Group _CONF_{ENV,OPTS} together after the autreconf ones.
Keep AUTORECONF=YES close to AUTORECONF_OPTS
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix gettext build raised since bump to version 2.15 in commit
d65b960859:
*** error: gettext infrastructure mismatch: using a Makefile.in.in from gettext version 0.18 but the autoconf macros are from gettext version 0.20
Fixes: d65b960859
- http://autobuild.buildroot.org/results/bb80a7842d18651e5069f3a91f06a9c23218d260
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
host-rust package depends on several host packages to provide tools and
libraries but it doesn't take into account out host libraries in
HOST_DIR while building rustc compiler. Indeed, rustc needs zlib and
fails to link if zlib is not installed on the host.
error: could not compile `rustc_driver` (lib) due to previous error
If zlib is installed on the host, we can notice it with ldd tool (while
it should be linked with the one provided by Buildroot host-zlib):
ldd [...]TestRust/host/bin/rustc
libz.so.1 => /lib64/libz.so.1
Provide HOST_LDFLAGS using llvm.ldflags in config.toml.
(HOST_LDFLAGS provides -L$(HOST_DIR)/lib -Wl,-rpath,$(HOST_DIR)/lib)
With that fixed, rustc_driver link with libz from HOST_DIR but the
host-rust build still fail later due to another issue.
error: could not compile `rustdoc-tool` (bin "rustdoc_tool_binary") due to previous error
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6256881545http://autobuild.buildroot.org/results/a6b/a6b28783f29e6b729824bf42679a62f72ad5bee0
Signed-off-by: Romain Naour <romain.naour@smile.fr>
[yann.morin.1998@free.fr: slight rewording in commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Several rust tools are linking against zlib, so add the depedency
explicitly in HOST_RUST_DEPENDENCIES.
For now, host-rust build system is not able to find zlib provided
by Buildroot in HOST_DIR due to at least two issues that will be
fixed in followup commits.
Note that host-zlib is already in the dependency chain, by way of
host-openssl, but since rust needs for itself, we need to add it
as an explicit dependency.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
[yann.morin.1998@free.fr: add not about transitive dependency]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
spirv-tools unconditionally includes filesystem since its addition in
commit 0a01085abe resulting in the
following build failure:
/home/buildroot/autobuild/run/instance-1/output-1/build/spirv-tools-1.3.261.1/tools/objdump/objdump.cpp:15:10: fatal error: filesystem: No such file or directory
#include <filesystem>
^~~~~~~~~~~~
Fixes: 0a01085abe
- http://autobuild.buildroot.org/results/aaeb0ca8773842768f9311fc804bb7529d9e3bfa
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 722b84eafa forgot to update
nginx-naxsi resulting in the following build failure:
In file included from ../nginx-naxsi-d714f1636ea49a9a9f4f06dba14aee003e970834/naxsi_src/naxsi_runtime.c:7:
../nginx-naxsi-d714f1636ea49a9a9f4f06dba14aee003e970834/naxsi_src/naxsi.h:147:3: error: unknown type name 'ngx_regex_compile_t'
147 | ngx_regex_compile_t* target_rx;
| ^~~~~~~~~~~~~~~~~~~
Fixes: 722b84eafa
- http://autobuild.buildroot.org/results/87bbcf946ccbd8e3bf1ca9f39464f4bb198c8d42
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This fixes an incompatibility with openssl 3.2 when using codesign
certificate purpose [1].
[1] https://github.com/rauc/rauc/releases/tag/v1.11.1
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure raised since the addition of the package
in commit ea45b95c0e:
In file included from third_party/boringssl-with-bazel/src/include/openssl/base.h:78,
from third_party/boringssl-with-bazel/src/include/openssl/ssl.h:145,
from ./src/core/tsi/ssl/key_logging/ssl_key_logging.h:23,
from ./src/core/lib/security/security_connector/ssl_utils.h:42,
from ./src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h:36,
from ./src/core/ext/xds/certificate_provider_store.h:44,
from src/core/ext/xds/certificate_provider_store.cc:21:
third_party/boringssl-with-bazel/src/include/openssl/target.h:62:2: error: #error "Unknown target CPU"
62 | #error "Unknown target CPU"
| ^~~~~
Fixes: ea45b95c0e
- http://autobuild.buildroot.org/results/36686aca1b45f0bf692a60e67a48424b561930a3
- http://autobuild.buildroot.org/results/4f79c7b1b2fc3306f300ae3ec0aa4439725814c1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A vulnerability was found in obgm libcoap 4.3.4. It has been rated as
critical. Affected by this issue is the function get_split_entry of the
file src/coap_oscore.c of the component Configuration File Handler. The
manipulation leads to stack-based buffer overflow. The attack may be
launched remotely. The exploit has been disclosed to the public and may
be used. It is recommended to apply a patch to fix this issue.
VDB-252206 is the identifier assigned to this vulnerability.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2024-22667: Vim before 9.0.2142 has a stack-based buffer
overflow because did_set_langmap in map.c calls sprintf to write to the
error buffer that is passed down to the option callback functions.
Update hash of README.txt (version number updated with
b4ddc6c11e)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2024-25062: An issue was discovered in libxml2 before 2.11.7 and
2.12.x before 2.12.5. When using the XML Reader interface with DTD
validation and XInclude expansion enabled, processing crafted XML
documents can lead to an xmlValidatePopElement use-after-free.
https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.12.5/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update NEWLIB_BARE_METAL_VERSION to match version retrieved on
https://release-monitoring.org/project/13816
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Hash of COPYING.NEWLIB is wrong since the addition of the package in
commit 3b95ff658b:
ERROR: COPYING.NEWLIB has wrong sha256 hash:
ERROR: expected: 422aa40293093fb54fc66e692a0d68fd0b24ed5602e5d1d33ad05ba3909057e9
ERROR: got : 9a59b4ee3af067045fe0ea78786201c42d54756fe48cbccf44f3dfc398474717
Fixes: 3b95ff658b
- No autobuilder failures (yet)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We carried a patch for xilinx xemaclite that was made initially for
qemu < 2.2.0 [1].
Indeed, between Qemu 0.11.0 and 2.2.0 the devicetree binary blob
petalogix-s3adsp1800.dtb (bundled in Qemu sources) used a
compatible string 'xlnx,xps-ethernetlite-2.00.b' that was not
supported by the Linux kernel [2].
These patches could have been removed since Buildroot 2015.02
when this defconfig was tested with Qemu 2.2.0 [3].
[1] https://git.buildroot.net/buildroot/commit/board/qemu/microblazebe-mmu/xilinx-xemaclite.patch?id=fa2798548368d51998fad18d7f6d1ae0ed065b33
[2] c21fd2c79e
[3] 312990555c
Cc: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
[Peter: drop drom .checkpackageignore]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure without makeinfo raised since the
addition of the package in commit
3b95ff658b:
make[5]: Entering directory '/home/buildroot/autobuild/instance-2/output-1/build/newlib-bare-metal-4.4.0/microblazeel-xilinx-elf/libgloss'
MAKEINFO ../.././libgloss/doc/porting.info
/home/buildroot/autobuild/instance-2/output-1/build/newlib-bare-metal-4.4.0/missing: line 81: makeinfo: command not found
Fixes: 3b95ff658b
- http://autobuild.buildroot.org/results/23e6641cbce62258310c300f8aed5d6a76973d72
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use OPTIMIZATIONS parameter to pass -marm to fix the following build
failure in Thumb mode:
/tmp/ccEjPM4h.s:941: Error: selected processor does not support `mrc p15,0,r2,c9,c13,0' in Thumb mode
CFLAGS can't be overridden as it is defined as:
CFLAGS = $(FEATUREFLAGS) \
$(OPTIMIZATIONS) \
$(WARNFLAGS) \
$(if $(findstring clang,$(CC)),$(CLANG_WARNINGS)) \
$(ARCH_CFLAGS) \
$(WERRFLAGS) \
$(INCLUDES) \
$(DEFINES)
Fixes:
- http://autobuild.buildroot.org/results/580156f89cfd72122fef07aa2fe37b4fdd4c316b
- http://autobuild.buildroot.org/results/8980c0f422516c7263d8d0c9cc6123f30c4b7ee4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 10d272ec99)
[Peter: drop Makefile/Vagrantfile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f05246df4f)
[Peter: drop Makefile change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Move fi statement where it belongs to fix the following build failure
raised since bump of autoconf to version 2.72 in commit
524f353602:
checking for stack setup via makecontext... ./configure: line 15863: syntax error near unexpected token `;;'
Fixes: 524f353602
- http://autobuild.buildroot.org/results/013e0d3f72582ce3675f65786c014518682d703b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit b7232c51dd added default setting
for bare-metal toolchain arch but unfortunately it used configlines.add
instead of configlines.append resulting in the following build failure:
/bin/sh: line 8: /home/autobuild/autobuild/instance-1/output-1/per-package/host-gcc-bare-metal/host/bin/-ar: No such file or directory
While at it, also append /n for consistency
Fixes: b7232c51dd
- http://autobuild.buildroot.org/results/95ac565653ddb5c14ec71470c32a34ad10b048cb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 22b6945552 (support/scripts/cve.py: switch from NVD to FKIE for
the JSON files) had to change the decompressor from gz to xz, as the new
location is using xz compression.
That commit mentioned that it was spawning an external xz process to do
the decompression, on the pretence that "there is no xz decompressor in
Python stdlib."
Before version 3.1, ijson.items() only accepted a file-like object as
input (that file-like object could yield bytes() or str(), both were
supported). Starting with version 3.1, ijson.items() also accepts that
it be directly passed bytes() or str() directly. subprocess.check_output()
means we are now passing bytes() to ijson.items(), so it fails on ijson
versions before 3.1, with failures such as:
[...]
File "/usr/lib/python3/dist-packages/ijson/backends/python.py", line 25, in Lexer
if type(f.read(0)) == bytetype:
AttributeError: 'bytes' object has no attribute 'read'
Ubuntu 20.04, on which the pkg-stats run to generate the daily report,
only has ijson 2.3. More recent distros have more recent versions of
ijson, like Fedora 39 that has 3.2.3, recent enough to support being fed
bytes(). Commit 22b6945552 was tested on Fedora 39, so did not catch
the issue.
However, the reasoning in 22b6945552 is wrong: there *is* the lzma
module, at least since python 3.3 (that is, aeons ago), which is able to
read xz-compressed files; it also has an API similar to the gzip module,
and can provide a file-like object that exposes the decompressed data.
So, do just that: provide an lzma-wrapped file-like object to ijson, so
that we can eventually recover our daily reports that everything is
broken! :-]
Note that this construct still works on recent versions!
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libheif raises the following build failure with libjpeg since bump to
version 1.17.5 in commit 5714126eda and
ebd13a20b8
/home/buildroot/autobuild/instance-3/output-1/build/libheif-1.17.5/libheif/plugins/encoder_jpeg.cc: In function 'heif_error jpeg_encode_image(void*, const heif_image*, heif_image_input_class)':
/home/buildroot/autobuild/instance-3/output-1/build/libheif-1.17.5/libheif/plugins/encoder_jpeg.cc:366:37: error: invalid conversion from 'long unsigned int*' to 'size_t*' {aka 'unsigned int*'} [-fpermissive]
366 | jpeg_mem_dest(&cinfo, &outbuffer, &outlength);
| ^~~~~~~~~~
| |
| long unsigned int*
Fixes:
- http://autobuild.buildroot.org/results/8ca909564c8dabe28ad08c96ebbc04b25592e727
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit f71d9f49e5 (support/scripts/pkg-stats: fix datetime deprecation
warning) forgot to consider that the datetime.UTC suggested by python
3.12, was only introduced with python 3.11.
However, we are still generating the daily report on a python 3.8
version, which fails at runtime:
AttributeError: module 'datetime' has no attribute 'UTC'
It turns out that datetime.UTC is just an alias for datetime.timezone.utc,
which seems to have existed since before python3...
Use datetime.timezone.utc instead of its alias.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
While the old NVD JSON feed provided data files where the CVEs were
sorted by ID, the new feed from FKIE does not have sorted CVEs.
Add a method to sort a list of CVE IDs (i.e. CVE ID strings, not CVE
objects!), and use that when emiting the HTML output.
The JSON output need not be sorted, because it is supposed to be used
for post-processing, and we do not care about the ordering there; a
consumer interested in sorting should sort on their side.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Commit 22b6945552 (support/scripts/cve.py: switch from NVD to FKIE for
the JSON files) missed the fact that the layout of the FKIE data files
are different from the original NVD ones. They are formatted according
to the NVD v2 API.
Most differences are relatively trivial fields renaming, and those are
easily spotted in this patch.
There is however one key difference in the layout of the configurations.
Where the NVD had "configurations" as an object with a "nodes" key, the
FKIE has a "configurations" as a list of objects with a single "nodes"
key; i.e. it is one-level deeper.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Abide by the warning reported with python 3.12:
.../support/scripts/pkg-stats:1289: DeprecationWarning:
datetime.datetime.utcnow() is deprecated and scheduled for removal
in a future version. Use timezone-aware objects to represent
datetimes in UTC: datetime.datetime.now(datetime.UTC).
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Fixes the following security issue:
gh-113659: Skip .pth files with names starting with a dot or hidden file
attribute
https://github.com/python/cpython/issues/113659
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 2c5a82a29c (package/openssh: select linux-pam if refpolicy
upstream is selected) did not account for the linux-pam dependencies
before selecting it, causing unmet dependencies warnings (unfortunately,
not errors), such as:
$ KCONFIG_SEED=0xCF227CF4 make randconfig
WARNING: unmet direct dependencies detected for BR2_PACKAGE_LINUX_PAM
Depends on [n]: BR2_ENABLE_LOCALE [=n] && BR2_USE_WCHAR [=n] && !BR2_STATIC_LIBS [=n] && BR2_USE_MMU [=y] && BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 [=y]
Selected by [y]:
- BR2_PACKAGE_OPENSSH [=y] && BR2_USE_MMU [=y] && BR2_PACKAGE_REFPOLICY_UPSTREAM_VERSION [=y]
2c5a82a29c made the choice of having openssl bear the responsibility
to select linux-pam when the upstream refpolicy version was enabled.
Semantically however, the responsibility really lies within refpolicy
itself, since that's what imposes linux-pam to openssh.
Move the select to refpolicy and drop it from openssh. Then, ensure that
linux-pam is only selected when it is available.
That means that one may get an openssh that is not linked against
linux-pam, when the linux-pam dependencies are not met; refpolicy (by
way of libsepol) also has a more stringent requirement on gcc version
than linux-pam, so most probably the missing dependencies would be
locale, wchar, or a static build. We consider that situation to be a
corner case that we do not want to address.
In the future, we may have more similar situations, whereby refpolicy
would impose other packages be linked with otherwise optional
dependencies. If (when) that were (will be) the case, then the proposed
mechanism would quickly become ugly; we could then re-assess a nicer way
to do that. Until then, this is good ebough.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <adam.duskett@amarulasolutions.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use ERLANG_FIX_AUTOCONF_VERSION to fix the following build failure
raised since bump of autoconf to version 2.72 in commit
524f353602:
ERROR: autoconf of version 2.72 found in path! You need to have autoconf of version 2.71 in path.
Fixes: 524f353602
- http://autobuild.buildroot.org/results/c9e8df3427fca9e8e75488e32bca18e81009238c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This bump will fix the following build failure raised since bump of
expat to version 2.6.0 in commit
9dad5e7d7f thanks to
75f7042b70:
src/ParserEngine.cpp: In member function 'void Poco::XML::ParserEngine::init()':
src/ParserEngine.cpp:510:17: error: 'XML_SetBillionLaughsAttackProtectionMaximumAmplification' was not declared in this scope; did you mean 'setBillionLaughsAttackProtectionMaximumAmplification'?
510 | XML_SetBillionLaughsAttackProtectionMaximumAmplification(_parser, _maximumAmplificationFactor);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://github.com/pocoproject/poco/blob/poco-1.13.2-release/CHANGELOG
Fixes: 9dad5e7d7f
- http://autobuild.buildroot.org/results/7fad881f85d3b89abdee35388088965f05ead277
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, when the version string is "too long", it is arbitrarily
truncated.
This works well for commit hashes, because usually the truncation is
long enough to provide a short hash that is still unique in the
upstream VCS.
However, there are non-hash-like versions strings that get truncated
and wihch the discriminant part is toward the end.
Yet, adapting the version cell to the widest versions string (most
probably a git hash) is not very interesting; the table is already very
large.
Make the cell with the version string scrollable: we get to keep the
best of both worlds: a narrow version cell, and a full-length version
string that can be copy-pasted if needed.
Signed-off-by: Sen Hastings <sen@hastings.org>
[yann.morin.1998@free.fr: reword commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following static build failure with libpsl raised since bump to
version 8.6.0 in commit 5cee6b6be6:
configure:28830: /home/autobuild/autobuild/instance-6/output-1/host/bin/aarch64_be-buildroot-linux-musl-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O3 -g0 -static -Werror-implicit-function-declaration -Wno-system-headers -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -I/home/autobuild/autobuild/instance-6/output-1/host/aarch64_be-buildroot-linux-musl/sysroot/usr/include -static -L/home/autobuild/autobuild/instance-6/output-1/host/bin/../aarch64_be-buildroot-linux-musl/sysroot/usr/lib -L/home/autobuild/autobuild/instance-6/output-1/host/aarch64_be-buildroot-linux-musl/sysroot/usr/lib conftest.c -lpsl -lmbedtls -lmbedx509 -lmbedcrypto -lz -latomic >&5
/home/autobuild/autobuild/instance-6/output-1/host/lib/gcc/aarch64_be-buildroot-linux-musl/11.4.0/../../../../aarch64_be-buildroot-linux-musl/bin/ld: /home/autobuild/autobuild/instance-6/output-1/host/bin/../aarch64_be-buildroot-linux-musl/sysroot/usr/lib/libpsl.a(psl.c.o): in function `is_public_suffix':
psl.c:(.text+0x2a8): undefined reference to `idn2_lookup_u8'
[...]
checking for library containing psl_builtin... no
configure: error: libpsl was not found
Fixes: 5cee6b6be6
- http://autobuild.buildroot.org/results/1fb15e1a99472c403d0d3b1a688902f32e78d002
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
