We define _DEFAULT_SOURCE in mkpasswd.c to suppress a compiler warning.
In file included from /usr/include/x86_64-linux-gnu/bits/libc-header-start.h:33,
from /usr/include/stdio.h:27,
from [...]/buildroot/output/arm64/build/host-mkpasswd/mkpasswd.c:24:
/usr/include/features.h:187:3:
187 | # warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE"
| ^~~~~~~
As per GLIBC 2.20 release notes[1]:
The _BSD_SOURCE and _SVID_SOURCE feature test macros are no longer
supported; they now act the same as _DEFAULT_SOURCE (but generate a
warning). Except for cases where _BSD_SOURCE enabled BSD interfaces
that conflicted with POSIX (support for which was removed in 2.19),
the interfaces those macros enabled remain available when compiling
with _GNU_SOURCE defined, with _DEFAULT_SOURCE defined, or without
any feature test macros defined.
[1] https://lwn.net/Articles/611162/
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 9616ade222)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream maintainer, now also maintainer in Buildroot.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit afdd3b2afc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cpe:2.3🅰️kernel:util-linux is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Akernel%3Autil-linux
Inherit the values from util-linux; they really are, and have to be,
the same.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: inherit values from util-linux]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit bfe518b068)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 0cfa165948 (package/pkg-utils.mk: introduce "name" field in
show-info output) did what it said, but did so in the generic show-info
part, thus it was also added to filesystems (rootfs), the other kind of
entity that show-info reports on.
Only packages have a "name"; filesystems do not. Instead, they already
have an 'image_name'.
Move the 'name' field to the package-related part of show-info.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 471ecea5ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The unmatched escaped single-quote lies in the middle of a few
function calls, so they too must be fake-closed to properly fix
colour highlighting in some editors.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit cba51c7f5a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some packages install nothing in target nor staging, but install images
(like the kernel vmlinux, or a bootloader boot blob...)
If we want to appropriately account for the files installed by each
package, we also need to take images/ into account.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5d00fecb7d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When calling 'printvars', the 'suitable-host-package' macro is printed
(a macro is just a variable like the others, after all, just with some
parameters). Because it is printed as a variable, it is missing its
parameters, but it still tries to evaluate the $(shell) construct.
This causes spurious warning:
make[1]: support/dependencies/check-host-.sh: Command not found
Only try and call the script if there is actually a tool to check for.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 77304e5143)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, the build_dir field is reported relative to $(BASE_DIR), to
avoid leaking local paths.
However, BASE_DIR is not a directory that is very convenient: for
in-tree builds, it is $(CONFIG_DIR)/output/, while for out-of-tree
builds, it is $(CONFIG_DIR). This difference is purely an idiosyncracy
of how out-of-tree builds have been implemented in Buildroot, and is
not under the control of the user.
What the user is in control of, however, is where the .config file is
located. This, really, is the directory we should base relative paths
on.
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 76c4df324d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-4020: janus-gateway is vulnerable to Improper
Neutralization of Input During Web Page Generation ('Cross-site
Scripting')
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 99d2826e03)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As already done for libglib2 in commit
b094f88a4d, fix girdir to avoid the
following build failure with gst1-plugins-base and introspection:
/home/giuliobenetti/autobuild/run/instance-3/output-1/host/riscv32-buildroot-linux-gnu/sysroot/usr/bin/g-ir-compiler gst-libs/gst/tag/GstTag-1.0.gir --output gst-libs/gst/tag/GstTag-1.0.typelib --includedir=/usr/share/gir-1.0
Could not find GIR file 'Gst-1.0.gir'; check XDG_DATA_DIRS or use --includedir
Fixes:
- http://autobuild.buildroot.org/results/d1e2bdde97777ff61c185d375ba412a93e7ca467
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ff420a3195)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2021-30535: Double free in ICU in Google Chrome prior to
91.0.4472.77 allowed a remote attacker to potentially exploit heap
corruption via a crafted HTML page.
https://nvd.nist.gov/vuln/detail/CVE-2021-30535
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f4483f1aab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5.14.x is EOL, so no more updates for that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 64cb922db7)
[Peter: drop 5.15.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
- CVE-2021-43527: Heap overflow in NSS when verifying DSA/RSA-PSS
DER-encoded signatures
For more details, see the advisory:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bad5728c98)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the follownig build failure on ARM big endian raised since bump to
version 3.68 in commit 0a73b9b962:
Linux2.6_aarch64_aarch64_be-linux-gnu-gcc_glibc_PTH_64_DBG.OBJ/Linux_SINGLE_SHLIB/sha256-armv8.o: In function `SHA256_Compress_Native':
sha256-armv8.c:(.text.SHA256_Compress_Native+0x0): multiple definition of `SHA256_Compress_Native'
Linux2.6_aarch64_aarch64_be-linux-gnu-gcc_glibc_PTH_64_DBG.OBJ/Linux_SINGLE_SHLIB/sha512.o:sha512.c:(.text.SHA256_Compress_Native+0x0): first defined here
Linux2.6_aarch64_aarch64_be-linux-gnu-gcc_glibc_PTH_64_DBG.OBJ/Linux_SINGLE_SHLIB/sha256-armv8.o: In function `SHA256_Update_Native':
sha256-armv8.c:(.text.SHA256_Update_Native+0x0): multiple definition of `SHA256_Update_Native'
Linux2.6_aarch64_aarch64_be-linux-gnu-gcc_glibc_PTH_64_DBG.OBJ/Linux_SINGLE_SHLIB/sha512.o:sha512.c:(.text.SHA256_Update_Native+0x0): first defined here
Fixes:
- http://autobuild.buildroot.org/results/237aba0c16a34fec1b0fe50fe08cace438eda1bf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3e524755a9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump to version 4.32
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 811305e38f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release Notes (not yet available, but should eventually land):
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.65_release_notes
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[yann.morin.1998@free.fr: release notes not yet available]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 4eadbfeb94)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
