In commit ee93213d18 (package/check: fix compile issue due to missing
source file), we switched from using the released tarball, to using the
autogenerated tarball from github.
However, that means that the filename of the archive did not change,
while its content did change. The hash was promptly updated, but that
means that the archive we cache on s.b.o (and possibly the one users
may also already have locally) will not match the new hash (and
conversely).
So we switch to using the sha1-hash of the commit corresponding to the
tag.
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Waldemar Brodkorb <wbx@openadk.org>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add local patch to allow to override CFLAGS and undefine
CONFIG_LITTLE_ENDIAN by default and use the correct endianness according
to target architecture.
Fixes:
http://autobuild.buildroot.net/results/fe67db3884573ef750eda9d0dccd5f97b3ae698e
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
See release announce:
https://lists.gnu.org/archive/html/screen-users/2023-08/msg00000.html
Fixes:
CVE-2023-24626: https://www.cve.org/CVERecord?id=CVE-2023-24626
Note: Buildroot installs screen as setuid, so the described scenario
in CVE applies.
This commit also rebases all patches on this release. Patch were
regenerated with 'git format-patch -N', so patch file name changed in
this process. The file .checkpackageignore is also updated accordingly.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 0a8ef2f3f7 bumped the headers
version requirements, but did not update the associated comment.
Remove the comment entirely, as it does not apply anymore.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In commit 30997eaa65438a2ce726ad8a204ac5a36363f5c8 a mistake
was made. Guard the definition correctly.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Depending on the interface chosen we need to enable Linux CONFIG_SPI or
CONFIG_MMC, so let's do that according to BR2_PACKAGE_ESP_HOSTED_SPI.
Fixes:
http://autobuild.buildroot.net/results/cdf65ad07aba1d86f195576a2317c83aeb3dfce2
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package is affected by gcc bug 43744 and I have not found a work
around for it(i.e. the common -O0 we use or other), so let's disable it if
gcc has such bug.
Fixes:
http://autobuild.buildroot.net/results/ab289769c5fea435934ed260d38e0a4fdd2ba72d
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Zlib-ng misdetects the powerpc cpu and the package fails to compile
for non-power9 cpu's.
Power9 support was added Upstream in commit:
02d10b252cc54159f7c33823048daec4b023fb22
So it was introduced in zlib-ng 2.1.3 and this was added to Buildroot
in commit 0df456ea6e.
So there is no need to backport it to older Buildroot releases.
Fixes:
- http://autobuild.buildroot.net/results/a9f/a9f45486664b2d5b23a2f330a63955a06ae8189d
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes: https://www.samba.org/samba/history/samba-4.18.6.html
Includes a mitigation for CVE-2007-4559.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes CVE-2023-34241 (see [0] for details)
[0] https://github.com/OpenPrinting/cups/releases/tag/v2.4.6
The number of changes between 2.4.4 and 2.4.6 is really small, and
limited to bug fixes:
9d614a4b3184205294c55355a1d2eb54d4532ccd (tag: v2.4.6) Update CHANGES.md
6f6da74ec284e28c156f0b9f62f3bd610e61aa78 Fix use-after-free in cupsdAcceptClient() (fixes CVE-2023-34241)
3f12185ca9cbb5350a6370d6046066907b8abc12 Merge pull request #735 from AtariDreams/Fixer
f5281777c80cdf820a2a71c9e7f08b91f0e11160 Fix compilation on older macOS versions
ee82c5b18409def3ec1424ce2eb343aabb0ff0d1 Merge pull request #730 from zdohnal/cupssinglefile_24x
1504527b2415a4b67b0e3e17593b053f3628746f cups/ppd-cache.c: Put cupsSingleFile into generated PPD
3be1d5da8fe9ee13aab5ee6ecc11b2f9387821a6 Prepare files for next release
c1f54ec966ccc5d5564eed95dcb540842af7b5ca (tag: v2.4.5) cups/cups.h: Update for 2.4.5
70dba05b7511a96476ea0ef8fe1d92c6500c6e61 Finish hotfix release 2.4.5
87f5cb7d8f0da8fa2835bb0aa3ca48b5e5a66a3f Merge pull request #727 from AtariDreams/hotfix
61aa0b259183fe59124566f08ecf649bb806cd24 Regression: Certificate data is corrupted during base64 conversion
7362f41c45d834564f876ffac536f59eece843ec Prepare files for next release
Signed-off-by: Clement Ramirez <ramirez.clement3@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Updated license hash due to copyright year bump:
52a3f2a546
Needed for freeswitch bump to 1.10.10:
7c1faeff48
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This new binutils version break the ATF build due to new linker warnings:
ld.bfd: warning: bl2.elf has a LOAD segment with RWX permissions
From [1]
"Users of GNU ld (BPF) from binutils 2.39+ will observe multiple instaces
of a new warning when linking the bl*.elf in the form:
ld.bfd: warning: stm32mp1_helper.o: missing .note.GNU-stack section implies executable stack
ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
ld.bfd: warning: bl2.elf has a LOAD segment with RWX permissions
ld.bfd: warning: bl32.elf has a LOAD segment with RWX permissions
These new warnings are enbaled by default to secure elf binaries:
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=0d38576a34ec64a1b4500c9277a8e9d0f07e6774
"
Bump the ATF custom version to 2.9 for binutils 2.39+ support.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/4889436283
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump the kernel to the latest release of 5.4 kernel series
to fix an issue with gcc 12.
arch/mips/jz4740/setup.c: In function 'plat_mem_setup':
arch/mips/jz4740/setup.c:64:25: error: comparison between two arrays [-Werror=array-compare]
64 | if (__dtb_start != __dtb_end)
| ^~
arch/mips/jz4740/setup.c:64:25: note: use '&__dtb_start[0] != &__dtb_end[0]' to compare the addresses
CC fs/debugfs/file.o
cc1: all warnings being treated as errors
Fixed in v5.4.195:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a60def7568216684f62b117c199429c4a9a89570
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/4889436573
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
objtool built by the kernel requires libelf
ldd output/build/linux-6.1.24/tools/objtool/objtool
linux-vdso.so.1
libelf.so.1 => output/host/lib/libelf.so.1
While updating the kernel [1] we forgot to select
BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF to provide Buildroot's host-libelf.
Using host-libelf avoid linking with libelf installed on the host or
failing to build objtool if libelf is not installed.
[1] d45538f2e7
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/4889436869https://gitlab.com/buildroot.org/buildroot/-/jobs/4889436872
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 2a5d90a595 (configs/rock5b: Add patches to fix gcc12 warnings)
introduced the kernel patches in an incorrect directory.
Fix that by moving them in the proper location.
Reported-by: Kilian Zinnecker <kilian.zinnecker@mail.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch introduces patches for the custom kernel, as it is
currently used for the Radxa Rock 5B. The patches fix two gcc
compiler warnings, which result in a build error, if the kernel
is used with gcc version 12.
Since also the code of custom board drivers for WiFi support is
affected, and no fixes are provided by the vendor, the custom WiFi
support is disabled.
Signed-off-by: Kilian Zinnecker <kilian.zinnecker@mail.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This runtime test was suggested in discussion [1]. It should detect
potential runtime failures such as the one fixed in commit eb74998125
"package/nftables: fix the build of the pyhon bindings".
We need a special kernel, because not all nftables-related options are
enabled in the pre-built one.
[1] https://lists.buildroot.org/pipermail/buildroot/2023-August/672864.html
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This is the follow-up commit to the 4de60e4 which disables
sourcehighlight dependency for the target GDB package.
Do the same for the host variant to be sure that this
won't be picked up from the host system.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
nftables provides python bindings; it uses setuptools to install them.
We currently install those bindings by telling the nftables buildsystem,
autotools, to install the python bindings.
However, we do not pass any of the environment variables that are needed
for setuptools packages. When host-python-setuptools is installed before
nftables is built [0], this breaks the system at runtime, as the
bindings are not installed; only the egg is, resulting in runtime errors
like:
# python -c 'import nftables'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'nftables'
Upstream has been doing some changes on their python handling, but it is
not in a released version yet, and we can't backport those changes
either, due to other big changes.
Instead, we split the pyhon bindings to their own package.
For legacy handling, we make that new package default to y, so that
existing (def)config still work. The only novelty is that it can be
disabled now.
Many thanks to Julien for testing and finding the offending dependency,
to James for suggesting the package split, and to Adam for, well,
trigerring the issue in the first place! ;-p
Note: a git bisect of the issue turns up 72 candidates for the breakage,
all around the time we dropped python2 support in early 2022; the last
known-good commit is 55df30f8b1 (package/zfs: drop python2 support)
and the first known-bad commit is 697acda00d (package/pkg-python: drop
python2 host/setuptools support); everything in-between does not
configure (package/python/Config.in.host still sourced but already
removed), or does not build (host-python still in the dependency chain
but already removed), so had to be skipped during the bisect.
[0] This can happen when another python package using setuptools is
built before nftables. However, with PPD, this never happens because
host-python-setuptools is never in the dependency chain of nftables.
Reported-by: Julien Olivain <ju.o@free.fr>
Tested-by: Julien Olivain <ju.o@free.fr>
Suggested-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- CVE-2023-28366: Fix memory leak in broker when clients send multiple QoS 2
messages with the same message ID, but then never respond to the PUBREC
commands.
- CVE-2023-0809: Fix excessive memory being allocated based on malicious
initial packets that are not CONNECT packets.
- CVE-2023-3592: Fix memory leak when clients send v5 CONNECT packets with a
will message that contains invalid property types.
- Broker will now reject Will messages that attempt to publish to $CONTROL/.
- Broker now validates usernames provided in a TLS certificate or TLS-PSK
identity are valid UTF-8.
- Fix potential crash when loading invalid persistence file.
- Library will no longer allow single level wildcard certificates, e.g. *.com
For more details, see the changelog:
https://mosquitto.org/ChangeLog.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The bump to meson 1.2.0 triggers unexpected build failure of the host
packages, because meson changed the way it passes library search paths
when building natively:
59cfbf68e0http://lists.busybox.net/pipermail/buildroot/2023-August/672649.html
As a consequence, the libraries are searched for in the system paths
before being searched in our host-dir, leading to failures when
incompatible libraries are installed in both locations. For example, if
the system has an older version of libglib2 installed, this causes link
failures when one of the glib2 library (e.g. libgio) is linked by path,
but a dependent library (e.g. libgmodule) is linked by name:
/path/to/host/lib/libgio-2.0.so -L /path/to/host/lib/ -lgmodule-2.0
The first is indeed the one we built and installed in host-dir, but the
second is found in the system path; when it is an older (or more
recent?) version than the one we use, the link fails;
/path/to/host/lib/libgio-2.0.so: undefined reference to `g_module_open_full'
Since fixing the issue is not trivial, revert to the previous meson
version that did not exhibit the issue.
This reverts commit d06e610d58.
Reported-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit e3322e2c7 "lsof: add license info" added the package license
info. At that time, lsof was at version 4.85. The package was not
including a dedicated license file. Instead, the license text was
copied in many files (source files, readmes, ...). It was then decided
to use the small source file "dialects/linux/dproto.h".
Recently, lsof added a COPYING license file. See [1]. This commit was
first included in lsof version 4.97.0. We can now use this file.
The license file hash is updated due to formatting changes. As a side
note, the copyright year in source file was 1997 (see [2]), whereas in
the new license file it is 2002. Source files have different copyright
dates, and can be as old as 1994, for example in [3]. The rest of the
license text remains unchanged.
[1] 62dab61cae
[2] https://github.com/lsof-org/lsof/blob/4.98.0/dialects/linux/dproto.h#L9
[3] https://github.com/lsof-org/lsof/blob/4.98.0/arg.c#L7
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Backport an upstream:
"Add -DOPENSSL_API_COMPAT=10100 to the build flags to avoid this and be
flexible with regards to which version of OpenSSL build environment has
to provide"
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/4839060472
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Don't specify the ARCH_FLAGS of U-Boot, so both extensions can be
appended to -march when building w/ gcc-12.
Fixes:
- https://gitlab.com/buildroot.org/buildroot/-/jobs/4839059655
Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The compiler-rt project intructs to build out of tree:
https://compiler-rt.llvm.org/
Otherwise, the dependency chain declared in the include/CMakelLists.txt
causes a circular dependency of source files upon themselves:
make[4]: Circular include/sanitizer/allocator_interface.h <- include/sanitizer/allocator_interface.h dependency dropped.
make[4]: Circular include/sanitizer/asan_interface.h <- include/sanitizer/asan_interface.h dependency dropped.
make[4]: Circular include/sanitizer/common_interface_defs.h <- include/sanitizer/common_interface_defs.h dependency dropped.
[--snip 19 other files--]
This is because include/CMakeLists.txt unconctional declares
dependencies in this manner:
set(SANITIZER_HEADERS
sanitizer/allocator_interface.h
sanitizer/asan_interface.h
sanitizer/common_interface_defs.h
[...]
)
set(COMPILER_RT_HEADERS
${SANITIZER_HEADERS}
[...])
set(output_dir ${COMPILER_RT_OUTPUT_DIR}/include)
foreach( f ${COMPILER_RT_HEADERS} )
set( src ${CMAKE_CURRENT_SOURCE_DIR}/${f} )
set( dst ${output_dir}/${f} )
add_custom_command(OUTPUT ${dst}
[...]
)
[...]
endforeach( f )
The froeach() loop creates dependency rules between the files in
output_dir and CMAKE_CURRENT_SOURCE_DIR, without provision for the
case they are both the same directories, thus in-source builds are
not supported.
With the Makefiles backend, this only triggers the above warning
from make, because make arbitrarily breaks circluar dependencies, and
in this case it makes it work. But when we switch to the ninja backend,
this is going to be a hard error.
Anyway, ninja or make, compiler-rt does not support in-source builds.
Signed-off-by: Thomas Devoogdt <thomas@devoogdt.com>
[yann.morin.1998@free.fr: drastically expand commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since it was iontroduced in commit d4ecefa3cc (package/perftest: new
package), perftest was missing the reverse dependency on the kernel
headers version inherited from rdma-core.
In commit 3279d8b9c4 (package/rdma-core: needs NPTL), the dependency
of rdma-core on NTPL was not propagated to its reverse dependencies,
notably perftests.
Fixes:
- http://autobuild.buildroot.net/results/00c/00ce19a1589c6028ee77c333ed9107e2c8c8d6de
- d4ecefa3cc
- 3279d8b9c4
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
[yann.morin.1998@free.fr:
- also add misisng headers dependency
- expand commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Previously, gen-bootlin-toolchains did not add a `depends` guard to
limit the available toolchains based on the minimum required GCC version
for the user selected CPU tuning.
Now, the proper BR2_ARCH_NEEDS_GCC_AT_LEAST_X guard will be added based
on the version of GCC provided by the toolchain.
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
[yann.morin.1998@free.fr: regenerate the toolchain list]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Previously, it was possible to select an external toolchain that did not
support the GCC arch tuning the user had selected. This is problematic
because it can lead to confusing error messages during builds [0].
Now, external toolchain selections will be filtered to only those that
support the required GCC version specified by the target arch tuning.
Note: this patch does not touch the Bootlin toolchain config file as it
is generated by a script.
Additional note: there is "soft" support for toolchains prior to GCC 4.8
but there are no accompanying BR2_ARCH_NEEDS_GCC_AT_LEAST_X symbols.
Instead of adding those, just use BR2_ARCH_NEEDS_GCC_AT_LEAST_4_8 which
is the minimum GCC version with claimed support [1].
[0]: https://lists.buildroot.org/pipermail/buildroot/2023-August/671877.html
[1]: https://buildroot.org/downloads/manual/manual.html#requirement-mandatory
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure:
>>> toolchain-external-codescape-img-mips 2018.09-02 Copying gdbserver
Could not find gdbserver in external toolchain
Fixes:
- http://autobuild.buildroot.org/results/b0786965e0b249c8168df855682e54cfe95fa0cc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure:
>>> toolchain-external-codescape-mti-mips 2018.09-02 Copying gdbserver
Could not find gdbserver in external toolchain
Fixes:
- http://autobuild.buildroot.org/results/ead304285a9cf32bf6b9dcc7fc30acece25ec680
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a custom case to make sure that a random configuration with an empty
configuration file for ubi doesn't fail.
ubinize: error!: no sections found the ini-file "/home/buildroot/autobuild/instance-2/output-1/build/ubinize.cfg"
Fixes:
- http://autobuild.buildroot.org/results/f678c17cc4df06fb2737467e769cd8f72a3ea420
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use full relative pathes for rootfs and kernel, like in other
readme's.
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Urcu does not like -O0 it needs gcc optimizations.
Force -O1 in this case. Inspired by package fwts.
The issue got introduced in commit 2f8f69012e:
before this commit, xfsprogs builds fine at -O0, after this commit, it fails
to build at -O0. As this commit went into 2022.02, the fix needs to be
backported to stable branches.
Fixes:
- http://autobuild.buildroot.net/results/3bd/3bd7de784953ab1fa70bf5572eccd7b10e4a0e17
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
gcc 12 added a warning that triggers on access to low addresses. Add a
patch to allow access since this is normal for low level code.
Rebase our existing patch on top. While at it, add also a proper
Upstream tag.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/4795673785
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Linux added mnt_id member to struct statx in commit:
fa2fcf4f1df1559a0a4ee0f46915b496cc2ebf60
Linux 5.4.0 was released on 24. November 2019, but it seems this change
never got backported to 5.4.252.
Upstream added a patch to guard the use of the member in commit:
c0136ac0c9
Add the patch to fix an autobuild failure.
Fixes:
- http://autobuild.buildroot.net/results/d50/d502bc9236b577e2470a30ffc39c21579b038a1c
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
