Remove patch from this version.
Remove USE_CRYPTO related config (configuration was removed in this
release).
tftpd is not built by default since this release, thus explicitly enable it.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security vulnerabilities:
CVE-2020-12695: The Open Connectivity Foundation UPnP specification before
2020-04-17 does not forbid the acceptance of a subscription request with a
delivery URL on a different network segment than the fully qualified
event-subscription URL, aka the CallStranger issue.
For details, see the advisory:
https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In commit 26e37cef16, we started using
__WORDSIZE to get the size of longs on the given architecture, in
order to support all CPU architectures.
Unfortunately, __WORDSIZE is not enabled in musl, so in
19bd089004, we switched to using
LONG_BIT instead of __WORDSIZE.
However, LONG_BIT is not readily available on glibc, you need
_XOPEN_SOURCE to be defined, which was done in
a34e7f88f6.
However, in a34e7f88f6, _XOPEN_SOURCE
was just defined, with no specific value. This caused the build to
break again on uClibc-ng and older glibcs, because clock_gettime() and
CLOCK_MONOTONIC were no longer defined. In both uClibc-ng and glibc,
CLOCK_MONOTONIC is only defined if __USE_POSIX199309 is defined. It
turns out that simply defining _XOPEN_SOURCE with no value does not
lead to __USE_POSIX199309 being defined in uClibc-ng and old glibcs,
while it is defined in newer glibcs.
The difference comes from the following snippet of code, which is
present in recent enough glibc's <feature.h> but not uClibc-ng's or
older glibc's <feature.h>:
/* If none of the ANSI/POSIX macros are defined, or if _DEFAULT_SOURCE
is defined, use POSIX.1-2008 (or another version depending on
_XOPEN_SOURCE). */
So the fact that we are defining _DEFAULT_SOURCE makes it assume that
we're using POSIX 2008.09, which obviously includes POSIX 1993.09.
Due to the lack of this code snippet, uClibc-ng <features.h> only
enables:
!defined _POSIX_SOURCE && !defined _POSIX_C_SOURCE)
but not:
So we need an _XOPEN_SOURCE level of at least 500 for POSIX 1993.09
definitions to be available.
This is confirmed by the feature_test_macros man page, which states:
_XOPEN_SOURCE < 500
_POSIX_C_SOURCE is defined with the value 2.
500 <= _XOPEN_SOURCE < 600
_POSIX_C_SOURCE is defined with the value 199506L.
When this is fixed, another issue arises with older glibc toolchains
(such as Sourcery ARM), where fd_set is no longer defined. Inded, with
POSIX-1.2001 being enabled, we need to include <sys/select.h> to
access the fd_set definition and friends (see man fd_set for details).
This commit was tested with two glibc toolchains (recent and old), one
uClibc-ng toolchain and one musl toolchain.
Fixes:
http://autobuild.buildroot.net/results/e20f9474fc0217036faa6561df33fa983466ddfe/
(uClibc-ng)
http://autobuild.buildroot.net/results/b5d944389fc96ef2c5e0608fe4ac34149e5f9739/
(glibc)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: Vincent Fazio <vfazio@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When building on a host that has no name specified for the used group in
/etc/group the script in install step will fail due to missing group name.
CMake Error at CMakeLists.txt:80 (message):
Learning server module group failed: id: cannot find name for group ID 8000
The patch was taken from upstream and modified manually because of merge
conflicts.
Fixes:
http://autobuild.buildroot.net/results/f197ca1def9dc1292e1e784757f2da9d95484431/
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As Thomas said:
> In this sort of situation, we generally don't add any legacy
> handling. Indeed, since the feature is now mandatory... the
> default behavior will always be OK.
> People who could be annoyed are people who had this feature
> disabled... which is now always enabled. But the legacy handling
> will anyway not help those people.
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
ftdipp is not needed since version 0.1 and
3df577b706
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- argp is no more used;
- UDEV dependency is now optional
Fix:
- http://autobuild.buildroot.org/results/f3f3cc216ae42bb8a8925b0df7c1a3cc79b027d7
/home/buildroot/autobuild/instance-1/output-1/build/openfpgaloader-849e5751e06d4d00f323205d5f02ee01f9f59a61/src/spiFlash.cpp:
In member function 'void SPIFlash::jtag_write_read(uint8_t, uint8_t*, uint8_t*, uint16_t)':
/home/buildroot/autobuild/instance-1/output-1/build/openfpgaloader-849e5751e06d4d00f323205d5f02ee01f9f59a61/src/spiFlash.cpp:92:43:
error: variable-sized object 'jtx' may not be initialized
uint8_t jtx[xfer_len] = {reverseByte(cmd)};
^
and
src/gowin.cpp:73:11: error: 'runtime_error' is not a member of 'std'
throw std::runtime_error("both write-flash and write-sram can't be set");
^
src/gowin.cpp:81:10: error: 'runtime_error' is not a member of 'std'
throw std::runtime_error("incompatible file format");
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
[yann.morin.1998@free.fr:
- don't add a sub-option for udev; directly rely on udev being avail
- fix conflict after 1ca0077d91
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
There is no debug profile on cargo. The available profiles are: dev
(enabled by default), release, test and bench.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issue:
CVE-2020-15564: Missing alignment check in VCPUOP_register_vcpu_info
For further details, see the advisory:
https://xenbits.xenproject.org/xsa/advisory-327.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Modeled after similar python packages.
However, this one is picky, and throws an exception when it
detects that it is not running on a Raspberry Pi. So we just
catch that exception and check this is what we expect.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Christian Stewart <christian@paral.in>
Cc: Michael Fischer <mf@go-sys.de>
Cc: Asaf Kahlon <asafka7@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Cc: Ian Haylock <haylocki@yahoo.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Although the patch makes the package build OK, it fails at runtime
when the module is imported, because of missing symbols:
ImportError: /usr/lib/python3.8/site-packages/RPi/_GPIO.cpython-38-aarch64-linux-gnu.so: undefined symbol: high
Fix that by making sure the symbols are declared once, but only once.
Fixes: #13166
Reported-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Michael Fischer <mf@go-sys.de>
Cc: Asaf Kahlon <asafka7@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Cc: Ian Haylock <haylocki@yahoo.co.uk>
Tested-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This new version fixes, amongst many other things, CVE-2020-8231
(https://curl.haxx.se/docs/CVE-2020-8231.html). See the full changelog
on https://curl.haxx.se/changes.html#7_72_0 .
Also drop the 4 patches, that have all been released upstream.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
openfpgaloader is written in C++, so the dependency on C++ is not
inherited from libftdipp1.
Drop the confusing comment.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
hash extension can't be disabled since version 7.4.0 and
bf34442581
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
--with-libxml-dir has been dropped since version 7.4.0 and
29d1b7fd52
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
FFI support in php has been added with commit
e16f05c0f0, it depends on dynamic library
otherwise the build will fail on:
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/5.5.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: ext/ffi/ffi.o: in function `zim_FFI_cdef':
ffi.c:(.text+0xe78): undefined reference to `DL_LOAD'
Fixes:
- http://autobuild.buildroot.org/results/3380b7b6777d1c5fcb53c855b003466fa3bf2079
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
CVE-2020-14367: Insecure writing of pidfile
-------------------------------------------
When chronyd is configured to save the pidfile in a directory where the
chrony user has write permissions (e.g. /var/run/chrony - the default
since chrony-3.4), an attacker that compromised the chrony user account
could create a symbolic link at the location of the pidfile to make
chronyd starting with root privileges follow the symlink and write its
process ID to a file for which the chrony user doesn't have write
permissions, causing a denial of service, or data loss.
This issue was reported by Matthias Gerstner of SUSE.
For further details, see the oss-security posting:
https://www.openwall.com/lists/oss-security/2020/08/21/1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
python-numpy is an optional dependency since
545c1a1d3a
This dependency will raise the following build failure if python-numpy
is found on the host:
aarch64_be-linux-gnu-g++: ERROR: unsafe header/library path used in cross-compilation: '-I/usr/lib/python3/dist-packages/numpy/core/include'
because mjpg-streamer uses the python executable to retrieve the include
directory:
-- Found PythonLibs: /home/peko/autobuild/instance-0/output-1/host/aarch64_be-buildroot-linux-gnu/sysroot/usr/lib/libpython3.8.so (found version "3.8.5")
-- Found PythonInterp: /usr/bin/python3.5 (found version "3.5.3")
-- Found NUMPY: /usr/lib/python3/dist-packages/numpy/core/include
So disable python filter as well as cpp example while at it
Fixes:
- http://autobuild.buildroot.org/results/e6795fa8ed5d8514b3e10ea1135afb31eab22b7e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
nls is enabled by default in meson_options.txt (which is available since
version 1.22.0). NLS was explicitly disabled for host-efl in commit
6deaa3d50d but nothing was done for the
target resulting in the following build failure:
../src/lib/elementary/elm_priv.h:189:25: warning: implicit declaration of function '_elm_dgettext'; did you mean 'dgettext'? [-Wimplicit-function-declaration]
# define E_(string) _elm_dgettext(string)
^~~~~~~~~~~~~
/nvme/rc-buildroot-test/scripts/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-uclibc/8.3.0/../../../../x86_64-buildroot-linux-uclibc/bin/ld: src/lib/elementary/libelementary.so.1.24.3.p/elc_hoversel.c.o: in function `_access_state_cb':
elc_hoversel.c:(.text+0x1210): undefined reference to `_elm_dgettext'
So enable nls dependening on BR2_SYSTEM_ENABLE_NLS and add
TARGET_NLS_DEPENDENCIES to EFL_DEPENDENCIES
Fixes:
- http://autobuild.buildroot.org/results/5985b39b87c5c392b4f9b65c12008ec7b3a143fe
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Disable introspection as it raises a build failure with autotools.
It could be enabled after bumping to upcoming 1.18.x and switching to
messon. We can't switch now as version 1.16.2 don't allow to disable
examples/tools through meson
Fixes:
- http://autobuild.buildroot.org/results/36eb875fba2847b32df05f31d8f8ca9f0ecde36f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There is no target elixir package, so setting a value to
ELIXIR_DEPENDENCIES has no effect, HOST_ELIXIR_DEPENDENCIES must be
used instead.
Fixes:
http://autobuild.buildroot.net/results/a3a37eb724ca5689f8e83c9b2af04d07afa80315/
Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This new runtime test is based on test_dropbear.py. The only required change
is to use "-oStrictHostKeyChecking=no" instead of "-y" to accept the new key.
Since the base test infra only provide a uClibc-ng toolchain, add a second
test using a glibc based internal toolchain.
For example, this allow to trigger the openssh 8.1p bug with glibc 2.31 [1].
[1] https://bugs.archlinux.org/task/65386
Signed-off-by: Romain Naour <romain.naour@smile.fr>
yann.morin.1998@free.fr:
- deduplicate the whole test
- don't provide any NIC, we only need and use lo
- simplify post-build script (append with cat, don't munge with sed)
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
zziplib is an optional dependency since version 0.15.0 and
e216e01ab3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libmodplug is an optional dependency since version 0.15.0 and
d838a1ad24
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libsidplay2 is an optional dependency since version 0.15.0 and
1136f6fb7a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
