They are currently expressed as such:
depends on (BR2_ENABLE_LOCALE && BR2_USE_WCHAR)
which is not the common practice in Buildroot. We prefer to use:
depends on BR2_ENABLE_LOCALE
depends on BR2_USE_WCHAR
This commit ensures linux-pam is consistent with this best practice.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
BR2_PACKAGE_LINUX_PAM depends on BR2_USE_MMU, but this dependency is
not taken into account in the Config.in comment, which this commit
fixes.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The php-pam package provides a PHP PAM (Pluggable Authentication
Modules) integration.
https://pecl.php.net/package/PAM
Based on initial work from Nicolas Carrier <nicolas.carrier@orolia.com>
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The php-lua package provides a PHP extension that embeds the lua
interpreter and offers an OO-API to lua variables and functions.
https://pecl.php.net/package/lua
Based on initial work from Nicolas Carrier <nicolas.carrier@orolia.com>
Two patches are present and were retrieved from the following
upstream pull request in order to support PHP8:
https://github.com/laruence/php-lua/pull/47
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
APCu is an in-memory key-value store for PHP.
Keys are of type string and values can be any PHP variables.
APCu only supports userland caching of variables
https://pecl.php.net/package/APCU
Based on initial work from Nicolas Carrier <nicolas.carrier@orolia.com>
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
select BR2_PACKAGE_MESA3D_DRI3 for all gallium/kmsro drivers in case
X11 is selected, see meson.build:
240 with_gallium_kmsro = with_gallium_v3d or with_gallium_vc4 or with_gallium_etnaviv or with_gallium_panfrost or with_gallium_lima or with_gallium_freedreno
[...]
524 if with_gallium_kmsro and (with_platform_x11 and not with_dri3)
525 error('kmsro requires dri3 for X11 support')
526 endif
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=13831
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add config option for DRI3 support and use it instead
of DRI3 enable/disable logic in *.mk file.
Move the libxshmfence dependency to the DRI3 option, cfr. the following
in meson.build:
if with_dri3
...
dep_xshmfence = dependency('xshmfence', version : '>= 1.1')
endif
Also select DRI3 in the Vulkan Intel driver.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Arnout: make it a blind option, move xshmfence select to dri3]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The modsecurity2 package provides an Apache module implementing
a web application firewall (WAF) module.
Based on initial work from Tom Marcuzzi <tom.marcuzzi@orolia.com>
and Nicolas Carrier <nicolas.carrier@orolia.com>
modsecurity2 will be superseeded sooner or later by modsecurity v3
ie. libmodsecurity [1] and its Apache connector [2]. libmodsecurity
is already supported in Buildroot with its Nginx connector.
According to the Apache connector web page and the discussion [3],
the Apache connector is not ready for production use.
[1] https://github.com/SpiderLabs/ModSecurity
[2] https://github.com/SpiderLabs/ModSecurity-apache
[3] https://github.com/SpiderLabs/ModSecurity-apache/issues/80
The best we can do now is to still use modsecurity2 (v2.9.x) for
Apache:
https://github.com/SpiderLabs/ModSecurity/tree/v2/master
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
While adding this package with commit[1] Microblaze architecture has been
disabled by default pointing that it suffers from gcc ICE, but this is not
true, indeed the build error is referred to libgeos that is postgis
dependency:
```
during RTL pass: reload
.../bootlin-microblazeel-uclibc/build/libgeos-3.9.0/src/geom/util/Densifier.cpp: In static member function ‘static std::unique_ptr<std::vector<geos::geom::Coordinate> > geos::geom::util::Densifier::densifyPoints(geos::geom::Coordinate::Vect, double, const geos::geom::PrecisionModel*)’:
.../bootlin-microblazeel-uclibc/build/libgeos-3.9.0/src/geom/util/Densifier.cpp:128:1: internal compiler error: in gen_reg_rtx, at emit-rtl.c:1155
128 | }
| ^
```
This build error has been worked around with this commit[2] and I've just
tested this build with Microblaze gcc 9.3/9.4/10.3 and 11.2 and it builds
succesfully since the bug above is gcc bug 90620[3] and it's been handled
in libgeos already.
So let's allow Microblaze(el/be) to build this postgis.
[1]: https://git.buildroot.net/buildroot/commit/?id=9bb1034455de299876dfd03c5074d8bb9622f873
[2]: https://git.buildroot.net/buildroot/commit/?id=847b441b1ca2230c4f26a49aaede69eca5e7e7ad
[3]: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90620
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure with help2man raised since bump to
version 1.26.0 in commit be76508af2:
FAILED: docs/man/mbimcli.1
/usr/bin/help2man --output=docs/man/mbimcli.1 '--name=Control MBIM devices' '--help-option="--help-all"' /home/peko/autobuild/instance-1/output-1/build/libmbim-1.26.0/build/src/mbimcli/mbimcli
help2man: can't get `"--help-all"' info from /home/peko/autobuild/instance-1/output-1/build/libmbim-1.26.0/build/src/mbimcli/mbimcli
Try `--no-discard-stderr' if option outputs to stderr
Fixes:
- http://autobuild.buildroot.org/results/eaa2ba54b9c74f07292d3cad4fa96c80e6079702
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
BMP and NHRPD default to enabled. Both of them require c-ares. However,
if BMP and NHRPD are disabled, it is possible to build without c-ares.
Create user-visible configuration options for BMP and NHRPD and only
depend on c-ares if either of them is selected.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
ICU build scripting adds some host libraries to LD_LIBRARY_PATH by
using constructs of the following form:
LD_LIBRARY_PATH="custom-path:${LD_LIBRARY_PATH}"
If the original LD_LIBRARY_PATH is empty, this causes the last search
directory be an empty string, i.e. the working directory.
ICU build runs some basic host commands (e.g. "rm") in $(TARGET_DIR)/lib
under such an LD_LIBRARY_PATH, causing target libraries (e.g. libc) to
possibly get loaded instead of host system libraries if they are
compatible enough (e.g. arch matches).
Since the target libraries may not actually be ABI compatible with host
system binaries (e.g. target has an old libc), this can cause crashes
or other errors.
Observed errors include:
(1) rm: libc.so.6: version `GLIBC_2.33' not found (required by rm)
(2) sh: line 1: 1362670 Segmentation fault (core dumped) rm -f libicudata.so.65
Workaround the issue by setting a dummy LD_LIBRARY_PATH when it would
otherwise be empty.
https://unicode-org.atlassian.net/browse/ICU-21417
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
zeromq is an optional dependency since version 4.0 and
b6116506ec
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure raised with help2man since bump to
version 1.30.0 in commit 50c5495f81:
FAILED: docs/man/qmicli.1
/usr/bin/help2man --output=docs/man/qmicli.1 '--name=Control QMI devices' '--help-option="--help-all"' /home/peko/autobuild/instance-1/output-1/build/libqmi-1.30.2/build/src/qmicli/qmicli
help2man: can't get `"--help-all"' info from /home/peko/autobuild/instance-1/output-1/build/libqmi-1.30.2/build/src/qmicli/qmicli
Try `--no-discard-stderr' if option outputs to stderr
Fixes:
- http://autobuild.buildroot.org/results/15818b6de7378cd75c59b1d6dc732ed9a20c092a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following vulnerabilities:
* CVE-2021-4008/ZDI-CAN-14192 SProcRenderCompositeGlyphs out-of-bounds
access
The handler for the CompositeGlyphs request of the Render extension does
not properly validate the request length leading to out of bounds memory
write.
* CVE-2021-4009/ZDI-CAN 14950 SProcXFixesCreatePointerBarrier out-of-bounds
access
The handler for the CreatePointerBarrier request of the XFixes extension
does not properly validate the request length leading to out of bounds
memory write.
* CVE-2021-4010/ZDI-CAN-14951 SProcScreenSaverSuspend out-of-bounds access
The handler for the Suspend request of the Screen Saver extension does not
properly validate the request length leading to out of bounds memory
write.
* CVE-2021-4011/ZDI-CAN-14952 SwapCreateRegister out-of-bounds access
The handlers for the RecordCreateContext and RecordRegisterClients
requests of the Record extension do not properly validate the request
length leading to out of bounds memory write.
For details, see the advisory:
https://lists.x.org/archives/xorg-announce/2021-December/003122.html
Builds without systemd unfortunately got broken. Add a patch fixing that
from an upstream merge request:
https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/827
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* drop all upstreamed patches
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- Fix CVE-2021-4048: An out-of-bounds read flaw was found in the CLARRV,
DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0,
as also used in OpenBLAS before version 0.3.18. Specially crafted
inputs passed to these functions could cause an application using
lapack to crash or possibly disclose portions of its memory.
- Update license hash, year changed:
f67034373e
- Update indentation in hash file (two spaces)
http://netlib.org/lapack/lapack-3.10.0.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes:
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition...
scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
Tested on beaglebone black and beaglebone white (A6)
Signed-off-by: Lothar Felten <lothar.felten@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
tftp and traceroute6 has been removed in this release [1][2].
Due that LICENSE file has been changed.
Also remove patch from this release.
[1] https://github.com/iputils/iputils/pull/369
[2] https://github.com/iputils/iputils/pull/362
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure raised since bump to version 1.9.5 in
commit c7233ec2c3 and
6f8f170db3:
/home/giuliobenetti/autobuild/run/instance-2/output-1/host/lib/gcc/arm-buildroot-linux-gnueabihf/11.2.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: pcscd-pcscdaemon.o: in function `signal_thread':
pcscdaemon.c:(.text+0x444): undefined reference to `HPReCheckSerialReaders'
Fixes:
- http://autobuild.buildroot.org/results/6cf323229f32967aa554418410dc94b7094d09af
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Minor bugfix release:
Changes between 1.1.1l and 1.1.1m [14 Dec 2021]
*) Avoid loading of a dynamic engine twice.
[Bernd Edlinger]
*) Fixed building on Debian with kfreebsd kernels
[Mattias Ellert]
*) Prioritise DANE TLSA issuer certs over peer certs
[Viktor Dukhovni]
*) Fixed random API for MacOS prior to 10.12
These MacOS versions don't support the CommonCrypto APIs
[Lenny Primak]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add xxhash mandatory dependency to avoid the following build failure
with the embedded xxhash (in version 0.8.1) and uclibc raised since
bump to version 1.4.63 in commit
2a00246645 and
23b07fa3ef:
/home/buildroot/autobuild/instance-0/output-1/host/lib/gcc/arm-buildroot-linux-uclibcgnueabi/10.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: src/lighttpd.p/algo_xxhash.c.o: in function `XXH32_canonicalFromHash':
/home/buildroot/autobuild/instance-0/output-1/build/lighttpd-1.4.63/build/../src/algo_xxhash.h:2282: undefined reference to `static_assert'
Fixes:
- http://autobuild.buildroot.org/results/7b644dce244a1aa4a193a3196059a56b2c4c7591
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Install xxhash in staging to allow lighttpd to use it
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Disable cunit to avoid the following build failure raised since bump to
version 8.1 in commit ca2753fd47 and
749714731e:
In file included from pceplib/test/pcep_utils_counters_test.c:33:
./pceplib/pcep_utils_counters.h:112:2: error: unknown type name 'time_t'
112 | time_t start_time;
| ^~~~~~
Fixes:
- http://autobuild.buildroot.org/results/b68d3e369e2925938bde39508988aa9b701f1045
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issues:
- cgi_error_no_template(): Encode the template name to prevent
XSS (cross-site scripting) when Privoxy is configured to servce
the user-manual itself.
Commit 0e668e9409c. OVE-20211102-0001. CVE-2021-44543.
Reported by: Artem Ivanov
- get_url_spec_param(): Free memory of compiled pattern spec
before bailing.
Reported by Joshua Rogers (Opera) who also provided the fix.
Commit 652b4b7cb0. OVE-20211201-0003. CVE-2021-44540.
- process_encrypted_request_headers(): Free header memory when
failing to get the request destination.
Reported by Joshua Rogers (Opera) who also provided the fix.
Commit 0509c58045. OVE-20211201-0002. CVE-2021-44541.
- send_http_request(): Prevent memory leaks when handling errors
Reported by Joshua Rogers (Opera) who also provided the fix.
Commit c48d1d6d08. OVE-20211201-0001. CVE-2021-44542.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issues:
- CVE-2021-44420: Potential bypass of an upstream access control based on
URL paths
HTTP requests for URLs with trailing newlines could bypass an upstream
access control based on URL paths.
This issue has low severity, according to the Django security policy.
https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
In addition, 3.2.8 / 3.2.9 fixes a number of bugs.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop 0030-Fix-cross-compiling-the-uuid-module.patch as the patched code has
been reworked upstream and python3 is built with --disable-uuid:
91a51c5ffc
Rework 0033-configure.ac-fixup-CC-print-multiarch-output-for-mus.patch as
the MULTIARCH code is now conditional on !darwin:
9901d153c2
Refresh and renumber remaining patches.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
connman might depend on iptables or nftables, and those dependencies
are already selected later in this file as required.
Config.in already only selects iptables if BR2_PACKAGE_CONNMAN_IPTABLES.
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop patch (already in version) and so autoreconf
https://github.com/jirka-h/haveged/releases/tag/v1.9.15
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>