am62x_sk_defconfig should be ti_am62x_sk_defconfig
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 4cbc2af604 moved the nodejs patches
to the nodejs-src directory, but forgot to update .checkpackageignore
accordingly. Fix that, by running `make .checkpackageignore`.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The TestNodeJSModule test triggers the build of host-nodejs to be able
to install third party modules. Now that host-nodejs has two
providers, it makes sense to test both cases, so we duplicate
TestNodeJSModule into TestNodeJsModuleHostBin (which tests the
host-nodejs-bin) and TestNodeJSModuleHostSrc (which tests the
host-nodejs-src).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
This package downloads the pre-built version of nodejs, if the host
platform supports it.
Reuse the variables defined in nodejs.mk.
For the definition of BR2_PACKAGE_PROVIDES_HOST_NODEJS, take care of
defaulting to host-nodejs-bin if host-nodejs is not selected at all.
This makes sure that in the future we will be able to run 'make
foo-source' for a package that uses nodejs vendoring, and it will use
the prebuilt nodejs to perform the vendoring.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Arnout:
- update to 16.20.0 to match nodejs.mk - including hashes;
- add HOST_NODEJS_BIN_ACTUAL_SOURCE_TARBALL + hash;
- move to package/nodejs/nodejs-bin;
- drop DEVELOPERS change, it's already covered by package/nodejs;
- re-order the series;
- immediately add it as a virtual package provider;
- add prompt and helpt text to choice;
- select host-nodejs-bin as provider if host-nodejs is not selected at
all.
]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
host-nodejs is quite long to build (5 minutes on a very fast build
machine), and will become a download dependency when we implement
vendoring for NodeJS-based packages.
In order to mitigate this build time, an idea is to use a pre-compiled
host NodeJS. One option would be to use a pre-installed NodeJS, but
we're concerned by version compatibility issues of the host NodeJS/NPM
does not have the same version as the target NodeJS/NPM. So another
option is to use a pre-compiled NodeJS provided by the NodeJS project
itself.
To achieve this, this commit turns the host-nodejs package into a
virtual package. For the time being, this has just one provider:
host-nodejs-src, which builds host-nodejs from source. This is the
original host-nodejs package, renamed to host-nodejs-src.
The target nodejs package is also renamed to nodejs-src in order to have
a single package nodejs-src that has a host and target version, as
usual. We do keep the nodejs target package itself, but it's an empty
package - not even a virtual package. This means the following.
- Its VERSION, SOURCE and SITE variables are left empty. The existing
variables are renamed to NODEJS_COMMON_VERSION etc. to allow them to
be reused by nodejs-src and the future nodejs-bin.
- It's a generic package with a single dependency, nodejs-src.
- The Config.in remains unchanged, except that it selects
BR2_PACKAGE_NODEJS_SRC.
- BR2_PACKAGE_NODEJS_SRC is a blind option.
Co-authored-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Later we will change host-nodejs into a virtual package with the option
to download the binary, or to build from source. Those two
implementations will share version etc., so we want them in a
subdirectory in order to guarantee order of inclusion.
As a preparatory step, move the existing, single nodejs implementation
down into a subdirectory.
The definitions in nodejs.mk that will later be shared between the
source and binary variants of the package stay in
package/nodejs/nodejs.mk; the rest moves down to
package/nodejs/nodejs/nodejs.mk.
The hash file will be shared between the implementations and therefore
stays in package/nodejs/nodejs.hash. package/nodejs/nodejs/nodejs.hash
is a symlink to it.
The Config.in and Config.in.host don't move. The two implementations
will only have blind options.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Bumb rwmem to the latest version. The main reason to bumb is to get a
fix for a compilation issue present when compiling with gcc-13 (need to
include <cstdint>).
As the project has moved to C++20, we need to adjust the Config.in
accordingly.
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes: 74b50d553e ("package/tbb: bump to version 2021.10.0.")
Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
CVE-2023-4527: If the system is configured in no-aaaa mode via
/etc/resolv.conf, getaddrinfo is called for the AF_UNSPEC address
family, and a DNS response is received over TCP that is larger than
2048 bytes, getaddrinfo may potentially disclose stack contents via
the returned address data, or crash.
CVE-2023-4806: When an NSS plugin only implements the
_gethostbyname2_r and _getcanonname_r callbacks, getaddrinfo could use
memory that was freed during buffer resizing, potentially causing a
crash or read or write to arbitrary memory.
CVE-2023-5156: The fix for CVE-2023-4806 introduced a memory leak when
an application calls getaddrinfo for AF_INET6 with AI_CANONNAME,
AI_ALL and AI_V4MAPPED flags set.
CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the
environment of a setuid program and NAME is valid, it may result in a
buffer overflow, which could be exploited to achieve escalated
privileges. This flaw was introduced in glibc 2.34.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Removed patch which was backported from upstream and is now included
in this release.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[Peter: drop CVE ignore for patch]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The tag we currently use no longer exists in the upstream repository, as
the history has ben "rewritten":
https://github.com/drowe67/codec2/issues/5
Bump to the latest (and only) tag in the new repository.
Release notes: https://github.com/drowe67/codec2/releases/tag/1.2.0
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[yann.morin.1998@free.fr: explain about missing tag]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes:
http://autobuild.buildroot.net/results/5676609b6331b645f2e557aca67afe4c3a087433/
Fix a build failure for --without-gd builds since the bump to 5.4.9 with
commit 6dc3d3c360 (package/gnuplot: bump version to 5.4.9):
In file included from term.h:298,
from term.c:1211:
../term/post.trm:4016:11: error: expected declaration specifiers or '...' before string constant
4016 | fputs("%%%%BeginImage\n", gppsfile);
Add a patch fixing that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2022-44792 handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c
in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can
be used by a remote attacker (who has write access) to cause the
instance to crash via a crafted UDP packet, resulting in Denial of
Service.
CVE-2022-44793 handle_ipv6IpForwarding in
agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a
NULL Pointer Exception bug that can be used by a remote attacker to
cause the instance to crash via a crafted UDP packet, resulting in
Denial of Service.
The pgp key was changed [0] as the old one expired [1].
[0]: 90a6d98aae/
[1]: https://github.com/net-snmp/net-snmp/issues/595
Signed-off-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Due to a change in util-linux (commit
10f5f79485964ab52272ebe79c3b0047b1f84d82, "libbuid: use
_UL_LIBUUID_UUID_H to cover uuid.h"), gptfdisk no longer detects the
availability of libuuid to generate UUIDs, causing the following
message at runtime:
Warning! Unable to generate a proper UUID! Creating an improper one as a last
resort! Windows 7 may crash if you save this partition table!
This issue exists since util-linux was bumped to version 2.38 in
Buildroot
ee978e853a ("package/util-linux: bump
version to 2.38").
This issue has been fixed in upstream gptfdisk, but the fix [0] is not
yet in a new stable release, so we backport it.
Additionally, now that gptfdisk uses libuuid again, the build fails
because passing LDLIBS to make overrides the default value in the
Makefile. To fix this, this patch adds -luuid to GPTFDISK_LDLIBS.
[0] 6a8416cbd1
Signed-off-by: Ben Wolsieffer <ben.wolsieffer@hefring.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 369ff9a88f (package/libmodplug: update to git version)
improperly used a short hash as version, so switch to the full-length
hash.
Github use the full-length hash when it creates the top-level directory
of the generated archive, so the hash of the archive does not in fact
change, only its filename. This is perfectly fine fine our handling of
s.b.o.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
libmodplug calls `cctype` functions, such as `isspace`,
with negative values. This is undefined behaviour.
While glibc allows it, it crashes on uClibc compiled
without `UCLIBC_HAS_CTYPE_SIGNED`.
Adds a patch that resolves the issue.
Also sent upstream. However, the library author has not merged
any pull request for about a year.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[yann.morin.1998@free.fr:
- add Gleb's SoB to the patch
- add upstream URL to the patch
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Y2038 is now almost only 15 years away, and embedded systems built
today are potentially going to still be operational in 15 years, and
even though they are supposed to receive updates by then, we all know
how things go, and potentially some of these embedded systems will not
receive any update.
In 2038, the signed 32-bit representation of time_t used on 32-bit
architectures will overflow, causing all time-related functions to go
back in time in a surprising way.
The Linux kernel has already been modified to support a 64-bit
representation of time_t on 32-bit architectures, but from a C library
perspective, the situation varies:
- glibc uses this 64-bit time_t representation on 32-bit systems
since glibc 2.34, but only if -D_TIME_BITS=64 is
specified. Therefore, this commit adds an option to add this flag
globally to the build, when glibc is the C library and the
architecture is not 64-bit.
- musl uses unconditionally a 64-bit time_t representation on 32-bit
systems since musl 1.2.0. So there is nothing to do here since
Buildroot has been using a musl >= 1.2.0, used since Buildroot
2020.05. No Buildroot option is needed here.
- uClibc-ng does not support a 64-bit time_t representation on 32-bit
systems, so systems using uClibc-ng will not be Y2038 compliant, at
least for now. No Buildroot option is needed here.
It should be noted that being Y2038-compliant will only work if all
application/library code is correct. For example if an
application/library stores a timestamp in an "int" instead of using
the proper time_t type, then the mechanisms described above will not
fix this, and the application/library will continue to be broken in
terms of Y2038 support.
Possible discussions points about this patch:
- Should we have an option at all, or should we unconditionally pass
-D_TIME_BITS=64, like we have been doing for _FILE_OFFSET_BITS=64
for quite some time. The reasoning for having an option is that
the mechanism is itself opt-in in glibc, and generally relatively
new, so it seemed logical for now to make it optional as well in
Buildroot.
- Should we show something (a Config.in comment?) in the musl and
uClibc-ng case to let the user know that the code is Y2038
compliant (musl) or not Y2038 compliant (uClibc-ng). Or should this
discussion be part of the Buildroot documentation?
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a bugfix release which fixes a CVE.
See:
https://www.enlightenment.org/news/2022-09-15-enlightenment-0.25.4
CVE-2022-37706 "enlightenment_sys in Enlightenment before 0.25.4 allows
local users to gain privileges because it is setuid root, and the system
library function mishandles pathnames that begin with a /dev/..
substring."
Hashes were never part of the online news page, therefore mark them as
locally computed.
Signed-off-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Raise the minimal GCC version to 9.3, which is required since wpewebkit-2.40.0 [1].
Similar to commit 09af6d8bfd,
we do check on >= GCC 9, because we can't check on >= GCC 9.3.
[1] f9c142d9b5
Signed-off-by: Thomas Devoogdt <thomas.devoogdt@barco.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We recently discovered that host-spirv-llvm-translator downloads the
SPIR-V headers during its build process, which is bad. Now that we
have a host variant of spirv-headers, we use it to avoid the
"downloading during the build".
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We discovered that the existing host-spirv-llvm-translator package
downloads the spirv-headers during its build process, which of course
is very wrong. In order to fix this, we first introduce a host variant
of the spirv-headers.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package is required by mesa3d for building rusticl:
https://docs.mesa3d.org/rusticl.html
As the version needs to be kept in sync between spirv-headers and
spirv-tools, we add a small comment about this in each package.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Sebastian Weyer <sebastian.weyer@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
These headers are required to build the pacakge spirv-tools which is
requried by mesa3d for building rusticl:
https://docs.mesa3d.org/rusticl.html
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Sebastian Weyer <sebastian.weyer@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
LLVM_ENABLE_DUMP required by mesa3d rusticl:
https://docs.mesa3d.org/rusticl.html
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Acked-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
host-rust-bindgen will be required to build several different rust-based
packages, including a Linux kernel with rust modules and mesa3d's
rusticl which is the rust-based implementation of OpenCL.
The Cargo.toml file at the project root is a "virtual manifest". Since
we only want to install rust-bindgen, we can specify RUST_BINDGEN_SUBDIR
= bindgen-cli to use the Cargo.toml from this directory.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Sebastian Weyer <sebastian.weyer@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Make 4.4 introduces a shuffle mode which randomizes prerequisites
in order to better flush out issues with parallel builds. On the other
hand, we use MAKE1 to build packages that are known to be broken with
parallel build. For these, passing the shuffle option would be
counter-productive and lead to spurious build failures.
The --shuffle=none option exists to turn off shuffling again. We can't
add this option unconditionally, however, because Make < 4.4 doesn't
know it. Therefore, conditionally pass --shuffle=none only if there is a
shuffle option in MAKEFLAGS.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The reinstall, rebuild and reconfigure commands rely on the
left-to-right order of evaluation of the dependencies to make sure that
the stamp files are removed before attempting to rebuild. However, this
order of evaluation is not guaranteed. In particular, if top-level
parallel build is enabled, they are executed in parallel and the stamp
file may not have been removed yet when it is evaluated to decide if
rebuild has to be done.
Since make 4.4, it is possible to reproduce this issue by passing
`--shuffle=reverse` to the make commandline.
To solve this, add a .WAIT directive between the clean and
install/build/configure dependencies. .WAIT was introduced in make 4.4
as well. It makes sure that the dependencies on the left are evaluated
before the dependencies on the right - exactly what we want here.
Earlier versions of make don't know about .WAIT, so we need to add a
.PHONY dependency to effectively ignore it.
Note that this doesn't fix the problem for make versions earlier than
4.4. However, the issue isn't really that important: reinstall, rebuild
and reconfigure are development tools, they're not fully reliable to
begin with, and it's anyway less likely that someone uses `make -j` when
doing a reinstall/rebuild/reconfigure.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Reported-by: James Hilliard <james.hilliard1@gmail.com>
- Fix CVE-2022-48303: GNU Tar through 1.34 has a one-byte out-of-bounds
read that results in use of uninitialized memory for a conditional
jump. Exploitation to change the flow of control has not been
demonstrated. The issue occurs in from_header in list.c via a V7
archive in which mtime has approximately 11 whitespace characters.
- Update hash of COPYING (http replaced by https)
https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fox the following build failure with libressl raised since bump to
version 4.1.1 in commit 683563da80 and
bc05f28a4b:
lib/transport/tls-context.c: In function 'tls_context_setup_cmd_context':
lib/transport/tls-context.c:320:3: error: unknown type name 'SSL_CONF_CTX'; did you mean 'SSL_AEAD_CTX'?
320 | SSL_CONF_CTX *ssl_conf_ctx = SSL_CONF_CTX_new();
| ^~~~~~~~~~~~
| SSL_AEAD_CTX
Fixes:
- http://autobuild.buildroot.org/results/dc4d60d752e579ef054915eee3d7e3e73c25929b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When building for a target architecture that go does not support, the
installation fails with:
$ make host-go
[...]
ln -sf ../lib/go/bin/go /home/nyma7486/dev/work/5GCroCo/O/pouet/per-package/host-go/host/bin/
ln: failed to create symbolic link '/home/nyma7486/dev/work/5GCroCo/O/pouet/per-package/host-go/host/bin/': No such file or directory
Indeed, the HOST_DIR/bin is not guaranteed to exist when we install a
host package, so it needs to be explicitly created before we can create
entries in there.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Christian Stewart <christian@aperture.us>
Cc: Anisse Astier <anisse@astier.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Without this patch, a make <pkg>_rebuild detects overwrites. Indeed, in
target_finalize steps some modifications are done on installed files (ie
strip or TARGET_FINALIZE_HOOKS for instance).
In order to avoid these modifications seen from per-package {TARGET,HOST}_DIR
and so been analyzed as some overwrites, global {TARGET,HOST}_DIR is built
using a full copy of the involved per-package files instead of hardlinks.
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Raise the minimal GCC version to 9.3, which is required since webkitgtk-2.40.0 [1].
Similar to commit ec1ff802df,
we do check on >= GCC 9, because we can't check on >= GCC 9.3.
[1] f9c142d9b5
Signed-off-by: Thomas Devoogdt <thomas.devoogdt@barco.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For qemu-system-m68k with emulates Q800 machine we need to add patches
for glibc to let it compile and run on m68k cpu m68040.
See here for discussions about the issue:
https://sourceware.org/bugzilla/show_bug.cgi?id=30740
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
This commit fixes the S10hyperv SysV init script which expects binaries
to be locate in /sbin while they are installed in /usr/sbin. Please
note, that the systemd init scripts correctly reference them.
Furthermore, the SysV init script did not check for an actual HyperV
environment to be present, which is also corrected. In addition, this
commit also fixes check-package warnings regarding a missing DAEMON
definition.
Signed-off-by: Jens Maus <mail@jens-maus.de>
[Peter: drop from .checkpackageignore]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The toolchain wrapper automatically adds Position Independent
Execution and stack protector flags in the build process when selected
in the configuration. at91bootstrap being freestanding code, it
doesn't support these, so we have to disable them.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove backported patch from this release.
Upstream commit from this release [1] very likely fixes failure
undefined reference to `__stack_chk_fail'.
[1] 72891ca1ef
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The "official" repository we used to reference disapeared quite some
time ago, so in commit 8c25838b53 (package/rockchip-mali: fix build
failure due to missing URL) we switched to using a mirror.
The tarballs generated on the Github side have a top-level directory
that is named "repo-name-HASH", so when we switched to a repository
named "libmali" to one named "mirrors", the content of the generated
tarball changed, even though the content of the files did not.
We can't just change the hash to the new value, or that would conflict
with thecopy on s.b.o and older versions of Buildroot.
So, we drop one cahr from the commit hash, which eans the tarball name
changes, and thus we can calculate a new hash for that tarball, and
there will be no conflict with any existing tarball on s.b.o.
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
