We are currently using the fork by Adam, with support for duktape as a
JS engine. But upstream has finally merged that just a day ago. Woohoo!
Between the fork we were using and upstream, there are very little
changes, mostly centered around:
- translations
- buildsystem
- duktape
- CVE-2021-4034
So, we just switch to using the HEAD of the repo: it has not much more
than the two important changes: duktape and the CVE fix.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Marek Belisko <marek.belisko@open-nandra.com>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In BINUTILS_INSTALL_TARGET_CMDS (target!), libiberty is installed
to STAGING_DIR.
This is not necessary since libiberty is already unconditionally
installed to staging in BINUTILS_INSTALL_STAGING_CMDS. Furthermore
the presence of STAGING_DIR path in TARGET_CMDS is confusing and
incorrect.
Moreover libiberty is static only. Static libraries are only used at
build time, not at run time so we do not need to install libiberty in
target.
This commit removes the incorrect libiberty install in TARGET_CMDS and
adds a comment to clarify why we do not see libiberty installed on
target.
Signed-off-by: Jonathan Borne <jborne@kalray.eu>
[yann.morin.1998@free.fr:
- reword comment, move it toward the _INSTALL_TARGET_CMDS
- rewrap and slightly reword commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Replace CMAKE_DISABLE_FIND_PACKAGE_{DOXYGEN,LATEX} by JAS_ENABLE_DOC
which is available (and working as expected) since version 2.0.20 and
cddb7b199a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure raised since bump to version 1.3.3 in
commit 163509a8e0:
>>> htpdate 1.3.3 Installing to target
PATH="/home/buildroot/autobuild/instance-0/output-1/host/bin:/home/buildroot/autobuild/instance-0/output-1/host/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" /usr/bin/make -j4 -C /home/buildroot/autobuild/instance-0/output-1/build/htpdate-1.3.3 DESTDIR=/home/buildroot/autobuild/instance-0/output-1/target install
make[1]: Entering directory '/home/buildroot/autobuild/instance-0/output-1/build/htpdate-1.3.3'
strip -s htpdate
strip: Unable to recognise the format of the input file `htpdate'
Fixes:
- http://autobuild.buildroot.org/results/f1034de5ebc2fc2c49711820077d0b6e5e13aea5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit 6a51177af1 (package/mesa3d: always enable glx-direct if glx is
enabled) introduced a typo in the comment, fix that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure raised since bump of neon to version
0.32.2 in commit 029a6dc3e3:
../output-1/build/gst1-plugins-bad-1.18.5/ext/neon/meson.build:1:0: ERROR: Invalid version of dependency, need 'neon' ['<= 0.31.99'] found '0.32.2'.
Fixes:
- http://autobuild.buildroot.org/results/eaf1890176431000ea8b371956f0d2d7e9907aea
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix CVE-2021-20330: An attacker with basic CRUD permissions on a
replicated collection can run the applyOps command with specially
malformed oplog entries, resulting in a potential denial of service on
secondaries. This issue affects MongoDB Server v4.0 versions prior to
4.0.25; MongoDB Server v4.2 versions prior to 4.2.14; MongoDB Server
v4.4 versions prior to 4.4.6.
Drop third patch (already in version)
https://docs.mongodb.com/master/release-notes/4.2/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Link examples with -latomic to avoid the following build failure raised
since commit 3edc1cc44c:
FAILED: spa/examples/adapter-control
/home/buildroot/autobuild/instance-0/output-1/host/bin/sparc-linux-gcc -o spa/examples/adapter-control spa/examples/adapter-control.p/adapter-control.c.o -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,--start-group -lintl -ldl -pthread -lm -Wl,--end-group
/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/10.3.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: spa/examples/adapter-control.p/adapter-control.c.o: in function `spa_graph_node_trigger':
adapter-control.c:(.text+0xdf4): undefined reference to `__atomic_fetch_sub_4'
Fixes:
- http://autobuild.buildroot.org/results/192f40a5c6e05fc11507494e19db52a47082fc35
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
ClamAV 0.103.5 is a critical patch release with the following fix:
- CVE-2022-20698: Fix for invalid pointer read that may cause a crash.
Affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with
libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option (the
clamscan --gen-json option) is enabled.
https://github.com/Cisco-Talos/clamav/blob/clamav-0.103.5/NEWS.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure raised since bump to version 1.22c in
commit 5b9c58531e:
sslh-select.c: In function 'udp_timeouts':
sslh-select.c:480:5: error: 'for' loop initial declarations are only allowed in C99 mode
for (int i = 0; i < fd_info->max_fd; i++) {
^
Fixes:
- http://autobuild.buildroot.org/results/aaaac2beb16730747b4265e81d09cb5e072c7267
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop python2 support and propagate dependency changes.
Ensure optimized cython build is enabled and add host cython
dependency.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump and update project to its new location.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a minor release which provides fixes for CVE-2021-30934,
CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953,
CVE-2021-30954, CVE-2021-30984, and the safarileaks.com vulnerability
(which has not yet been assigned a CVE number). Release notes can be
found at:
https://wpewebkit.org/release/wpewebkit-2.34.4.html
An accompanying security advisory has been published at:
https://wpewebkit.org/security/WSA-2022-0001.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Users may want to debug Go programs using dlv on the host machine.
Adds package host-delve and BR2_PACKAGE_HOST_DELVE.
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
CVE-2021-43816: "Unprivileged pod using `hostPath` can side-step active LSM when
it is SELinux"
Containers launched through containerd’s CRI implementation on Linux systems
which use the SELinux security module and containerd versions since v1.5.0 can
cause arbitrary files and directories on the host to be relabeled to match the
container process label through the use of specially-configured bind mounts in a
hostPath volume. This relabeling elevates permissions for the container,
granting full read/write access over the affected files and directories.
Kubernetes and crictl can both be configured to use containerd’s CRI
implementation.
https://github.com/advisories/GHSA-mvff-h3cj-wj9chttps://github.com/containerd/containerd/releases/tag/v1.5.9
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure raised since bump of meson to version
0.61.0 in commit a8dc871139:
../output-1/build/gvfs-1.48.1/daemon/meson.build:368:7: ERROR: Function does not take positional arguments.
Fixes:
- http://autobuild.buildroot.org/results/6231649fac82a70b215186c3396b879a28a96f60
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
ZynAddSubFX is a fully featured open source software synthesizer
capable of making a countless number of instruments, from some
common heard from expensive hardware to interesting sounds that
you'll boost to an amazing universe of sounds.
https://zynaddsubfx.sourceforge.io/
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
pjsip:pjsip has been deprecated by teluu:pjsip since September 2021:
<cpe-23:cpe23-item name="cpe:2.3🅰️pjsip:pjsip:2.7.1:*:*:*:*:*:*:*">
<cpe-23:deprecated-by name="cpe:2.3🅰️teluu:pjsip:2.7.1:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>
<cpe-item name="cpe:/a:pjsip:pjsip:2.7.2" deprecated="true" deprecation_date="2021-09-02T14:49:19.527Z">
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
RK3399_ROCKPRO64 has been picked from pine64/rockpro64 but here we deal
with orangepi-rk3399, so let's change the label to RK3399_ORANGEPI.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit add a simple test doing symmetric encryption/decryption
to check this python interface with the gpg binary is working fine.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This will use gcc-ar, gcc-nm and gcc-ranlib instead of the
normal binutils tools. The difference is that with the
wrappers, gcc plugins will be automatically picked up,
which is necessary to build with LTO.
With this enabled, it is possible to build everything (including libgcc
and libstdc++) with LTO by setting BR2_TARGET_OPTIMIZATION="-flto".
Note that you'd expect that the GCC build system would automatically do
this when --enable-lto is set, but this is not the case. There are some
open bugs [1][2] to allow building libgcc and libstdc++ with LTO support
but it's apparently not done yet.
Note that there are also reports of problems building libstdc++ with LTO
[3], but it seems that's no longer a problem (and the bug didn't get
updated).
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=59893
[2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77278
[3] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60160
Monitoring the target/ and host/ directories and so on, will serve to
generate lists of files installed by the packages. Those lists are then
used to generate graphs of the size those package take on the target
for example.
With PPD, we will also want to use those lists to only copy those files
actually installed by each dependencies of a package, recursively.
Currently, those lists are not entirely reliable, as the starting points
are established before we apply PPD fixup hooks. As such, at the end of
a package installation, fixed up files will be found to belong to the
current package, while they were in fact provided by one of its
dependency.
While this does no big harm, if at all, for the size graphs, it will
trigger overwrite detection when we eventually gather packages together
to aggregate a PPD or te final host and target. So, we better have the
lists of files be reliable.
So, we only start monitoring the directories after we apply the PPD
fixups (or seen the other way around for a smaller diff: we apply the
PPD fixups before we start monitoring the directories).
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Some files contain hard-coded absolute paths that point to the host
and/or staging directories.
With per-package directories (aka. PPD), these paths point to the PPD
of the package that created the files, when we want them to point to the
PPD of the package that uses them.
Up until now, we had two hooks that attempted to fix those files:
- a libtool-specific hook that searches for all .la files and seds
them with the proper PPD,
- a python-specific hook that tweaks just the sysconfigdata and
removes the byte-compiled version of the sysconfigdata.
But now, we also have a few other kinds of files for which we need to
fix the PPD: .cmake, .pc, or .pri files, and probably a bunch of others
as well.
We solve this issue by just replacing any PPD in text files, with the
current package's PPD.
This is very similar to, and inspired from what is done when relocating
the SDK. However, we can't use the existing relocate-sdk script, because
that needs to know the original location, which we do not have when we
aggregate the PPD (we could store it, but we can easily do without it).
Furthermore, we use a construct that is way more efficient than
relocate-sdk. First, we skip binary files with grep, which means we have
way less files to check with 'file' [0]. Second, we use xargs to sed
multiple files at once: printf is a shell built-in, so it's fast, and so
we do not have to spawn a sed for each file to fixup.
[0] We still keep using 'file' as a safety net, to avoid mangling a
binary file that grep would have missed.
Finally, the existing python-specific macro is simplified to just remove
the pre-compiled sysconfigdata files. And we rename it accordingly.
And as for some timings, to see the impact, with the defconfig below,
and with the downloads already local, and with a PC mostly idle (mail
and IRC activity only):
Before Now Delta
- without PPD : 7min 27s 7min 23s -0.9%
- with PPD : 7min 51s 7min 59s +1.7%
- with PPD -j8: 5min 51s 5min 56s +1.4%
So we can see a slight increase in time, but it is mostly in the noise
(some builds without this change did exceed some builds with this
change, due to background noise). Also, depending on scheduling, there
can be less parallelism; for example, python3 does not build in
parallel, and with this special defconfig, python is on the critical
path of a lot of packages that are python modules, which can negatively
impact a parallel build too. A more realistic, bigger defconfig would
probably be more parallel... YMMV...
Delta without PPD is also due to background noise, as those hooks are
not used when PPD is not enabled.
Defconfig used:
BR2_arm=y
BR2_cortex_a7=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_PACKAGE_PYTHON3=y
BR2_PACKAGE_PYTHON_AIOBLESCAN=y
BR2_PACKAGE_PYTHON_AIOCOAP=y
BR2_PACKAGE_PYTHON_AIOFILES=y
BR2_PACKAGE_PYTHON_AIOHTTP_CORS=y
BR2_PACKAGE_PYTHON_AIOHTTP_DEBUGTOOLBAR=y
BR2_PACKAGE_PYTHON_AIOHTTP_MAKO=y
BR2_PACKAGE_PYTHON_AIOHTTP_REMOTES=y
BR2_PACKAGE_PYTHON_AIOHTTP_SECURITY=y
BR2_PACKAGE_PYTHON_AIOHTTP_SESSION=y
BR2_PACKAGE_PYTHON_AIOHTTP_SSE=y
BR2_PACKAGE_PYTHON_AIOJOBS=y
BR2_PACKAGE_PYTHON_AIOLOGSTASH=y
BR2_PACKAGE_PYTHON_AIOMONITOR=y
BR2_PACKAGE_PYTHON_AIOPROCESSING=y
BR2_PACKAGE_PYTHON_AIOREDIS=y
BR2_PACKAGE_PYTHON_AIORWLOCK=y
BR2_PACKAGE_PYTHON_AIOZIPKIN=y
BR2_PACKAGE_LIGHTTPD=y
BR2_PACKAGE_LIGHTTPD_OPENSSL=y
BR2_PACKAGE_LIGHTTPD_ZLIB=y
BR2_PACKAGE_LIGHTTPD_BZIP2=y
BR2_PACKAGE_LIGHTTPD_PCRE=y
BR2_PACKAGE_LIGHTTPD_WEBDAV=y
# BR2_TARGET_ROOTFS_TAR is not set
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Louis-Paul CORDIER <lpdev@cordier.org>
Cc: Andreas Naumann <anaumann@ultratronik.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
License hash changed due to OCB patents expiry:
5d78d02220
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop patch that is now upstream.
Drop python2 support.
Drop python-six dependency which is no longer needed.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr: update paramiko python3 dependency comment]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>