go1.17.9 (released 2022-04-12) includes security fixes to the
crypto/elliptic and encoding/pem packages, as well as bug fixes to the
linker and runtime.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Override CPPFLAGS to fix the following build failure with BR2_OPTIMIZE_0
raised since bump to version 0.14.0 in commit
cd707a9112 and
0e7b2b0300:
/home/autobuild/autobuild/instance-15/output-1/host/i686-buildroot-linux-gnu/sysroot/usr/include/features.h:412:4: error: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Werror=cpp]
configure adds -D_FORTIFY_SOURCE to CPPFLAGS if it is not already
defined. However, we don't want _FORTIFY_SOURCE to be enabled unless
it's enabled by Buildroot (for exactly the above reason). Therefore,
override CPPFLAGS in th build step to remove _FORTIFY_SOURCE again.
It should be noted that upstream already rejected a PR to remove
-Werror: https://github.com/smuellerDD/libkcapi/pull/132
Fixes:
- http://autobuild.buildroot.org/results/35141ea3046f5a4593e0b27ef92e4ace6bc0be66
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop patches that are now upstream.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
systemd doesn't plan to fix the following build failure with libressl
(https://github.com/systemd/systemd/issues/14928) and ED25519 support
is still not available in libressl
(https://github.com/libressl-portable/portable/issues/393 opened for
more than 3 years):
../src/home/homed-manager.c: In function ‘manager_generate_key_pair’:
../src/home/homed-manager.c:1393:35: error: ‘EVP_PKEY_ED25519’ undeclared (first use in this function); did you mean ‘EVP_PKEY_DSA1’?
1393 | ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL);
| ^~~~~~~~~~~~~~~~
| EVP_PKEY_DSA1
Fixes:
- http://autobuild.buildroot.org/results/47f31b36f123c4be4661f4fde2d1f7385c5d0ed5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Remove the hard coded disabling of altivec and vsx, and instead use the
BR2_POWERPC_CPU_HAS_VSX and BR2_POWERPC_CPU_HAS_ALTIVEC variables to
control the flags.
Signed-off-by: Joel Stanley <joel@jms.id.au>
[Arnout: rewrite with $(if ...) and --enable]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Set NSS_DISABLE_CRYPTO_VSX which is available since version 3.64 and
9dab43371d
to avoid the following build failure on powerpc:
cc1: warning: '-mvsx' requires hardware floating point
cc1: error: '-mno-vsx' turns off '-mcrypto'
Passing this option on non-powerpc is harmless.
Fixes:
- http://autobuild.buildroot.org/results/6bedb5b658f6c9c16c26c73a524a995e5e84fcc8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Introduced to allow VSX to be selectively enabled for packages that
support it. Initially used by libnss.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
zlib-ng's build system does not correctly detect if it supports the
Power8 feature. Force it off to fix building for configurations that
don't support the vector builtin functions.
For example, building for BR2_powerpc_601:
warning: implicit declaration of function ‘vec_xl’; did you mean
‘vec_rl’? [-Wimplicit-function-declaration]
93 | vbuf = vec_xl(0, (unsigned char *) buf);
This logic was incorrectly removed in commit 04e26cb7fe.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes:
cc1: error: ‘-fcf-protection’ is not compatible with this target
The new Ubuntu GCC packages (e.g. Ubuntu 11.2.0-7ubuntu2, 11.2.0) turn
on ‘-fcf-protection’ globally, which causes a build failure in the x86
realmode code. Turn it off explicitly on compilers that understand this
option.
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure raised since switch to meson-package in
commit 1db1322639 and
957a015157:
The following exception(s) were encountered:
Running "/home/autobuild/autobuild/instance-14/output-1/host/bin/or1k-buildroot-linux-musl-g++ --version" gave "[Errno 2] No such file or directory: '/home/autobuild/autobuild/instance-14/output-1/host/bin/or1k-buildroot-linux-musl-g++'"
Fixes:
- http://autobuild.buildroot.org/results/1d52c8100414aa384572b23006a13f9b806d2d5a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The wireplumber currently as "dbus" in its DEPENDENCIES, but it does
not select/depend on it at the Kconfig level. A simple configuration
such as:
BR2_PACKAGE_LUA=y
BR2_PACKAGE_PIPEWIRE=y
BR2_PACKAGE_WIREPLUMBER=y
Therefore fails to build with:
Makefile:576: *** dbus is in the dependency chain of wireplumber that has added it to its _DEPENDENCIES variable without selecting it or depending on it from Config.in. Stop.
Since dbus is actually an optional dependency of wireplumber, this
commit fixes the issue by really handling it as an optional
dependency.
Fixes: c9a3c10417 ("package/wireplumber: new package")
Signed-off-by: Théo Lebrun <theo.lebrun@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Her e-mail address at Collabora is bouncing:
host bhuna.collabora.co.uk[/private/dovecot-lmtp] said: 550 5.1.1
<mylene.josserand@collabora.com> User doesn't exist: mylene.josserand@collabora.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currentlym this kernel module can be built by any architecture and this
leads to many failures. Since it's very unlikely that Mali will be part
of architectures other than AArch64 and arm let's depend on BR2_aarch64
and BR2_arm only.
Fixes:
http://autobuild.buildroot.net/results/f94885ef76865c3888d6cc52b35c93a742f92f3a
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Security vulnerabilies will be fixed by bumping internal bind from
9.11.14 to 9.11.36
- Drop patch (already in version)
- This bump will also fix the following build failure on platforms
without stdatomic lock free thanks to
261c84d91d
stats.c: In function 'setcounter':
stats.c:300:29: error: 'val' undeclared (first use in this function); did you mean 'value'?
300 | stats->counters[counter] = val;
| ^~~
| value
- Update hash of license file (ISC address updated and preamble removed:
429a56d73cee868403d0)
https://gitlab.isc.org/isc-projects/dhcp/-/blob/v4_4_3/RELNOTES
Fixes:
- http://autobuild.buildroot.org/results/e4d027b5bcda852d0b5a54035de5ed37499a4ef0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This is quite a version jump, so there are a lot of individual changes,
see: https://github.com/warmcat/libwebsockets/blob/v4.3.1/changelog
LICENSE has also changed:
- More items with license "MIT" were added:
- lib/misc/base64-decode.c
- lib/plat/windows/windows-resolv.c
- One more item with a 2-Clause BSD license was added:
- lib/misc/ieeehalfprecision.c
- Sublicense texts were copied into LICENSE
These should still be compatible with "MIT with exceptions" stated in
`libwebsockets.mk`.
Signed-off-by: Johannes Agricola <johannes.agricola@work-microwave.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Building gen tool of the internal (bundled) bind needs to be for host, not target
Switch to use internal build in commit 0c8dd6ebd6
overlooked this.
Building dns library in /home/autobuild/autobuild/instance-13/output-1/build/dhcp-4.4.2-P1/bind/bind-9.11.14/lib/dns
/bin/sh: line 1: ./gen: cannot execute binary file: Exec format error
Thus, we need to set not just CC, but also CFLAGS etc. otherwise the
target CFLAGS etc. will be inherited from top-level configure.
Fixes:
- http://autobuild.buildroot.org/results/da6fd904d1a6bae73b6ff89dd008de1f459bb7d7/
Signed-off-by: Tim Hammer <Tim.Hammer@orolia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure without NPTL raised since bump to
version 14.1 in commit c9bd029115 and
44bf3d5083:
In file included from pthread_barrier_wait.c:16:
../../src/include/port/pg_pthread.h:31:3: error: conflicting types for 'pthread_barrier_t'
31 | } pthread_barrier_t;
| ^~~~~~~~~~~~~~~~~
In file included from /home/autobuild/autobuild/instance-11/output-1/host/arc-buildroot-linux-uclibc/sysroot/usr/include/bits/uClibc_stdio.h:114,
from /home/autobuild/autobuild/instance-11/output-1/host/arc-buildroot-linux-uclibc/sysroot/usr/include/stdio.h:71,
from ../../src/include/c.h:59,
from pthread_barrier_wait.c:14:
/home/autobuild/autobuild/instance-11/output-1/host/arc-buildroot-linux-uclibc/sysroot/usr/include/bits/pthreadtypes.h:135:3: note: previous declaration of 'pthread_barrier_t' was here
135 | } pthread_barrier_t;
| ^~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/70acbe121236ef0905c4466d4f7a0839723d2c49
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Set LSOF_AR and LSOF_CC to be able to drop first patch which is not
upstreamable: https://github.com/lsof-org/lsof/issues/197
$(TARGET_CONFIGURE_OPTS) must also be removed to avoid overriding AR
and so we can drop LSOF_CFLAGS_OVERRIDE=1 and third patch
DEBUG="$(TARGET_CFLAGS)" can also be dropped from LSOF_BUILD_CMDS as it
is already set in LSOF_CONFIGURE_CMDS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Arnout: add quotes around TARGET_CC]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issues:
- The rules for acceptance of records into the cache have been tightened to
prevent the possibility of poisoning if forwarders send records outside
the configured bailiwick. (CVE-2021-25220)
- TCP connections with keep-response-order enabled could leave the TCP
sockets in the CLOSE_WAIT state when the client did not properly shut down
the connection. (CVE-2022-0396)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with BR2_SHARED_STATIC_LIBS:
CMake Error at src/CMakeLists.txt:56 (add_library):
add_library cannot create target "belr" because another target with the
same name already exists. The existing target is a static library created
in source directory
Fixes:
- http://autobuild.buildroot.org/results/d1ef96c8f370b5a522985c37f1681dd10bbc15bb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: simplify/add comment explaining why]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
internal bind is in version 9.11 and so doesn't support pkg-config
like bind 9.16 resulting in the following build failure since commit
0c8dd6ebd6:
configure: error: include/zlib.h not found.
Fixes:
- http://autobuild.buildroot.org/results/7a5cdf30881d208807976cf98960c5fe2abfed50
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
liburing needs MMU since its addition in commit
03ca6f4e39:
setup.c: In function 'io_uring_ring_dontfork':
setup.c:119:8: warning: implicit declaration of function 'madvise'; did you mean 'raise'? [-Wimplicit-function-declaration]
119 | ret = madvise(ring->sq.sqes, len, MADV_DONTFORK);
| ^~~~~~~
| raise
Fixes:
- http://autobuild.buildroot.org/results/33f3c58e98daab07139b4f400b85f87c0e314240
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
intel-gmmlib needs C++ since its addition in commit
93e4ee81a2 and
7a1ec78c0b:
CMake Error at /nvmedata/autobuild/instance-15/output-1/host/share/cmake-3.18/Modules/CMakeTestCXXCompiler.cmake:59 (message):
The C++ compiler
"/usr/bin/clang++"
is not able to compile a simple test program.
Fixes:
- http://autobuild.buildroot.org/results/8cadfee0288a05676868e05d56243d866cbf051d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with libressl:
In file included from tls.c:39:
prototypes.h:774:8: error: unknown type name 'CRYPTO_RWLOCK'
774 | extern CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS];
| ^~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/c48ba8e71dc917b2e11051088dd252be81b3609f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with libressl > 2.7.0:
/nvmedata/autobuild/instance-21/output-1/host/opt/ext-toolchain/bin/../lib/gcc/microblaze-buildroot-linux-musl/11.2.0/../../../../microblaze-buildroot-linux-musl/bin/ld: /nvmedata/autobuild/instance-21/output-1/host/microblaze-buildroot-linux-musl/sysroot/usr/lib/libcrypto.a(x509_lu.c.o): in function `X509_OBJECT_get0_X509_CRL':
(.text+0xc3c): multiple definition of `X509_OBJECT_get0_X509_CRL'; /nvmedata/autobuild/instance-21/output-1/build/lftp-4.9.2/src/.libs/liblftp-network.a(liblftp_network_la-lftp_ssl.o):(.text+0x894): first defined here
Fixes:
- http://autobuild.buildroot.org/results/7fd1dfd5bc750ae5a3278ca950c838ae90704b23
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2022-1154: Use after free in utf_ptr2char in GitHub repository
vim/vim prior to 8.2.4646.
Fix CVE-2022-1160: heap buffer overflow in get_one_sourceline in GitHub
repository vim/vim prior to 8.2.4647.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2022-0711: A flaw was found in the way HAProxy processed HTTP
responses containing the "Set-Cookie2" header. This flaw could allow an
attacker to send crafted HTTP response packets which lead to an infinite
loop, eventually resulting in a denial of service condition. The highest
threat from this vulnerability is availability.
https://www.mail-archive.com/haproxy@formilux.org/msg41963.htmlhttps://www.mail-archive.com/haproxy@formilux.org/msg41873.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>