This version bump is needed to pass the ATF test with
hardening option enabled (-fstack-protector-strong)
With the version v2.2, ATF fail due to undefined references:
./build/juno/release/bl2u/arm_tzc400.o: In function `arm_tzc400_setup':
arm_tzc400.c:(.text.arm_tzc400_setup+0x10): undefined reference to `__stack_chk_guard'
arm_tzc400.c:(.text.arm_tzc400_setup+0x18): undefined reference to `__stack_chk_guard'
arm_tzc400.c:(.text.arm_tzc400_setup+0xb8): undefined reference to `__stack_chk_guard'
arm_tzc400.c:(.text.arm_tzc400_setup+0xcc): undefined reference to `__stack_chk_fail'
Since commit ccac9a5bbb, Buildroot no
longer forces ENABLE_STACK_PROTECTOR. However, we rely on the ATF build
system to handle it correctly, and this wasn't the case in v2.2.
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/1524842591
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e5494f1fac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When BR2_REPRODUCIBLE is set and host-coreutils needs to be built, the
fakedate script installed to 'host/bin/date' will be overwritten by
host-coreutils.
Besides, we do not need our host-coreutils for 'date' at all; we really
rely on the host system to provide it.
Unconditionally disable installing the 'date' binary in host-coreutils.
Note that we explicitly request only ln and realpath to be installed,
but the coreutils buildsystem does not strictly obey to that, as was
already noticed in 885e6fdb8a (package/coreutils: introduce a host
variant), which added that comment above HOST_COREUTILS_CONF_OPTS:
# Explicitly install ln and realpath, which we *are* insterested in.
# A lot of other programs still get installed, however, but disabling
# them does not gain much at build time, and is a loooong list that is
# difficult to maintain...
So, we also update that comment to explain why we still anyway disable
installation of 'date'.
Signed-off-by: Conrad Ratschan <conrad.ratschan@collins.com>
[yann.morin.1998@free.fr:
- unconditionally disable installing date
- extend comment and commit log to explain why we need
--enable-no-install-program=date despite the existing
--enable-install-program=ln,realpath
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit bdf7929109)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build fails since bump to version 3.1.7 in commit
011f31ee24 because config.h.in is older
than aclocal.m4:
make[1]: Entering directory '/tmp/instance-4/output-1/build/ipmiutil-3.1.7'
(CDPATH="${ZSH_VERSION+.}:" && cd . && autoheader)
/bin/bash: autoheader: command not found
Fixes:
- http://autobuild.buildroot.org/results/2005af881726473f2cda176e90c1e41e4baea67c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5f9d65fb46)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changelog ([1]):
1.7.14 (Sep 3, 2020)
Fixes:
optimize the way to find tail node, see #503
Fix WError error on macosx because NAN is a float. Thanks @sappo, see #484
Fix some bugs in detach and replace. Thanks @miaoerduo, see #456
[1] https://github.com/DaveGamble/cJSON/blob/master/CHANGELOG.md
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8b16476e80)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gcc 10.x is now used by default but the kernel 4.18.10 used by
pc_x86_64_{efi,bios}_defconfig doesn't build with it.
Bump the kernel to 4.19.204 release that contains a lot of
fixes for newer gcc.
Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/1525741062https://gitlab.com/kubu93/buildroot/-/jobs/1525741060
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 206c098f78)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Previously, alsa-plugins would not work if alsa-utils was installed
after it. This happened because:
1. alsa-plugins copies some files $(TARGET_DIR)/usr/share/alsa/alsa.conf.d
2. alsa-utils removes these files during installation ( rm -rf $(TARGET_DIR)/usr/share/alsa/;)
The `rm -rf` command was originally added as part of the fix for
https://bugs.buildroot.org/show_bug.cgi?id=1573 11 years ago.
The intention might have been to allow for unconfiguring some options
and then rebuilding alsa-utils. However, this is a scenario that does
not work anyway.
The simplest fix for the `alsa-plugins` compatibility issue appears to
be to remove the `rm -rf` command.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 3454bc9924)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Maxime has not been contributing to Buildroot for several years, so it
doesn't make sense to keep him in the DEVELOPERS file and make us
think that those packages are being maintained and to Cc: him on
patches affecting those packages.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a29124febf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-36976: libarchive 3.4.1 through 3.5.1 has a use-after-free
in copy_string (called from do_uncompress_block and process_block).
https://github.com/libarchive/libarchive/releases/tag/v3.5.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a223dd4aef)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gcc 10.x is now used by default but the kernel 4.19 used by
test_docker_compose doesn't build with it.
Bump the kernel to 4.19.204 release that contains a lot of
fixes for newer gcc.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5d60e07e27)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Gcc bug 99140 has been fixed on gcc 8.x but reappeared on gcc 9.x while
it's been fixed on gcc 10.x+. So let's update
BR2_TOOLCHAIN_HAS_GCC_BUG_99140 accordingly.
Fixes:
http://autobuild.buildroot.net/results/c55/c55f50a8d657695f0d5492c32efa666254cd7f99/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fe4e06d317)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This package has -fPIC gcc option set by default but we can't use it on
m68k_cf since it doesn't support it throwing a gcc build failure. So let's
disable it by passing -fno-PIC.
Fixes:
http://autobuild.buildroot.net/results/b92980a563fe7ee331e70f288ce041be0bf29d40/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 2a48a6ee9d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure on riscv32:
../src/util/futex.h: In function 'sys_futex':
../src/util/futex.h:39:19: error: 'SYS_futex' undeclared (first use in this function); did you mean 'sys_futex'?
39 | return syscall(SYS_futex, addr1, op, val1, timeout, addr2, val3);
| ^~~~~~~~~
| sys_futex
Fixes:
- http://autobuild.buildroot.org/results/692700a5f967760a0b8cd358b1712f1d5a7b681e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 3298e67ac6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build with kmsdrm is broken since bump to version 2.0.14 in commit
5e0da5c40d. Indeed, first patch was
already applied in this version:
9354aea198
but upstream made other changes that requires EGL so add an upstream
patch to fix the build failure
Moreover, run autogen.sh instead of autoreconf as it breaks the build
and is not recommended by upstream:
https://github.com/libsdl-org/SDL/pull/4214
Fixes:
- http://autobuild.buildroot.org/results/355c7e5092e7641d8b04ecb550e2671d70720bd2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Arnout: add dependency on host-autoconf]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 9aae755440)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
kmsdrm needs GBM (and so mesa3d) since its addition in version 2.0.6:
56363ebf61
If libgbm is not found, kmsdrm will be silently disabled
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 5bb4e281c0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As reported by Toolchain-builder project [1], the microblaze glibc
toolchain creates a system that doesn't boot when FORTIFY_SOURCE is
enabled: the init process hangs.
Also, hardening features may not be wanted or possible for such
slow soft-core cpus [2].
Note: for completeness, BR2_RELRO_PARTIAL was manually tested and it
does boot.
[1] https://gitlab.com/bootlin/toolchains-builder/-/jobs/1467624500
[2] http://lists.busybox.net/pipermail/buildroot/2021-June/312416.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 2e94aeed1a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
GNU cpio through 2.13 allows attackers to execute arbitrary code via a
crafted pattern file, because of a dstring.c ds_fgetstr integer overflow
that triggers an out-of-bounds heap write. NOTE: it is unclear whether
there are common cases where the pattern file, associated with the -E
option, is untrusted data.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 89857df2d1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch bumps Linux CIP RT to version 4.19.198-cip54-rt21
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 835ea5b94c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch bumps Linux CIP to version 4.19.198-cip54.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 595209da93)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Michael Fischer <mf@go-sys.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2ee1063136)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit 46b8fb7500 indeed if
libressl is selected as the openssl provider, the BR2_PACKAGE_OPENSSL
conditition will always be used and the BR2_PACKAGE_LIBRESSL condition
will never be triggered. Moreover, libressl provides a pkg-config file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit da4d8fc407)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-39240: An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3
before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme
and path portions of a URI have the expected characters. For example, the
authority field (as observed on a target HTTP/2 server) might differ from
what the routing rules were intended to achieve.
- CVE-2021-39241: An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2
before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method
name may contain a space followed by the name of a protected resource. It
is possible that a server would interpret this as a request for that
protected resource, such as in the "GET /admin? HTTP/1.1 /static/images
HTTP/1.1" example.
- CVE-2021-39242: An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3
before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an
attacker-controlled HTTP Host header, because a mismatch between Host and
authority is mishandled.
For more details, see the advisory:
https://www.mail-archive.com/haproxy@formilux.org/msg41041.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since I've dealt and deal with toolchain bugs and their work-around
very often add myself to toolchain topic(toolchain/) as well as
package/binutils and package/gcc.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8d0fcab128)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The language detection is falling back to the host system
Fortran compiler. An example of this is in RHEL7.9
(gcc4.8.5 20150623 (Red Hat 4.8.5-44)).
This patch bypasses detection and points to the location
where the compiler would be installed (if present). In the
cases where it doesn't exist, the detection falls through
and leaves Fortran disabled.
Fixes:
http://autobuild.buildroot.net/results/8354da225d1e5e337aa7ea62a7e6524fb5f1135f/
Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9f59154245)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The user shouldn't see the comment on the python2 menu.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit bf0b9048f2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The user shouldn't view the comment on the python2 menu.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6a932714d3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add TARGET_NLS_DEPENDENCIES and host-gettext dependency to avoid the
following build failure in a per-package-directorie build with
host-cairo raised because fontconfig installs its ITS files in the wrong
directory (i.e. outside of gettext-tiny symlink):
mkdir -p /tmp/instance-0/output-1/per-package/host-cairo/host
rsync -a --link-dest=/tmp/instance-0/output-1/per-package/host-fontconfig/host/ /tmp/instance-0/output-1/per-package/host-fontconfig/host/ /tmp/instance-0/output-1/per-package/host-cairo/host
rsync -a --link-dest=/tmp/instance-0/output-1/per-package/host-freetype/host/ /tmp/instance-0/output-1/per-package/host-freetype/host/ /tmp/instance-0/output-1/per-package/host-cairo/host
rsync -a --link-dest=/tmp/instance-0/output-1/per-package/host-libglib2/host/ /tmp/instance-0/output-1/per-package/host-libglib2/host/ /tmp/instance-0/output-1/per-package/host-cairo/host
cannot delete non-empty directory: share/gettext
could not make way for new symlink: share/gettext
This only happens with per-package directories because then the rsync is
done. Otherwise the fontconfig installation will simply follow the
symlink.
The error of course exists for target as well, but doesn't occur in
autobuilders since it already fails for host.
Fixes:
- http://autobuild.buildroot.org/results/00e29958cecfffa4e994ab549637117dd8f55c30
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 93351fa0b3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build fails because of the following circular dependency:
fontconfig -> util-linux -> udev -> systemd -> polkit ->
gobject-introspection -> cairo -> fontconfig
which results in the following build failure:
checking for UUID... no
checking where uuid functions comes from... configure: error:
*** uuid is required. install util-linux.
To break it, apply the same ugly workaround that was applied for
libglib2 and cryptsetup until a better solution is found:
https://patchwork.ozlabs.org/project/buildroot/patch/20201101150619.1709959-1-fontaine.fabrice@gmail.com/
Fixes:
- http://autobuild.buildroot.org/results/2c6ef073e7e98e13daa409e1ea6130e9abd32c87
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit eb05822259)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
commit f79a420825 (package/busybox/udhcpc.script: support RFC3442
static routes) used 'set --' clobbering the positional arguments, causing
the action argument to not be correctly forwarded to hook scripts for the
renew / bound cases if static routes are provided by the server.
As a workaround, save the action argument at the beginning of the script and
use that when calling hook scripts.
Reported-by: 王琦 <wangwangqi2011@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 94c41eef61)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update LIBARGTABLE2_VERSION to reflect what is used by
https://release-monitoring.org
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5a3d1f34bc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update IOZONE_VERSION to reflect what is used by
https://release-monitoring.org
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1e75050bbb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
3.34.1 is the version used by https://release-monitoring.org as well as
NVD NIST database so add SQLITE_TAR_VERSION and drop
SQLITE_CPE_ID_VERSION
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3943b6f003)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The release contains a bugfix to fix the make install of the python
module after build changes introduced in this release RC1.
This release contains a number of bug fixes. There is a crash fix for
broken internal structures in stream reuse, that is used when many TCP
or TLS upstream connections are made. Also a number of features are added.
https://github.com/NLnetLabs/unbound/releases/tag/release-1.13.2
Signed-off-by: Kyle Harding <kyle@balena.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aaad2ab8e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sven has privately asked to no longer receive notifications related to
this package.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 829ecf7d79)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD)
through 2.3.2 allows remote attackers to cause a denial of service
(out-of-bounds read) via a crafted TGA file.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0eebfba388)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
textview_uri_security_check in textview.c in Claws Mail before 3.18.0,
and Sylpheed through 3.7.0, does not have sufficient link checks before
accepting a click.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 634dcbd50d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This affects the package jszip before 3.7.0. Crafting a new zip file
with filenames set to Object prototype values (e.g __proto__, toString,
etc) results in a returned object with a modified prototype instance.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 921830e92d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failures on arc and riscv32:
latency.c: In function 'display':
latency.c:326:21: error: format '%ld' expects argument of type 'long int', but argument 2 has type 'time_t' {aka 'long long int'} [-Werror=format=]
326 | ("RTT| %.2ld:%.2ld:%.2ld (%s, %Ld us period, "
| ~~~~^
| |
| long int
| %.2lld
327 | "priority %d)\n", dt / 3600,
| ~~~~~~~~~
| |
| time_t {aka long long int}
altency.c: In function ‘display’:
altency.c:262:21: error: format ‘%ld’ expects argument of type ‘long int’, but argument 2 has type ‘time_t’ {aka ‘long long int’} [-Werror=format=]
262 | ("RTT| %.2ld:%.2ld:%.2ld (%s, %Ld us period, "
| ~~~~^
| |
| long int
| %.2lld
263 | "priority %d)\n", dt / 3600,
| ~~~~~~~~~
| |
| time_t {aka long long int}
Fixes:
- http://autobuild.buildroot.org/results/448efe22e8fe058a1b354a3c124874e30b9ce138
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 74196b7d05)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
