Moreover, run autogen.sh instead of autoreconf as it breaks the build
and is not recommended by upstream:
https://github.com/libsdl-org/SDL/pull/4214
Fixes:
- http://autobuild.buildroot.org/results/355c7e5092e7641d8b04ecb550e2671d70720bd2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Arnout: add dependency on host-autoconf]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 9aae755440)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
kmsdrm needs GBM (and so mesa3d) since its addition in version 2.0.6:
56363ebf61
If libgbm is not found, kmsdrm will be silently disabled
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5bb4e281c0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As reported by Toolchain-builder project [1], the microblaze glibc
toolchain creates a system that doesn't boot when FORTIFY_SOURCE is
enabled: the init process hangs.
Also, hardening features may not be wanted or possible for such
slow soft-core cpus [2].
Note: for completeness, BR2_RELRO_PARTIAL was manually tested and it
does boot.
[1] https://gitlab.com/bootlin/toolchains-builder/-/jobs/1467624500
[2] http://lists.busybox.net/pipermail/buildroot/2021-June/312416.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 2e94aeed1a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
GNU cpio through 2.13 allows attackers to execute arbitrary code via a
crafted pattern file, because of a dstring.c ds_fgetstr integer overflow
that triggers an out-of-bounds heap write. NOTE: it is unclear whether
there are common cases where the pattern file, associated with the -E
option, is untrusted data.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 89857df2d1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch bumps Linux CIP RT to version 4.19.198-cip54-rt21
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 835ea5b94c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch bumps Linux CIP to version 4.19.198-cip54.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 595209da93)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Michael Fischer <mf@go-sys.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2ee1063136)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit 46b8fb7500 indeed if
libressl is selected as the openssl provider, the BR2_PACKAGE_OPENSSL
conditition will always be used and the BR2_PACKAGE_LIBRESSL condition
will never be triggered. Moreover, libressl provides a pkg-config file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit da4d8fc407)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-39240: An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3
before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme
and path portions of a URI have the expected characters. For example, the
authority field (as observed on a target HTTP/2 server) might differ from
what the routing rules were intended to achieve.
- CVE-2021-39241: An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2
before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method
name may contain a space followed by the name of a protected resource. It
is possible that a server would interpret this as a request for that
protected resource, such as in the "GET /admin? HTTP/1.1 /static/images
HTTP/1.1" example.
- CVE-2021-39242: An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3
before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an
attacker-controlled HTTP Host header, because a mismatch between Host and
authority is mishandled.
For more details, see the advisory:
https://www.mail-archive.com/haproxy@formilux.org/msg41041.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since I've dealt and deal with toolchain bugs and their work-around
very often add myself to toolchain topic(toolchain/) as well as
package/binutils and package/gcc.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8d0fcab128)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The language detection is falling back to the host system
Fortran compiler. An example of this is in RHEL7.9
(gcc4.8.5 20150623 (Red Hat 4.8.5-44)).
This patch bypasses detection and points to the location
where the compiler would be installed (if present). In the
cases where it doesn't exist, the detection falls through
and leaves Fortran disabled.
Fixes:
http://autobuild.buildroot.net/results/8354da225d1e5e337aa7ea62a7e6524fb5f1135f/
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9f59154245)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The user shouldn't see the comment on the python2 menu.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit bf0b9048f2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The user shouldn't view the comment on the python2 menu.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6a932714d3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add TARGET_NLS_DEPENDENCIES and host-gettext dependency to avoid the
following build failure in a per-package-directorie build with
host-cairo raised because fontconfig installs its ITS files in the wrong
directory (i.e. outside of gettext-tiny symlink):
mkdir -p /tmp/instance-0/output-1/per-package/host-cairo/host
rsync -a --link-dest=/tmp/instance-0/output-1/per-package/host-fontconfig/host/ /tmp/instance-0/output-1/per-package/host-fontconfig/host/ /tmp/instance-0/output-1/per-package/host-cairo/host
rsync -a --link-dest=/tmp/instance-0/output-1/per-package/host-freetype/host/ /tmp/instance-0/output-1/per-package/host-freetype/host/ /tmp/instance-0/output-1/per-package/host-cairo/host
rsync -a --link-dest=/tmp/instance-0/output-1/per-package/host-libglib2/host/ /tmp/instance-0/output-1/per-package/host-libglib2/host/ /tmp/instance-0/output-1/per-package/host-cairo/host
cannot delete non-empty directory: share/gettext
could not make way for new symlink: share/gettext
This only happens with per-package directories because then the rsync is
done. Otherwise the fontconfig installation will simply follow the
symlink.
The error of course exists for target as well, but doesn't occur in
autobuilders since it already fails for host.
Fixes:
- http://autobuild.buildroot.org/results/00e29958cecfffa4e994ab549637117dd8f55c30
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 93351fa0b3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build fails because of the following circular dependency:
fontconfig -> util-linux -> udev -> systemd -> polkit ->
gobject-introspection -> cairo -> fontconfig
which results in the following build failure:
checking for UUID... no
checking where uuid functions comes from... configure: error:
*** uuid is required. install util-linux.
To break it, apply the same ugly workaround that was applied for
libglib2 and cryptsetup until a better solution is found:
https://patchwork.ozlabs.org/project/buildroot/patch/20201101150619.1709959-1-fontaine.fabrice@gmail.com/
Fixes:
- http://autobuild.buildroot.org/results/2c6ef073e7e98e13daa409e1ea6130e9abd32c87
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit eb05822259)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit f79a420825 (package/busybox/udhcpc.script: support RFC3442
static routes) used 'set --' clobbering the positional arguments, causing
the action argument to not be correctly forwarded to hook scripts for the
renew / bound cases if static routes are provided by the server.
As a workaround, save the action argument at the beginning of the script and
use that when calling hook scripts.
Reported-by: 王琦 <wangwangqi2011@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 94c41eef61)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update LIBARGTABLE2_VERSION to reflect what is used by
https://release-monitoring.org
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5a3d1f34bc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update IOZONE_VERSION to reflect what is used by
https://release-monitoring.org
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1e75050bbb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3.34.1 is the version used by https://release-monitoring.org as well as
NVD NIST database so add SQLITE_TAR_VERSION and drop
SQLITE_CPE_ID_VERSION
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3943b6f003)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The release contains a bugfix to fix the make install of the python
module after build changes introduced in this release RC1.
This release contains a number of bug fixes. There is a crash fix for
broken internal structures in stream reuse, that is used when many TCP
or TLS upstream connections are made. Also a number of features are added.
https://github.com/NLnetLabs/unbound/releases/tag/release-1.13.2
Signed-off-by: Kyle Harding <kyle@balena.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aaad2ab8e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sven has privately asked to no longer receive notifications related to
this package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 829ecf7d79)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD)
through 2.3.2 allows remote attackers to cause a denial of service
(out-of-bounds read) via a crafted TGA file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0eebfba388)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
textview_uri_security_check in textview.c in Claws Mail before 3.18.0,
and Sylpheed through 3.7.0, does not have sufficient link checks before
accepting a click.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 634dcbd50d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This affects the package jszip before 3.7.0. Crafting a new zip file
with filenames set to Object prototype values (e.g __proto__, toString,
etc) results in a returned object with a modified prototype instance.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 921830e92d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failures on arc and riscv32:
latency.c: In function 'display':
latency.c:326:21: error: format '%ld' expects argument of type 'long int', but argument 2 has type 'time_t' {aka 'long long int'} [-Werror=format=]
326 | ("RTT| %.2ld:%.2ld:%.2ld (%s, %Ld us period, "
| ~~~~^
| |
| long int
| %.2lld
327 | "priority %d)\n", dt / 3600,
| ~~~~~~~~~
| |
| time_t {aka long long int}
altency.c: In function ‘display’:
altency.c:262:21: error: format ‘%ld’ expects argument of type ‘long int’, but argument 2 has type ‘time_t’ {aka ‘long long int’} [-Werror=format=]
262 | ("RTT| %.2ld:%.2ld:%.2ld (%s, %Ld us period, "
| ~~~~^
| |
| long int
| %.2lld
263 | "priority %d)\n", dt / 3600,
| ~~~~~~~~~
| |
| time_t {aka long long int}
Fixes:
- http://autobuild.buildroot.org/results/448efe22e8fe058a1b354a3c124874e30b9ce138
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 74196b7d05)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure on musl raised since the addition of the
package in commit eb91fa730c:
/tmp/instance-1/output-1/build/ogre-1.12.0/OgreMain/src/OgreStringConverter.cpp: In static member function 'static bool Ogre::StringConverter::parse(const String&, Ogre::int32&)':
/tmp/instance-1/output-1/build/ogre-1.12.0/OgreMain/src/OgreStringConverter.cpp:253:22: error: 'strtol_l' was not declared in this scope; did you mean 'strtold_l'?
253 | ret = (int32)strtol_l(val.c_str(), &end, 0, _numLocale);
| ^~~~~~~~
| strtold_l
Fixes:
- http://autobuild.buildroot.org/results/491f89e45610a7752c0700ac02b80a92b7876ec3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 84333281cd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
qt5declarative builds qmltyperegistrar for the host as part of its build
process.
When building qt target packages (which is the case for qt5declarative),
-spec devices/linux-buildroot-g++ is passed to qmake in QT5_QMAKE
variable and this spec currently has -latomic in its LIBS.
This -latomic makes it to the build of the host build of
qmltyperegistrar which is not useful.
This was discovered on Fedora 34 where libatomic is not pulled with gcc
package, therefore was missing on the host machine.
This makes sure that -latomic is not added for host build of qt
packages.
Fixes: 7d286be4f9 ("package/qt5base: link with -latomic when needed")
Cc: Quentin Schulz <foss@0leil.net>
Suggested-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2d991fd7b2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 5f432df7e2 ("boot/arm-trusted-firmware: change
ENABLE_STACK_PROTECTOR value when disabled") set
ENABLE_STACK_PROTECTOR=0 when disabled. But since we pass this value as
MAKE_OPT, the internal ATF logic that sets ENABLE_STACK_PROTECTOR again
based on its initial value breaks. This leads to build failure:
make[1]: *** [/builds/buildroot.org/buildroot/output/build/arm-trusted-firmware-v2.4/build/a80x0_mcbin/release/libc/assert.o] Error 1
aarch64-buildroot-linux-uclibc-gcc.br_real: error: unrecognized command-line option ‘-fstack-protector-0’; did you mean ‘-fstack-protector’?
Move ENABLE_STACK_PROTECTOR to make environment instead to allow make to
change its value.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1497663294
Cc: Dick Olsson <hi@senzilla.io>
Cc: Sergey Matyukevich <geomatsi@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ccac9a5bbb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit
cf176128ec ("boot/arm-trusted-firmware:
add SSP option"), we are passing ENABLE_STACK_PROTECTOR=none when we
want to disable SSP usage in TF-A. While this works fine in recent
versions of TF-A, older versions such as TF-A will end up passing
-fstack-protector-none in this situation, which fails as this is not a
valid gcc option (the valid gcc option is -fno-stack-protector).
To solve this, we pass ENABLE_STACK_PROTECTOR=0 which was in older
TF-A versions used to say "don't do anything with SSP", and is also
still supported in newer versions of TF-A.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1478738580
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5f432df7e2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
- CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
- CVE-2021-31799: A command injection vulnerability in RDoc
For more details, see the announcement:
https://www.ruby-lang.org/en/news/2021/07/07/ruby-2-7-4-released/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-22930: Use after free on close http2 on stream canceling (High)
Node.js is vulnerable to a use after free attack where an attacker might
be able to exploit the memory corruption, to change process behavior.
Drop 0002-Fix-build-with-ICU-68.patch as this is now fixed upstream since
https://github.com/nodejs/node/commit/e459c79b02
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ca92d31cff)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2021-33574: The mq_notify function has a potential use-after-free
issue when using a notification type of SIGEV_THREAD and a thread
attribute with a non-default affinity mask.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Includes fixes for the recent "Sequoia" seq_file vulnerability
(CVE-2021-33909):
https://lwn.net/Articles/863729/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 79e230178b)
[Peter: drop 5.12.x/5.13.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure on riscv32:
system/base/target.scm:132:16: In procedure triplet-pointer-size:
unknown CPU word size "riscv32"
Fixes:
- http://autobuild.buildroot.org/results/6705630c1484239ec8b73d57ebc2e2570fbfc8f8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 55f1afe6db)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
