flare-engine enables profiling when CMAKE_BUILD_TYPE is 'Debug'. The
Buildroot package explicitly avoided that by forcing CMAKE_BUILD_TYPE to
'RelWithDebInfo' when pkg-cmake.mk would normally set it to 'Debug'. Until
recently, this was the case when BR2_ENABLE_DEBUG was enabled.
A previous commit changed the condition under which CMAKE_BUILD_TYPE=Debug
was set, from BR2_ENABLE_DEBUG=y to BR2_ENABLE_RUNTIME_DEBUG=y, so logically
the flare-engine package would have to be updated accordingly.
However, apart from the profiling flag, the flare-engine package only uses
CMAKE_BUILD_TYPE to determine flags that Buildroot wants to control itself,
like optimization and debugging flags.
This means we can fake CMAKE_BUILD_TYPE to a value that has no meaning for
flare-engine itself, without needing to check BR2_ENABLE_DEBUG nor
BR2_ENABLE_RUNTIME_DEBUG.
Incidentally, this trick was already done in case
BR2_TOOLCHAIN_HAS_GCC_BUG_85180 was true, so move that line out of this
condition.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The CMAKE_BUILD_TYPE is currently set as 'Debug' in case BR2_ENABLE_DEBUG is
set, and as 'Release' in other cases. However, while the description of
BR2_ENABLE_DEBUG is to enable debug symbols (no runtime impact), the 'Debug'
build type in CMake can actually have runtime impact. For one, because it
does not set -DNDEBUG like is done for 'Release', but also because packages
may do custom things based on it.
The question of which CMAKE_BUILD_TYPE Buildroot should set, be it 'Debug',
'Release', 'RelWithDebInfo' or others, has come up several times in the
past. See some references below:
- July 2016: switch from Debug to RelWithDebInfo:
https://git.buildroot.org/buildroot/commit/?id=4b0120183404913f7f7788ef4f0f6b51498ef363
- October 2016: switch from RelWithDebInfo back to Debug:
https://git.buildroot.org/buildroot/commit/?id=104bb29e0490bfb487e2e665448dd3ca07fcc2b5
and changes to make sure Buildroot's flags are respected:
https://git.buildroot.org/buildroot/commit/?id=12494ef48f893684d0800e7f6fe39a2ceaed0451
- August 2017: bug #10246 - "BR2_ENABLE_DEBUG does not have the expected
effect for cmake packages"
https://bugs.busybox.net/show_bug.cgi?id=10246
- August 2017: mail thread following bug #10246:
http://lists.busybox.net/pipermail/buildroot/2017-August/200778.html
In the last mail thread, Samuel Martin confirmed that the 'Release' build
type could be used in all cases, because Buildroot is actually making sure
that the optimization flags are those determined by Buildroot, not the
defaults of cmake, thanks to commit 12494ef48f.
But Arnout Vandecappelle objected to using always 'Release', stating that
users may actually want the extra assertions.
With the introduction of BR2_ENABLE_RUNTIME_DEBUG, Buildroot can now cater
for all cases:
- use CMAKE_BUILD_TYPE=Release by default. This makes sure that there is no
unexpected performance degradation triggered by enabling BR2_ENABLE_DEBUG.
- users can optionally enable BR2_ENABLE_RUNTIME_DEBUG if they want runtime
debug info like assertions, at the risk of introducing performance
degradation. In this case, we switch to CMAKE_BUILD_TYPE=Debug.
- orthogonally to the above, BR2_ENABLE_DEBUG still determines passing the
'-g' flag to enable debug symbols, and BR2_OPTIMIZE_X still determines the
used optimization flags.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The 'assert' statement in glibc honors the 'NDEBUG' preprocessor macro: if
it is set, then the assert statement is compiled away.
Define this 'NDEBUG' macro when BR2_ENABLE_RUNTIME_DEBUG is disabled (the
default case).
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Some packages have optional runtime assertions, extra traces, or other
elements that can help in debugging problems. However, such runtime elements
can negatively influence performance.
In a test program performing 100K gRPC calls from a client to a local server
and receiving the returned response, we see following execution time:
- runtime debug enabled: 1065 seconds
- runtime debug disabled: 48 seconds
This is more than a factor 20 (!) difference. Analysis shows that the
problem mostly stems from libabseil-cpp (a dependency of gRPC) which enables
mutex deadlock analysis when the preprocessor flag 'NDEBUG' is not set,
which adds a 'backtrace()' call on every lock/unlock. Potentially worse,
when libunwind is enabled and linked with the test program, 'backtrace()' is
not provided by glibc but by libunwind itself.
For production systems, users expect good performance out-of-the-box. In the
example above, the difference is huge and unless explicitly tested and
analyzed, users may not realize that the performance could be much better.
Address this problem by introducing a new option BR2_ENABLE_RUNTIME_DEBUG,
which can be used by packages or package infrastructures to set the
necessary flags.
Note that BR2_ENABLE_RUNTIME_DEBUG is orthogonal to BR2_ENABLE_DEBUG: the
former changes runtime behavior, while the latter is only expected to add
debug symbols to the build. Today, the cmake build system does introduce a
runtime impact when BR2_ENABLE_DEBUG is set, but that will be rectified in a
subsequent commit.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure on riscv32:
lib/internal.h:331:20: error: '__NR_io_getevents' undeclared (first use in this function); did you mean 'io_getevents'?
331 | return syscall(__NR_io_getevents, ctx, min, max, events, timeout);
| ^~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/c828d4330a8888fe8db4299dc2f20759947f329f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
unscd unconditionally uses __NR_clock_gettime which will raise the
following build failure on riscv32:
nscd-0.54.c:339:14: error: '__NR_clock_gettime' undeclared (first use in this function); did you mean 'clock_gettime'?
339 | if (syscall(__NR_clock_gettime, CLOCK_MONOTONIC, &ts))
| ^~~~~~~~~~~~~~~~~~
| clock_gettime
Fixes:
- http://autobuild.buildroot.org/results/eb77b18f268d8e59c407f757662117a33d3f9ee3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since its addition in commit 09c97972d9,
uftrace always builds a dynamic library which will raise the following
build failure:
LINK libmcount/libmcount.so
.../ld: .../crtbeginT.o: relocation R_X86_64_32 against hidden symbol `__TMC_END__' can not be used when making a shared object
Fixes:
- http://autobuild.buildroot.org/results/980bb38c6417bd48828379677762382030c5b28a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add -std=c++11 to fix the following build failure with gcc 11:
In file included from shared-ptr/base.cxx:5:
../cutl/shared-ptr/base.hxx:34:41: error: ISO C++17 does not allow dynamic exception specifications
34 | operator new (std::size_t, cutl::share) throw (std::bad_alloc);
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/60a39d402a0d051c92aa11421b7a14f7729a0380
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Recently in Buildroot the option BR2_PIC_PIE has been enabled by default along
with other hardening features [1]. Since then the nios2 defconfig
qemu_nios2_10m50_defconfig is failing to boot due to a segfault in init program:
Run /init as init process
with arguments:
/init
with environment:
HOME=/
TERM=linux
Failed to execute /init (error -12)
See Buildroot build log and Qemu runtime test log in build artifacts [2].
Analyzing one of the binary with strace show that the problem occur
very early when starting the new process:
# strace ./busybox
execve("./busybox", ["./busybox"], 0x7f91ce90 /* 10 vars */) = -1 ENOMEM
(Cannot allocate memory)
+++ killed by SIGSEGV +++
Several binutils/glibc/gcc version has been tested without any success.
The issue has been reported to the glibc mailing list but it can be a linker
or kernel bug [3].
For the Buildroot 2021.05 release, disable BR2_PIC_PIE until the problem is
found and fixed.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1285145889
[1] https://git.buildroot.net/buildroot/commit/?id=810ba387bec3c5b6904e8893fb4cb6f9d3717466
[2] https://gitlab.com/buildroot.org/buildroot/-/jobs/1285145889
[3] https://sourceware.org/pipermail/libc-alpha/2021-May/126912.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following:
- CVE-2021-27803: A vulnerability was discovered in how p2p/p2p_pd.c in
wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision
discovery requests. It could result in denial of service or other impact
(potentially execution of arbitrary code), for an attacker within radio
range.
Signed-off-by: Sam Voss <sam.voss@collins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issue:
- CVE-2021-25217: A buffer overrun in lease file parsing code can be used to
exploit a common vulnerability shared by dhcpd and dhclient
For details, see the advisory:
https://kb.isc.org/docs/cve-2021-25217
Update the LICENSE hash for a change of copyright years.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Due to the recent events at Frenode [0], the channel has become a bit
unreliable (much spammed), and users have started to move away already,
as quite a few other projects have moved their IRC presence away from
Freenode.
There are a few alternatives. The first to spring to mind, is the new
Libera.Chat network [1], managed by the previous Freenode staff, so we
could expect quite a good experience there. However, it is a very young
network. The second well known alternative is the long-established OFTC,
which has been very reliable in its 20 years of existence.
So, let's move to OFTC, just because it has a track-record of robustness
(which Libera.Chat still has to build, for being young).
Note: there are a lot of other IRC networks, some very good too, but we
probably would be much off-topic on most of them.
[0] https://lwn.net/Articles/856543/
[1] https://libera.chat/
[2] https://www.oftc.net/
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Acked-by: Matthew Weber <matthew.weber@collins.com>
Acked-by: Heiko Thiery <heiko.thiery@gmail.com>
Acked-By: Vincent Fazio <vfazio@xes-inc.com>
Acked-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
pipewire unconditionally enables b_pie since version 0.3.20 and
abe73c9146
which will raise the following build failure on m68k since commit
a6d88d3ba5:
/srv/storage/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/9.3.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: /srv/storage/autobuild/run/instance-1/output-1/host/m68k-buildroot-linux-uclibc/sysroot/usr/lib/Scrt1.o: in function `lib_main':
(.text+0x4): undefined reference to `__shared_flat_add_library'
To fix this build failure, always set b_pie to false as PIE will be
enabled by toolchain/toolchain-wrapper.mk if needed
Fixes:
- http://autobuild.buildroot.org/results/c258a2736661af8ea73abeda2503d8682e65f1e2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This reverts commit a8a147f604.
That commit incorrectly made use of BR2_TOOLCHAIN_SUPPORTS_PIE, when it
should have been using BR2_PIC_PIE.
Besides, another attempt is pending, that unconditionally disables it as
it will be set by the toolchain wrapper already.
For both reasons, revert rather than switch over to BR2_PIC_PIE.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
pipewire unconditionally enables b_pie since version 0.3.20 and
abe73c9146
which will raise the following build failure on m68k since commit
a6d88d3ba5:
/srv/storage/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/9.3.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: /srv/storage/autobuild/run/instance-1/output-1/host/m68k-buildroot-linux-uclibc/sysroot/usr/lib/Scrt1.o: in function `lib_main':
(.text+0x4): undefined reference to `__shared_flat_add_library'
Fixes:
- http://autobuild.buildroot.org/results/c258a2736661af8ea73abeda2503d8682e65f1e2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
alsa unconditionally uses ucm since version 0.3.7 and
1612f5e4d2
which will result in the following build failure since commit
a6d88d3ba5:
../spa/plugins/alsa/acp/alsa-ucm.h:26:10: fatal error: alsa/use-case.h: No such file or directory
26 | #include <alsa/use-case.h>
| ^~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/ef53534daf84397b4e22392f2a6be2c335819ab5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- CVE-2021-22897: schannel cipher selection surprise
https://curl.se/docs/CVE-2021-22897.html
- CVE-2021-22898: TELNET stack contents disclosure
https://curl.se/docs/CVE-2021-22898.html
- CVE-2021-22901: TLS session caching disaster
https://curl.se/docs/CVE-2021-22901.html
Unconditionally disable the ldap(s) options. These require external
libraries, but the options were ignored if the needed libraries weren't
available. This is now changed to be a fatal error since
dae382a1a1
Additionally, add a post-7.77.0 upstream patch to fix compilation with
bearssl.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: annotate the patch, that it is a backport]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the wlroots packaging by checking for the correct variable to
determine whether seatd is being built.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2021-30145: A format string vulnerability in mpv through 0.33.0
allows user-assisted remote attackers to achieve code execution via a
crafted m3u playlist file.
https://github.com/mpv-player/mpv/releases/tag/v0.33.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
boost logs can't be built with riscv32 because it unconditionally uses
__NR_futex:
libs/log/src/event.cpp: In member function 'void boost::log::v2_mt_posix::aux::futex_based_event::wait()':
libs/log/src/event.cpp:38:29: error: '__NR_futex' was not declared in this scope
38 | #define BOOST_LOG_SYS_FUTEX __NR_futex
| ^~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/8c8135fd7c0517c66c9b3975c494da6d7934cc1b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Hostapd/wpa_supplicant crypto backend assumes that openssl always
provides DES support. However DES support in openssl has become
optional since commit a83d41867c ("package/libopenssl: add
option to enable some features").
Select openssl DES support in hostapd Kconfig to avoid
build failures.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Hostapd/wpa_supplicant crypto backend assumes that openssl always
provides DES support. However DES support in openssl has become
optional since commit a83d41867c ("package/libopenssl: add
option to enable some features").
Select openssl DES support in wpa_supplicant Kconfig to avoid
build failures.
Fixes:
http://autobuild.buildroot.net/results/00d46eb765f23a1f6e168338f2cc863ae348045d/
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
MuPDF is a lightweight PDF, XPS, and E-book viewer.
Note: some packages, like PyMuPDF, depend on mupdf's libraries, hence
the patch.
Signed-off-by: Raphaël Mélotte <raphael.melotte@essensium.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout:
- propagate harfbuzz dependencies;
- correct version number in hash file;
- patch on post-patch hook instead of post-extract;
- nicer line splitting]
If BR2_ENABLE_DEBUG is not set, Buildroot did not pass any flag
to control debug level. This means that the build system of the package
itself would control it.
Instead, provide an explicit '-g0' (no debugging symbols) to get consistent
behavior across packages.
Suggested-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Pass -DENABLE_GAMEPAD=OFF to CMake in order to disable support for the
gamepad API, which requires libmanette, a library that is not yet
available in Buildroot.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
NTLM is an old authentication protocol depending on DES and MD4 and
its creator, Microsoft, discourage its use since 2010, because it is
weak and vulnerable to many attacks.
libgit2 has support for NTLM and it is enabled by default if openssl
is used, however, since commit a83d41867c ("package/libopenssl: add
option to enable some features"), support for DES and MD4 can be
disabled in openssl.
Since openssl is an optional dependency to libgit2 and getting rid of
NTLM is a goal in itself for many windows administrators, disable NTLM
by default.
Fixes: http://autobuild.buildroot.net/results/efb4ce2174cb6944558e895ce852182ba2738a70
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This update includes a build fix for the RaspberryPi 4 (from 1.5.7)
and a fix for the GL library loader when GLX is involved (from 1.5.6)
Release notes:
https://github.com/anholt/libepoxy/releases/tag/1.5.6https://github.com/anholt/libepoxy/releases/tag/1.5.7
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[francois.perrad@gadz.org: fix indent in hash file]
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[yann.morin.1998@free.fr: meld Adrian and François' patches together]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Among other fixes, switching to the current stable version plugs a few
memory leaks; solves many WebSocket bugs; makes NTLM authentication work;
allows building gobject-introspection data when cross-building (to be
enabled in a separate patch); fixes message cancellation; adds support
for HTTP 308 permanent redirects, same-site cookies, secure cookies,
HSTS, and Brotli compression.
This also removes the unneeded LIBSOUP_CONF_ENV which defined an
autoconf variable, and updates the Meson build configuration options
to follow the changes done by upstream.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[yann.morin.1998@free.fr:
- reorder options and move them one per line
- while at it, do the same for dependencies
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>