As reported by Toolchain-builder project [1], the microblaze glibc
toolchain creates a system that doesn't boot when FORTIFY_SOURCE is
enabled: the init process hangs.
Also, hardening features may not be wanted or possible for such
slow soft-core cpus [2].
Note: for completeness, BR2_RELRO_PARTIAL was manually tested and it
does boot.
[1] https://gitlab.com/bootlin/toolchains-builder/-/jobs/1467624500
[2] http://lists.busybox.net/pipermail/buildroot/2021-June/312416.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
We generally prefer using make loops instead of shell loops. They
bring automatic error handling, as they abort the loop when there is
an error, without the need for "|| exit 1".
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The IMX_GPU_VIV_FIXUP_PKGCONFIG fixup is defined conditionally
depending on the value of IMX_GPU_VIV_LIB_TARGET, which means that
obviously only one of the definitions is possible. Make this clear by
using a ifeq ... else ifeq ... else ifeq ... endif logic.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We manually install pkg-config files from
$(@D)/gpu-core/usr/lib/pkgconfig to the STAGING_DIR right after
copying the entire $(@D)/gpu-core/usr/* files to STAGING_DIR. This
makes the manual copying of pkg-config files pretty useless.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The fixup of the pkg-config files modifies files in the build
directory (@D) but is done in the staging installation step, which
doesn't make much sense, especially since the build step already has
some fixup logic. So we move the fixup logic of the pkg-config files
into the build step.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The current restorecond upstream init script is no good fit for the
user space generated by buildroot, so we provide our own one.
Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the build of vsftpd 3.0.4
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix added by commit c20d31baf4 is
incomplete as polkit.loc must also be added to
$(HOST_DIR)/share/gettext/its
Additionally, the destination path for "$(INSTALL) -D" must be a
fully-qualified filename, not just the destination directory.
Fixes:
- http://autobuild.buildroot.org/results/170e4802b7b4e8e7dafa95ade549e8fd05e43bfd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: dest must be a filename, not a directory]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The typo was introduced in 6aa318d91e
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
GNU cpio through 2.13 allows attackers to execute arbitrary code via a
crafted pattern file, because of a dstring.c ds_fgetstr integer overflow
that triggers an out-of-bounds heap write. NOTE: it is unclear whether
there are common cases where the pattern file, associated with the -E
option, is untrusted data.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Build of vaapi with egl-drm is broken since commit
6ec47c4e59 because egl-drm is a part of gl
group which is only enabled if BR2_PACKAGE_HAS_LIBGL or
BR2_PACKAGE_HAS_LIBGLES are set:
ec0006bfa1/wscript (L572)
As a result, despite what is being displayed in the autobuilder log
message, the build failure is not related to X11 but to the fact that
we try to enable vaapi through egl-drm but at the same time, we disable
gl.
To fix it, enable gl if libegl is available as gl can be enabled for
example through wayland and egl (gl-wayland):
'deps': 'gl-cocoa || gl-x11 || egl-x11 || egl-drm || '
+ 'gl-win32 || gl-wayland || rpi || '
+ 'plain-gl',
Fixes:
- http://autobuild.buildroot.org/results/e5c15228f42a73f8c34b26630b2074c30e5f5966
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop libmcrypt which is a cryptographic package that is not maintained
anymore. Here is an extract of https://en.wikipedia.org/wiki/Mcrypt:
"The last update to libmcrypt was in 2007, despite years of unmerged
patches. These facts have led security experts to declare mcrypt
abandonware and discourage its use in new development.".
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop mcrypt which is a cryptographic package that is not maintained
anymore. Here is an extract of https://en.wikipedia.org/wiki/Mcrypt:
"The last update to libmcrypt was in 2007, despite years of unmerged
patches. These facts have led security experts to declare mcrypt
abandonware and discourage its use in new development."
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
d1fc0690ad (package/libvirt: fix dependencies on kernel headers)
forgot to update the conditions for the comment after the last-minute
changes by Yann.
Fix that.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In ccfc90e101 (package/libvirt: new package), last-minute changes
missed the depenecny on kernel headers; headers >= 3.12 are required for
all architectures, but AArch64, which requires 4.11 for HWCAP_CPUID:
../src/cpu/cpu_arm.c: In function 'virCPUarmCpuDataFromRegs':
../src/cpu/cpu_arm.c:562:20: error: 'HWCAP_CPUID' undeclared (first use in this function); did you mean 'HWCAP_PMULL'?
if (!(hwcaps & HWCAP_CPUID)) {
^~~~~~~~~~~
HWCAP_PMULL
Fixes:
- http://autobuild.buildroot.org/results/85bf7b4dad73a748bf439e63874eb64d9a53088f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- move AArch64 4.11 req. from _ARCH_SUPPORTS to BR2_PACKAGE_LIBVIRT
- add missing dependency on headers 3.12 for the rest
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Similarly to Uboot, this patch adds the ability to copy in and build
out-of-source device tree sources during an ATF build.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Strip xbr contracts which are used only for the xbr feature which is
entirely unsupported by buildroot.
Add patch to fix some xbr assets getting accidentially included.
Enable the optimized nvx cffi extension module when available.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump U-Boot to version 2021.07 and kernel to 5.10.55.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use an indentation of two spaces everywhere
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
MPV is not only an application, but also a library, which should be avaliable in staging.
Signed-off-by: Zeno Endemann <zeno.endemann@mailbox.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This folder includes the fixfiles script that is used
by selinux autorelabel feature. Currently it installs
it under /usr/sbin.
Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The heirloom-mailx package exhibits gcc bug 101916 when built for the
SH4 architecture with optimization enabled, which causes a build failure.
As done for other packages in Buildroot work around this gcc bug by
setting optimization to -O0 if BR2_TOOLCHAIN_HAS_GCC_BUG_101916=y.
Also introduce HEIRLOOM_MAILX_CFLAGS as done for other packages and move
the already present -fPIC CFLAG to it.
Fixes:
http://autobuild.buildroot.net/results/911/911f5c024834741754102ff1bbb05c4a64c54a0b/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The lmbench package exhibits gcc bug 101915 when built for the
Microblaze architecture with optimization enabled, which causes a build
failure.
As done for other packages in Buildroot work around this gcc bug by
setting optimization to -O0 if BR2_TOOLCHAIN_HAS_GCC_BUG_101915=y.
Fixes:
http://autobuild.buildroot.net/results/ae1/ae1e4d61ed367c6cb64442c60d98882cc7985346/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch bumps Linux CIP RT to version 4.19.198-cip54-rt21
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch bumps Linux CIP to version 4.19.198-cip54.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Build of gdb on riscv without host-gdb is broken since commit
4ecd247ead because BR2_GDB_VERSION_10 is
never defined if BR2_PACKAGE_HOST_GDB is not selected resulting in the
following build failure:
/bin/bash: line 0: cd: /tmp/instance-0/output-1/build/gdb-10.1/gdb/gdbserver: No such file or directory
So add a BR2_PACKAGE_GDB_TOPLEVEL hidden option as suggested by Thomas
Petazzoni.
Fixes:
- http://autobuild.buildroot.org/results/ce47d616ee79d5f735779570ebc3b4a9c0f64c6a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This reverts commit 46b8fb7500 indeed if
libressl is selected as the openssl provider, the BR2_PACKAGE_OPENSSL
conditition will always be used and the BR2_PACKAGE_LIBRESSL condition
will never be triggered. Moreover, libressl provides a pkg-config file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- CVE-2021-39240: An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3
before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme
and path portions of a URI have the expected characters. For example, the
authority field (as observed on a target HTTP/2 server) might differ from
what the routing rules were intended to achieve.
- CVE-2021-39241: An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2
before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method
name may contain a space followed by the name of a protected resource. It
is possible that a server would interpret this as a request for that
protected resource, such as in the "GET /admin? HTTP/1.1 /static/images
HTTP/1.1" example.
- CVE-2021-39242: An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3
before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an
attacker-controlled HTTP Host header, because a mismatch between Host and
authority is mishandled.
For more details, see the advisory:
https://www.mail-archive.com/haproxy@formilux.org/msg41041.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package has had build failures for a very long time, and these
issues have not been fixed, and it is now the number 1 build failure
reason in our autobuilders. It is time to acknowledge that the package
needs to be removed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure raised since the addition of the package
in commit ccfc90e101:
/tmp/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/i686-buildroot-linux-uclibc/9.3.0/../../../../i686-buildroot-linux-uclibc/bin/ld: src/util/libvirt_util.a(viralloc.c.o): in function `virInsertElementsN':
viralloc.c:(.text+0x167): undefined reference to `libintl_dgettext'
Fixes:
- http://autobuild.buildroot.net/results/2349c55a4a42f08ca52700c60cda3065b0c4bd88
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update to AT91Bootstrap 4.0.0 version.
This package is now released under MIT license, and a license file was
added.
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The bullet package exhibits gcc bug 101952 when built for the SH4
architecture with optimization enabled, which causes a build failure.
As done for other packages in Buildroot work around this gcc bug by
setting optimization to -O0 if BR2_TOOLCHAIN_HAS_GCC_BUG_101952=y like we
already do for BR2_TOOLCHAIN_HAS_GCC_BUG_85180=y.
Fixes:
http://autobuild.buildroot.net/results/32b/32bfaf0aae57ed18c18e82a72a958af9b3e1b241/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since I've dealt and deal with toolchain bugs and their work-around
very often add myself to toolchain topic(toolchain/) as well as
package/binutils and package/gcc.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The language detection is falling back to the host system
Fortran compiler. An example of this is in RHEL7.9
(gcc4.8.5 20150623 (Red Hat 4.8.5-44)).
This patch bypasses detection and points to the location
where the compiler would be installed (if present). In the
cases where it doesn't exist, the detection falls through
and leaves Fortran disabled.
Fixes:
http://autobuild.buildroot.net/results/8354da225d1e5e337aa7ea62a7e6524fb5f1135f/
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Also adds patch to make the jemalloc feature optional on musl, due to
toolchains not being supported by upstream project.
Signed-off-by: Sam Voss <sam.voss@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This includes the following changes:
7.15
- Kernel part changes
- netfilter: ipset: Fix maximal range check in hash_ipportnet4_uadt() (Nathan Chancellor)
7.14
- Userspace changes
- Add missing function to libipset.map and bump library version (reported by Jan Engelhardt)
- Kernel part changes
- 64bit division isn't allowed on 32bit, replace it with shift
7.13
- Userspace changes
- When parsing protocols by number, do not check it in /etc/protocols.
- Add missing hunk to patch "Allow specifying protocols by number"
- Kernel part changes
- Limit the maximal range of consecutive elements to add/delete fix
7.12
- Userspace changes
- Allow specifying protocols by number (Haw Loeung)
- Fix example in ipset.8 manpage discovered by Pablo Neira Ayuso.
- tests: add tests ipset to nftables (Pablo Neira Ayuso)
- add ipset to nftables translation infrastructure (Pablo Neira Ayuso)
- lib: Detach restore routine from parser (Pablo Neira Ayuso)
- lib: split parser from command execution (Pablo Neira Ayuso)
- Fix patch "Parse port before trying by service name"
- Kernel part changes
- Limit the maximal range of consecutive elements to add/delete (reported by Brad Spengler)
- Backport "netfilter: use nfnetlink_unicast()"
- Backport "netfilter: nfnetlink: consolidate callback type"
- Backport "netfilter: nfnetlink: add struct nfnl_info and pass it to callbacks"
- Backport "netfilter: add helper function to set up the nfnetlink header and use it"
Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The latest Go release, version 1.17, arrives six months after Go 1.16.
Most of its changes are in the implementation of the toolchain,
runtime, and libraries.
https://golang.org/doc/go1.17
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>