The NVD files that are used to build the list of CVEs affecting
Buildroot packages are quite large (a few hundreds MB of json),
and cause the pkg-stats scripts to have a huge memory footprint
(a few GB with Python 2.7).
However, because we only need to iterate on CVE items one by one,
we can process them in streaming (ie decoding one CVE at a time
from the JSON representation). Because the json module from the
python standard library does not support such a mode of operation,
we switch to the third-party package ijson, which is compatible
with both Python 2 and Python3.
To run the script with these modifications, one should install
the ijson python package. This can be done with pip:
`pip install ijson`. On Debian based distributions, this can
also be done with the apt package manager:
`apt install python-ijson`.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Reviewed-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Tested-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop second and third patches (already in version)
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The regular expressions used in the sed commands assumes that there is a
space after '/dev/root' but the skeleton file contains a tab. Use a more
flexible '[[:blank:]]', instead.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This bump also includes:
* Drop upstream security patch which is included in the new version
* Unconditionally disable support for Qt5 [1] (same as Qt3 and Qt4)
* Drop dependency on host-inttool, as avahi switched to host-gettext [2]
* Conditionally enable support for libevent [3]
[1] 5dbb32767a
[2] 3d5a0c6805
[3] 998e20cd76
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
A project could quite possibly have a custom rcw file
that does not rely on any custom rcw include files (rcwi).
Allow the build to succeed if this is the case.
Signed-off-by: Francois Gervais <fgervais@distech-controls.com>
[yann.morin.1998@free.fr: install includes in a separate hook]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Through the evolution of the qt5webengine package patch ([1], [2])
until the initial commit ([3]) the translations target install
path got mangled resulting in a double trailing qtwebengine_locales
path:
/usr/translations/qtwebengine_locales/qtwebengine_locales
Instead of:
/usr/translations/qtwebengine_locales
Fixes the translations runtime access failure resulting in the
following warning:
WARNING:resource_bundle_qt.cpp(116): locale_file_path.empty() for locale
[1] http://lists.busybox.net/pipermail/buildroot/2015-July/132010.html
[2] https://patchwork.ozlabs.org/patch/640633
[3] https://git.buildroot.net/buildroot/commit/?id=89080bac9bc47946a09c1e74f2f872363bf6785b
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Call BUSYBOX_INSTALL_INDIVIDUAL_BINARIES in BUSYBOX_INSTALL_TARGET_CMDS,
not in BUSYBOX_INSTALL_INIT_SYSV. This should have been done in commit
b1e07d6d79 but was somehow lost during the
review/aply process.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
GCC later than 5.x produce _fdti1.so file with an undefined
symbol str2charp_size due to C99 inline semantics change. So
remove this keyword.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[yann.morin.1998@free.fr: add upstream status]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bugfix release, fixing a number of issues:
- Fixed mixing salted and unsalted sessions in the same ESAPI context
- Removed use of VLAs from TPML marshal code
- Added check for object node before calling compute_session_value function
- Fixed auth calculation in Esys_StartAuthSession called with optional parameters
- Fixed compute_encrypted_salt error handling in Esys_StartAuthSession
- Fixed exported symbols map for libtss2-mu
The 2.3.3 tarball accidently contains a Makefile-fuzz-generated.am with
content from a fuzz testing run (rather than an empty file as in earlier
releases), confusing autoreconf together with our
0001-configure-Only-use-CXX-when-fuzzing.patch.
Work around that by adding a post-patch hook to truncate the file. The
issue has been reported upstream and the release logic has been changed to
ensure this does not happen again for future releases:
d163041e3b
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Unlike <PKG>_DEPENDENCIES, <PKG>_PATCH_DEPENDENCIES only guarantees
extract and patch of listed dependencies, not build. Make this subtlety
more explicit in the documentation.
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
[yann.morin.1998@free.fr: slight fix]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Fix potential memory overread when performing an ECDSA signature
operation. The overread only happens with cryptographically low
probability (of the order of 2^-n where n is the bitsize of the
curve) unless the RNG is broken, and could result in information
disclosure or denial of service (application crash or extra resource
consumption).
- To avoid a side channel vulnerability when parsing an RSA private
key, read all the CRT parameters from the DER structure rather than
reconstructing them.
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- systemd optional dependency has been added in version 7.0
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix previous commit[1] which purpose was to fix parallel build. It
didn't work since it assigned $(MAKE1) to LIBSVGTINY_MAKE, but this is a
generic-package and building is done using $(MAKE), then LIBSVGTINY_MAKE
was ignored. Let's substitute instead $(MAKE) with $(MAKE1) in
LIBSVGTINY_BUILD_CMDS.
[1]:
https://git.buildroot.net/buildroot/commit/?id=26d67a2599d6c88facd5178de853fa355244e7c2
Fixes:
http://autobuild.buildroot.net/results/67d/67d341c0cc272323d6e231a20796a6848c21d760/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[yann.morin.1998@free.fr:
- use $(MAKE1) in all three step
- move comment out of the define
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Currently, the Config.in file has the line:
select BR2_PACKAGE_PYTHON3 if !BR2_PACKAGE_PYTHON
This line is incorrect as gobject-introspection does not support python2.
Instead, remove the select line and make python3 a dependency with a new
message that explains that gobject-introspection requires python3.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr:
- move the explanations from the commit log to the code
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 509db3b88a added calls to (parts of) the instrumentation steps.
However, those calls are echoed, unlike the other places where we call
them (in the package infra).
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Acked-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
src/gbm/cd6bfad@@gbm at sha/main_backend.c.o: In function `_gbm_create_device':
backend.c:(.text+0x38): undefined reference to `gbm_dri_backend'
backend.c:(.text+0x40): undefined reference to `gbm_dri_backend'
backend.c:(.text+0x74): undefined reference to `gbm_dri_backend'
backend.c:(.text+0x78): undefined reference to `gbm_dri_backend'
collect2: error: ld returned 1 exit status
This issue has been trigged since [1]:
"package/mesa3d: add option to configure gbm support"
Before the patch, the gbm support was autodetected by meson and enabled
only when at least one dri driver was enabled [2].
On the Buildroot side, the gbm support was explicitely enabled only when
BR2_PACKAGE_MESA3D_OPENGL_EGL was set.
We have two cases:
- At least one DRI driver.
- No DRI driver but one Gallium w/ EGL enable (EGL selected or not by the
Gallium driver). In this case the meson build system set with_dri to true
(even if no DRI driver is enabled) to use the builtin:egl_dri2 [3].
The gbm's meson build system seems to handle the case where no dri driver is
enabled [4] but it still use main/backend.c source file [6] that use
gbm_dri_backend [7]. So with_dri2 must always be set.
Probably a missing check in meson.build:
if with_gbm and not with_dri
error('GBM backend needs a dri driver or a gallium driver w/ EGL support.')
endif
Add a dependency on GBM option:
depends on BR2_PACKAGE_MESA3D_DRI_DRIVER \
|| (BR2_PACKAGE_MESA3D_GALLIUM_DRIVER && BR2_PACKAGE_MESA3D_OPENGL_EGL)
Fixes:
http://autobuild.buildroot.net/results/b9b6281983388dc22d929887d653da3db60f1f2c
[1] b6c051acf7
[2] https://gitlab.freedesktop.org/mesa/mesa/blob/19.3/meson.build#L348
[3] https://gitlab.freedesktop.org/mesa/mesa/blob/19.3/meson.build#L212
[4] https://gitlab.freedesktop.org/mesa/mesa/blob/19.3/src/gbm/meson.build#L37
[5] https://gitlab.freedesktop.org/mesa/mesa/blob/19.3/src/gbm/meson.build#L24
[6] https://gitlab.freedesktop.org/mesa/mesa/blob/19.3/src/gbm/main/backend.c#L38
[7] http://lists.busybox.net/pipermail/buildroot/2020-February/274425.html
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr: fix dependency of comment]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This issue has been trigged since [1]:
"package/mesa3d: add option to configure gbm support"
Before the patch, the gbm support was autodetected by meson and enabled
only when at least one dri driver was enabled [2].
On the Buildroot side, the gbm support was explicitely enabled only when
BR2_PACKAGE_MESA3D_OPENGL_EGL was set.
Now, the gbm support is explicitely disabled but the meson build system
check if at least one option OpenGL GLX or OpenGL EGL or GBM or
OSMesa (classic) library is enabled [3].
The previous behavious was to enable GBM when GLX, EGL and OSMesa are
disabled. So select GBM symbol for this case.
Fixes:
http://autobuild.buildroot.net/results/a14f329560f8022f7ba8ec43ad8eed84e005d226
[1] b6c051acf7
[2] https://gitlab.freedesktop.org/mesa/mesa/blob/19.3/meson.build#L348
[3] https://gitlab.freedesktop.org/mesa/mesa/blob/19.3/meson.build#L449
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Removed patch that was applied upstream
- Removed AUTORECONF request that came with patch
- Updated library's download name
Signed-off-by: Gilles Talis <gilles.talis@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
We don't provide a configuration file, so disable radvd by default.
Update the help message with instructions on how to enable radvd at
build time with systemd.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit adds a user-visible option
BR2_TOOLCHAIN_EXTERNAL_HAS_SSP_STRONG, which will allow the user to
indicate if the custom external toolchain does or does not have
SSP_STRONG support. Depending on this, the user will be able to use
(or not) the BR2_SSP_STRONG option.
Checking if what the user said is true or not about this is already
done in toolchain/toolchain-external/pkg-toolchain-external.mk:
$$(Q)$$(call check_toolchain_ssp,$$(TOOLCHAIN_EXTERNAL_CC),$(BR2_SSP_OPTION))
If the user selects BR2_SSP_STRONG, this will check if
-fstack-protector-strong is really supported.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This will allow toolchain to indicate if they support
-fstack-protector-strong or not.
Whenever the gcc version is >= 4.9, we always have SSP_STRONG support
if we have SSP support. However, some toolchains older than gcc 4.9
might have backported SSP_STRONG support, which is why we cannot rely
just on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9.
Having this "default" value allows to avoid adding a "select
BR2_TOOLCHAIN_HAS_SSP_STRONG" in the internal toolchain logic plus in
almost external toolchains. But it allows custom external toolchains
that are pre-4.9 to potentially declare that they support strong SSP.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix a check-package error introduce by 6bf74ce3db (package/sdbusplus:
create m4 directory before autoreconf):
package/sdbusplus/sdbusplus.mk:29: expected indent with tabs
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: John Faith <jfaith@impinj.com>
Cc: Michael Walle <michael@walle.cc>
GObject introspection is a middleware layer between C
libraries (using GObject) and language bindings. The C library
can be scanned at compile time and generate a metadata file,
in addition to the actual native C library. Then at runtime,
language bindings can read this metadata and automatically
provide bindings to call into the C library.
There's an XML format called GIR used by GObject-Introspection.
The purpose of it is to provide a standard structure to access the complete
available API that a library or other unit of code exports. It's
language-agnostic using namespaces to separate core, language, or
library-specific functionality.
Cross-compiling gobject-introspection is not an easy task. The main issue is
that in the process of creating the XML files, gobject-introspection must first
run and scan the binary, which, if the binary is cross-compiled, would not
typically be possible from the host system.
Because of this limitation, we use several wrappers to call instead first out
qemu, which runs the native scanner to create the binaries.
There are seven total patches and four different wrapper files needed to
successfully cross-compile and run this package, many of them are from
open-embedded, but one of them is of my own doing.
1) Revert a previous, incomplete attempt at adding cross-compiling support.
2) Add support for cross-compiling with meson.
3) Disable tests.
4) Add an option to use a binary wrapper; this patch will force giscanner to
use a wrapper executable to run binaries it's producing, instead of
attempting to run them from the host.
5) Add an option to use an LDD wrapper, again, useful for cross-compiled
environments.
6) Add a --lib-dirs-envar option to pass to giscanner. (See patch for details.)
7) Add rpath-links to ccompiler: when passing the PACKAGE_GIR_EXTRA_LIBS_PATH
to the ccompiler.py script, ccompiler.py needs to add -Wl,-rpath-link to the
environment for the package to correctly link against the passed on paths.
8) Ignore error return codes from ldd-wrapper because prelink-rtld returns 127
when it can't find a library, which breaks subprocess.check_output().
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Tested-by: Yegor Yefremov <yegorslists@googlemail.com>
Tested-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[yann.morin.1998@free.fr:
- host-prelink-cross has no Kconfig entry
- reorder dependencies for arch deps first
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Many autotools packages call pkg-conf to inquire as to where the following
utilities are:
g_ir_scanner
g_ir_compiler
g_ir_generate
Because gobject uses wrappers to call qemu, prepending the sysroot to the paths
of these compilers is necessary.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Prelink-cross emulates a runtime linker for a given sysroot. This is
necessary to allow gobject-introspection to build its typelib files
during cross-compiling.
We're using a sha1 on the cross_prelink branch, as we need the
RTLD-enabled variant of prelink-cross.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr:
- drop HOST_ prefix for inherited variables
- fix licensing info to "or-later"
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
If present, GDB may use a system installed libiberty. As such, we must ensure
that host-libiberty is installed first.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Some packages, like prelink-cross, want to use libiberty but do not bundle
their own instance (which is good!).
However, libiberty is made for being bundled in packages: all GNU
packages that use libiberty (gcc, Binutils, gdb, et al...) all have their own
bundled variant. This common practice means that there is no official upstream
for libiberty, the closest being as part of the combined Binutils-gdb tree.
So we introduce a new host-only package, that installs just libiberty from a
Binutils released tarball.
Again, as packages usually bundle libiberty, it usually only installs a static
version. Furthermore, it does not obey the usual --enable-shared and
--disable-static flags; it only ever builds a static version.
Furthermore, -fPIC is not used with this library, but some packages may pick it
to build shared objects. This behavior is the case for host-gdb, for example,
which accidentally picks that library instead of its internal one.
So, rather than fix the various gdb versions and variants we can use, we ensure
that the libiberty we install is usable in shared objects, and we always build
before host-gdb.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr:
- fix DL_SUBDIR for a host-only package
- add licensing info
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>