Commit c10349bf67 (package:libselinux: replace PKG_PYTHON_DISTUTILS_ENV)
forgot to update a comment that refered to PKG_PYTHON_DISTUTILS_ENV.
Replace that now.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
gpg key generation can take longer than the default timeout on a
loaded or slow test host. The commit increase the timeout for the
key generation command to prevent the test to randomly fail.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Replace PKG_PYTHON_DISTUTILS_ENV by PKG_PYTHON_SETUPTOOLS_ENV as libdnet
uses setuptools instead of distutils since version 1.16.2 and
4e4fc68795
This will avoid the following build failure raised since commit
09de823cbc:
In file included from /home/fabrice/buildroot/output/per-package/libdnet/host/include/python3.12/Python.h:38,
from ./dnet.c:40:
/home/fabrice/buildroot/output/per-package/libdnet/host/include/python3.12/pyport.h:586:2: error: #error "LONG_BIT definition appears wrong for platform (bad gcc/glibc config?)."
586 | #error "LONG_BIT definition appears wrong for platform (bad gcc/glibc config?)."
| ^~~~~
Fixes: 09de823cbc
(No autobuilder failure (yet))
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Replace PKG_PYTHON_DISTUTILS_ENV by PKG_PYTHON_SETUPTOOLS_ENV as
libselinux uses setuptools instead of distutils since version 3.5 and
2b5d558575
This will avoid the following build failure raised since commit
09de823cbc:
In file included from /home/buildroot/autobuild/instance-0/output-1/per-package/libselinux/host/include/python3.12/Python.h:38,
from selinuxswig_python_wrap.c:168:
/home/buildroot/autobuild/instance-0/output-1/per-package/libselinux/host/include/python3.12/pyport.h:586:2: error: #error "LONG_BIT definition appears wrong for platform (bad gcc/glibc config?)."
586 | #error "LONG_BIT definition appears wrong for platform (bad gcc/glibc config?)."
| ^~~~~
Fixes: 09de823cbc
Fixes: http://autobuild.buildroot.org/results/3fbbb741de33310c8cacab753a32e79c5e531036
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following static build failure raised since bump to version
1.2.2 in commit b50bb98220:
[5/5] Linking target src/libqrtr-glib/libqrtr-glib.so.0.0.0
FAILED: src/libqrtr-glib/libqrtr-glib.so.0.0.0
Fixes:
- http://autobuild.buildroot.org/results/e0442e97279a07f33a14ec52840f98b7ec0fe32d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure raised since the addition of the package
in commit 0a1f2fce04:
/home/autobuild/autobuild/instance-0/output-1/host/riscv64-buildroot-linux-uclibc/bin/ld.real: pty.o: in function `my_pty_fork':
pty.c:(.text+0x68): undefined reference to `fork'
/home/autobuild/autobuild/instance-0/output-1/host/riscv64-buildroot-linux-uclibc/bin/ld.real: filter.o: in function `.L0 ':
filter.c:(.text+0x134): undefined reference to `fork'
Fixes:
- http://autobuild.buildroot.org/results/0a3a68cfb181bc67a7dbf1d44f64b0a29df75987
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We don't need tests enabled which can also cause build issues.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that we can specify that the default values for the CPE_ID variables
are valid, without having to actually set one (or more) to their
default, add a check-package check that validates that the CPE_ID
variables are indeed not set to their default.
It also validates that CPE_ID_VALID is not set when another CPE_ID
variable is set to a non-default value.
Add an anchor in the manual so that we can easily point to it.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that we document _CPE_ID_VALID, and that it shall be used instead of
setting a default value to one of the other _CPE_ID_* variables, change
all of the existing packages to use it, to avoid any error when we later
extend check-package to validate the sanity ofthe _CPE_ID_* variables.
Mechanical change done within the reference container, running the new
check in check-package, to report the CPE_ID errors:
$ make check-package 2>/dev/null \
|awk '{
split($(1), a, ":"); fname = a[1]
split($(2), a, "'\''"); val = a[2]
new_var = $(8); gsub("_CPE_ID_.*", "_CPE_ID_VALID", new_var)
printf("%s %s %s %s\n", fname, $(8), val, new_var)
}' \
|while read fname var val new_var; do
sed -r -i -e "s/${var}[[:space:]]*=[[:space:]]*${val}/${new_var} = YES/" "${fname}"
done
$ git diff -I'CPE_ID_(VENDOR|VALID)'
[empty]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The way we handle CPE_ID variable is unusual compared to the other
variables: we mostly compute defaults for all of them, and eventually
aggregate the various CPE_ID variables to form the CPE ID name.
However, we do not consider that CPE ID to valid, unless there is one
(or more) CPE_ID variables actually set by the package; this shows that
the CPE ID has been checked to be valid against the NVD CPE database. In
that situation, we internally define the duly undocumented _CPE_ID_VALID
variable.
However, it is totally possible (and very often the case) that the
default value we set to those variables are appropriate, and do defne a
valid CPE ID. In this case, the package will define any arbitrary CPE_ID
variable to its default value, usually by setting either the VENDOR or
PRODUCT field, though there is no rule or requirement that be the case.
This is not very clean, non-obvious, and does not allow for easily
adding checks in check-package.
Add the _CPE_ID_VALID variable to the manual, to make it official that
it should be used when the default values of the others are valid.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
With recent asiidoc versions (at least 10.2.0 is known to report that),
rendering the manual yields a few warnings related to ordered lists:
asciidoc: WARNING: customize-quick-guide.adoc: line 13: list item index: expected 2 got 1
asciidoc: WARNING: customize-quick-guide.adoc: line 15: list item index: expected 3 got 1
[...]
asciidoc: WARNING: customize-quick-guide.adoc: line 65: list item index: expected 13 got 1
asciidoc: WARNING: customize-quick-guide.adoc: line 66: list item index: expected 14 got 1
asciidoc: WARNING: adding-packages-gettext.adoc: line 30: list item index: expected 2 got 1
asciidoc: WARNING: adding-packages-gettext.adoc: line 41: list item index: expected 3 got 1
The reason is that we use the same index to tell asciidoc to
automatically number items.
However, the official way to provide an automatic index is to write no
index:
https://docs.asciidoctor.org/asciidoc/latest/lists/ordered/
[...] since the numbering is obvious, the AsciiDoc processor will
insert the numbers for you if you omit them:
[...]
If you number the ordered list explicitly, you have to manually keep
the list numerals sequential. Otherwise, you will get a warning.
So, abide by the documentation, and drop the repeating indices to
ordered lists where we want automatic numbering.
Note that there is another ordered list, in adding-packages-directory.adoc,
but it does use explicit, sequential numbering. For consistency within
the whole document, we also convert it.
To avoid extra useless churn, the indentation of the items is not
changed to match the elided indices.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Updated hash of COPYING (year updated with
eba0ac1fc4)
Signed-off-by: Kadambini Nema <kadambini.nema@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changelog: https://curl.se/changes.html#8_6_0
Removed patch which was included in upstream release.
Updated license hash due to copyright year bump:
57cc70e559
Added configure options for optional libpsl support due to upstream
commit which throws an error during configure when libpsl is missing and
--without-libpsl was not used:
2998874bb6
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
phobosdpl is an old work email I don't really use anymore, so I'm
changing it to my personal email.
Signed-off-by: Sen Hastings <sen@phobosdpl.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The last Jailhouse tag is v0.12. It dates from 2020-02-04, which is
4 years old. This version no longer compiles with recent Kernels.
This commit updates Jailhouse to the latest commit e57d1ef, which
dates from 2023-01-10.
For commit logs, see:
https://github.com/siemens/jailhouse/commits/master/
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The jailhouse package installs files in the /usr/local prefix. This is
not convenient, because the jailhouse binary ends up in /usr/local/sbin,
which is not in the default Buildroot PATH. See [1]. Moreover, all
other Buildroot packages install files in /usr.
This is because the Buildroot package recipe does not set any prefix
value, and the upstream Jailhouse Makefile has a default to /usr/local.
See [2].
This commit sets the prefix value in the JAILHOUSE_MAKE_OPTS and also
updates other installation commands to put all the files in /usr.
[1] https://gitlab.com/buildroot.org/buildroot/-/blob/2023.11.1/system/Config.in#L495
[2] https://github.com/siemens/jailhouse/blob/v0.12/scripts/include.mk#L22
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
https://webkitgtk.org/security/WSA-2024-0001.html
- CVE-2024-23222: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue may
have been exploited. Description: A type confusion issue was addressed
with improved checks.
- CVE-2024-23206: A maliciously crafted webpage may be able to fingerprint
the user. Description: An access issue was addressed with improved access
restrictions.
- CVE-2024-23213: Processing web content may lead to arbitrary code execution.
Description: The issue was addressed with improved memory handling.
- CVE-2023-40414: Processing web content may lead to arbitrary code
execution. Description: A use-after-free issue was addressed with
improved memory management.
- CVE-2023-42833: Processing web content may lead to arbitrary code execution.
Description: A correctness issue was addressed with improved checks.
- CVE-2014-1745: Processing a file may lead to a denial-of-service or
potentially disclose memory contents. Description: The issue was
addressed with improved checks.
https://webkitgtk.org/security/WSA-2023-0012.html
- CVE-2023-42883: Processing a SVG image may lead to a denial-of-service.
Description: The issue was addressed with improved memory handling.
- CVE-2023-42890: Processing web content may lead to arbitrary code
execution. Description: The issue was addressed with improved memory
handling.
https://webkitgtk.org/security/WSA-2023-0011.html
- CVE-2023-42916: Processing web content may disclose sensitive information.
Apple is aware of a report that this issue may have been actively
exploited. Description: An out-of-bounds read was addressed with improved
input validation.
- CVE-2023-42917: Processing web content may lead to arbitrary code
execution. Apple is aware of a report that this issue may have been
actively exploited. Description: A memory corruption vulnerability was
addressed with improved locking.
Add an upstream post-2.42.5 patch to fix an issue with an invalid backport
causing a build issue.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 1edb9d691d (package/v4l2loopback: add
V4L2LOOPBACK_CPE_ID_VENDOR) added that variable, but set to its default
value.
This is however not required to define a valid CPE ID, as it also
defines a non-default CPE_ID_PREFIX.
Drop V4L2LOOPBACK_CPE_ID_VENDOR now.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The symmetric encryption test can sometimes take longer than the default
timeout. This commit increase the timeout to 10 seconds for that
command.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch adds support for the AVNET RZBoard V2L.
The board support creates a bootable sd card image. The board is
shipped with a u-boot inside its eMMC. The board support uses this
u-boot and does not build and deploy a u-boot onto the sd card.
Instead the sd card only contains a uEnv.txt, a kernel image and the
rootfs.
Signed-off-by: Kilian Zinnecker <kilian.zinnecker@mail.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The petitboot UI looks much nicer in a Unicode locale:
* Items in the language selection submenu use multibyte Unicode
characters. In other locales, they say "Unable to display text in this
locale".
* The combination of TERM=linux with a UTF-8 locale is required to
trigger a special-case workaround in ncurses code[1]. Without
this, line-drawing characters in the menu look like q's.
Turn on wchar support in ncurses, and add a reminder that a UTF-8 locale
should be generated for things to look right.
[1] https://invisible-island.net/ncurses/ncurses.faq.html#no_line_drawing
Signed-off-by: Reza Arbab <arbab@linux.ibm.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Normalize the order of arguments to $(INSTALL). Remove an unnecessary
pair of parentheses.
Signed-off-by: Reza Arbab <arbab@linux.ibm.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This ensures that we don't have duplicate dependencies.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The asn1parse command hangs forever on 3.2.0 when the genstr or genconf
option is passed.
This commit fixes the issue by adding upstream commits [1] [2].
[1] a552c23c65
[2] 749fcc0e3c
Signed-off-by: Martin Kurbanov <mmkurbanov@salutedevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The patch drops the file README.md from the license files. Indeed, the
licensing terms apply to third-party libraries that uuu links to, and
even though they are bundled in the source tree of uuu|mfgtools, they
are not used by Buildroot as we use the ones we build. Therefore, the
actual license file of the package is the file LICENSE.
Moreover, this also leads to simplifying the bump to new versions.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop no longer required python-setuptools runtime dependency.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
License hash changed due to year update:
1615584814
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
When the CVE lookup was added in commit
4a157be9ef, the starting year of the JSON
files was set to 2002. However, there are also CVEs from 1999, 2000 and
2001. It is not clear why these were skipped back then.
Set the start year to 1999 to capture these old CVEs too.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
NVD will deprecate the v1.1 API which allows us to download the full
database as individual JSON files. Instead, there's a horribly crappy
API that is extremely slow and subject to race conditions.
Fortunately, there is a project, Fraunhofer FKIE - Cyber Analysis and
Defense [1], that goes through the effort of adapting to this new API
and regenerating the convenient JSON files. The JSON files and meta
files are re-generated daily.
Instead of implementing the NVD v2 API, we decided to just use the JSON
files generatd by fkie-cad. That saves us the effort of solving the race
conditions, devising a cache mechanism that works, handling the frequent
gateway timeouts on the NVD servers, dealing with the rate limiting, and
keeping up with changes in the API.
Switch to this repository on github as NVD_BASE_URL. The file name is
also slightly different (CVE-20XX.json instead of nvdcve-1.1-20XX.json).
The fkie-cad repository compresses with xz instead of gz. Therefore:
- rename the filename variables to _xz instead of _gz;
- use xz as a subprocess because there is no xz decompressor in Python
stdlib.
[1] https://www.fkie.fraunhofer.de/en/departments/cad.html
Cc: Daniel Lang <dalang@gmx.at>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>