Commit b9e89b340e (sudo: bump version) introduced the explicit build
of mksigname and mksiglist as host tools, as they were required to run
on the build machine, to generate C code then used to build the target
program.
This is now failing to build since the bump to sudo 1.9.15p5 in commit
c87746afef (package/sudo: security bump to version 1.9.15p5)
(lines manually wrapped and slightly elided for ease of reviewing):
/usr/bin/cpp \
-I/home/ymorin/dev/buildroot/O/master/per-package/sudo/host/include \
-I../../include \
-I../.. \
./sys_signame.h \
| /usr/bin/sed -e '1,/^int sudo_end_of_headers;/d' -e '/^#/d' > mksigname.h
In file included from /usr/include/features.h:394,
from /usr/include/sys/types.h:25,
from ./sys_signame.h:4:
/usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
26 | # error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
| ^~~~~
/usr/bin/gcc -I../../include -I../.. -I. -I. \
-D_PATH_SUDO_CONF=\"/etc/sudo.conf\"
-I/home/ymorin/dev/buildroot/O/master/per-package/sudo/host/include \
-DDEFAULT_TEXT_DOMAIN=\"sudo\" \
-O2 \
-I/home/ymorin/dev/buildroot/O/master/per-package/sudo/host/include \
./mksigname.c -o mksigname
In file included from /usr/include/features.h:394,
from /usr/include/bits/libc-header-start.h:33,
from /usr/include/stdlib.h:26,
from ./mksigname.c:27:
/usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
26 | # error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
| ^~~~~
make[2]: *** [Makefile:263: mksigname] Error 1
The core of the issue has not been really identified, but it turns out
that neither mksiglist nor mksignames is used during the build. This has
been tested with a minimal sudo with no option, and with a sudo with all
options enabled (linux-pam, zlib, opensldap, and openssl), with the
three types of C libraries (glibc, musl, and uClibc-ng).
Digging in the sudo buildsystem did not reveal an obvious reason when
those would be needed either.
Drop the hook now it seems it is no longer used and is atually breaking
the build.
Fixes: http://autobuild.buildroot.org/results/72f/72ff18fb9b41394a29006f881ee1fbea67a66a09/
Note that there is a second issue in there: the call to the host cpp
fails, but since it is on the LHS of a pipe, the error is lost, as the
RHS of the pipe (the sed call) succeeds; a fix for that will be sent
in a separate patch.
Reported-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Christian Stewart <christian@aperture.us>
For release note, see [1].
This commit removes the package patch, as it is now included in this new
release.
LICENSE-BSD3 hash changed, due to reformatting. See [2].
[1] https://github.com/google/highway/releases/tag/1.1.0
[2] edc35d14c7
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The DEVELOPERS entry was missing.
Fixes: 35eb74c634 ("configs/am574x_idk_defconfig: new defconfig")
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
CVE-2023-40546 mok: fix LogError() invocation
CVE-2023-40547 - avoid incorrectly trusting HTTP headers
CVE-2023-40548 Fix integer overflow on SBAT section size on 32-bit system
CVE-2023-40549 Authenticode: verify that the signature header is in bounds.
CVE-2023-40550 pe: Fix an out-of-bound read in verify_buffer_sbat()
CVE-2023-40551: pe-relocate: Fix bounds check for MZ binaries
https://github.com/rhboot/shim/tree/15.8
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Update patch to compile correctly with newer versions of GCC, which
has gotten stricter about the placement of the alignas() attribute.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[yann.morin.1998@free.fr: update .checkpackageignore]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
https://wpewebkit.org/security/WSA-2024-0001.html
- CVE-2024-23222: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been exploited. Description: A type confusion issue was
addressed with improved checks.
- CVE-2024-23206: A maliciously crafted webpage may be able to
fingerprint the user. Description: An access issue was addressed with
improved access restrictions.
- CVE-2024-23213: Processing web content may lead to arbitrary code
execution. Description: The issue was addressed with improved memory
handling.
Add an upstream post-2.42.5 patch to fix an issue with an invalid
backport causing a build issue.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit dfed5acb56 ("utils/check-package: use https for the manual URL")
replaced the default url to the Buildroot manual while it was used
by TestCheckPackage test.
Update TestCheckPackage with https url.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6224243484
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Update hash of the COPYING.txt (update in year)
Signed-off-by: Kadambini Nema <kadambini.nema@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Release notes from https://github.com/libts/tslib/releases :
This release includes libts version 0.10.5 and the following changes:
* new filter module: module crop
* some build and security fixes
* improved release procedure
Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure raised since bump to version 1.7.5 in
commit b7ee5f3b0e and
fe826f4b19:
checking if mmap(MAP_ANON|MAP_SHARED) works... configure: error: in `/home/autobuild/autobuild/instance-9/output-1/build/uacme-1.7.5':
configure: error: cannot run test program while cross compiling
Fixes: b7ee5f3b0e
- http://autobuild.buildroot.org/results/9715ade98f4894c07b640d151daa41813d2bec3a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: reference patch in comment]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of waiting for a hardcoded time of 30s we check periodically every
second if the server is already up. If it isn't up after the full timeout
(which is the same as before) expired the test fails.
We need to redirect all output of the background started task to
/dev/null now as it otherwise confuses the emulator.run() exit code
parsing logic (as it gets out of order messages from the emulator).
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
yann.morin.1998@free.fr: simplify assert test]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Backport an upstream patch that fixes django auth and admin apps not
working in .pyc only builds.
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/6148209453
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
On Microblaze architecture __has_attribute(__symver__) support is broken
and always return true even if symver is not supported so let's add an
upstream patch to detect if symver is supported during autoreconf. Let's
also add ATTR_AUTORECONF = YES to let patch to affect building.
Fixes:
http://autobuild.buildroot.org/results/29c76e02becedf922bd7dc0533338c078bf77d2a
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Move comment in Config.in to end of file so that
BR2_PACKAGE_GOOGLE_BREAKPAD_TOOLS is properly idented.
Signed-off-by: Nuno Gonçalves <nunog@fr24.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
uClibc lacks process_vm_readv(), and sudo fails to build since commit
c87746afef (package/sudo: security bump to version 1.9.15p5), with
errors such as:
./exec_ptrace.c: In function ‘ptrace_write_vec’:
./exec_ptrace.c:895:9: error: ‘nwritten’ undeclared (first use in this function); did you mean ‘pwrite’?
895 | nwritten = ptrace_write_string(pid, strtab, vec[i]);
| ^~~~~~~~
| pwrite
Backport an upstream commit to fix the issue.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit c05f27c "configs/freescale_imx93evk: new defconfig", when
applied, added few ShellCheck fixups on top of the orginial
submission. During those changes, one extra backslash was added,
making the imx9-bootloader-prepare.sh fail.
This commit fixes the issue by removing this extra backslash.
Fixes:
dd: failed to open '/buildroot/output/images/u-boot-atf-container.img': No such file or directory
make: *** [Makefile:820: target-post-image] Error 1
Signed-off-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Tested-By: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
$ utils/docker-run make check-package
board/freescale/imx93evk/patches/linux-headers/linux-headers.hash:3: empty line at end of file
board/freescale/imx93evk/patches/linux/linux.hash:3: empty line at end of file
402624 lines processed
2 warnings generated
make: *** [Makefile:1248: check-package] Error 1
Signed-off-by: Kadambini Nema <kadambini.nema@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The dependency comment must be shown when the platform has no ELE and
not when the platform has no VPU.
Fixes: 69d127fe29 ("package/freescale-imx/firmware-ele-imx: new package")
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Fix the following openssl static build raised since commit
80fa5672da:
/home/buildroot/autobuild/instance-0/output-1/host/lib/gcc/aarch64_be-buildroot-linux-uclibc/12.3.0/../../../../aarch64_be-buildroot-linux-uclibc/bin/ld: /home/buildroot/autobuild/instance-0/output-1/host/aarch64_be-buildroot-linux-uclibc/sysroot/lib/../lib64/libcrypto.a(libcrypto-lib-c_zlib.o): in function `zlib_oneshot_expand_block':
c_zlib.c:(.text+0xaec): undefined reference to `uncompress'
Commit b9a062b354 can also be reverted as
pkg-config will also retrieve -latomic to avoid the following build
failure:
/home/autobuild/autobuild/instance-1/output-1/host/lib/gcc/sparc-buildroot-linux-uclibc/10.4.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: /home/autobuild/autobuild/instance-1/output-1/host/sparc-buildroot-linux-uclibc/sysroot/usr/lib/libcrypto.a(threads_pthread.o): in function `CRYPTO_atomic_add':
threads_pthread.c:(.text+0x208): undefined reference to `__atomic_is_lock_free'
RSYNC_POST_CONFIGURE_HOOKS must be added to call reconfigure and avoid
the following build failure after autoreconf:
autoconf -o configure.sh
autoheader && touch config.h.in
configure.sh has CHANGED.
config.h.in is unchanged.
You may need to run:
make reconfigure
Fixes:
- http://autobuild.buildroot.org/results/6c1636f7556e7370a4c9f6d02c63cf3e20dc985c
- http://autobuild.buildroot.org/results/49abbaa1eab94b248bff434b40728065d687e278
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Disable neon with soft float to fix the following build failure raised
at least since version 2.19.1:
In file included from build/include/botan/internal/simd_32.h:27,
from src/lib/block/aes/aes_vperm/aes_vperm.cpp:15:
/home/thomas/autobuild/instance-1/output-1/host/lib/gcc/arm-buildroot-linux-musleabi/10.4.0/include/arm_neon.h:31:2: error: #error "NEON intrinsics not available with the soft-float ABI. Please use -mfloat-abi=softfp or -mfloat-abi=hard"
31 | #error "NEON intrinsics not available with the soft-float ABI. Please use -mfloat-abi=softfp or -mfloat-abi=hard"
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/6b311e97484db2b0f8adbda140320d696713b1e0
- http://autobuild.buildroot.org/results/c309940ea6db0845d8221fb51611d0254222c644
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update U-Boot to version 2024.01 and kernel to 6.6.12.
In kernel 6.6 the arm32 i.MX device trees were placed into the
nxp/imx kernel directory, so adapt accordingly.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
ELFUTILS_CFLAGS and ELFUTILS_CPPFLAGS are empty since commit
7593aea519 so drop them to avoid setting
incorrect flags
Fixes: 7593aea519
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
It supports up to Linux 6.8.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package provides firmware blobs for the Edgelock Secure
Enclave (ELE) [1] present on i.MX8ULP and i.MX9 Socs.
This version comes from the 6.1.55-2.2.0 release.
Since i.MX8ULP is not added to Buildroot yet, only support i.MX9.
[1] https://www.nxp.com/products/nxp-product-information/nxp-product-programs/edgelock-secure-enclave:EDGELOCK-SECURE-ENCLAVE
Reviewed-by: Gary Bisson <bisson.gary@gmail.com>
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Arnout:
- Introduce BR2_PACKAGE_FREESCALE_IMX_HAS_ELE instead of specific
dependencies.
- Drop BR2_PACKAGE_FREESCALE_IMX_PLATFORM_IMX91A1, use
BR2_PACKAGE_FREESCALE_IMX_PLATFORM_IMX91 instead.
- Don't use SCR.txt as license file (it's just an index file); instead,
use EULA.
]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
This commit adds i.MX91 and i.MX93 support to Buildroot.
https://www.nxp.com/products/processors-and-microcontrollers/arm-processors/i-mx-applications-processors/i-mx-9-processors:IMX9-PROCESSORS
There is no i.MX95 software provided by NXP at the moment that's why
i.MX95 is left behind.
Adapt package firmware-imx for the LPPDR4 firmware binaries. The i.MX91
and i.MX93 only support LPDDR4 and LPDDR4x, but using different binaries
than i.MX8. For simplicity, use a completely separate code path for
i.MX91 and i.MX93, using the symbol
BR2_PACKAGE_FIRMWARE_IMX_NEEDS_DDR_FW_IMX9. There is only one type of
firmware supported, so there's no need for a choice or for selecting the
version (at least for now).
Reviewed-by: Gary Bisson <bisson.gary@gmail.com>
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Arnout:
- Remove BR2_PACKAGE_FREESCALE_IMX_PLATFORM_IMX91A1 option.
- Re-wrap help text.
- Introduce BR2_PACKAGE_FIRMWARE_IMX_NEEDS_DDR_FW_IMX9 instead of
reusing BR2_PACKAGE_FIRMWARE_IMX_NEEDS_DDR_FW.
- Create completely separate instance of
FIRMWARE_IMX_INSTALL_IMAGE_DDR_FW for
BR2_PACKAGE_FIRMWARE_IMX_NEEDS_DDR_FW_IMX9.
- Drop the training binaries choice for IMX9.
- Drop the firmware version option for IMX9.
- Keep options for IMEM and DMEM padding.
]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Similar to the new fastapi test, instead of waiting for a hard coded
amount of time we can retry every second until the server is available
and abort if after the timeout we still didn't manage to connect.
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following failure in the install step of host-python3:
...
/usr/bin/install -c -m 644 pyconfig.h output/host/include/python3.12/pyconfig.h
[ERROR] _tkinter failed to import: output/build/host-python3-3.12.1/build/lib.linux-x86_64-3.12/_tkinter.cpython-312-x86_64-linux-gnu.so: undefined symbol: Tcl_AddErrorInfo
The following modules are *disabled* in configure script:
_ctypes_test _testbuffer _testcapi
_testclinic _testimportmultiple _testinternalcapi
_testmultiphase _xxtestfuzz xxsubtype
Following modules built successfully but were removed because they could not be imported:
_tkinter
Checked 110 modules (31 built-in, 54 shared, 15 n/a on linux-x86_64, 9 disabled, 0 missing, 1 failed on import)
...
/usr/bin/install -c -m 644 ./Lib/types.py output/host/lib/python3.12
/usr/bin/install: cannot stat 'Modules/_tkinter.cpython-312-x86_64-linux-gnu.so': No such file or directory
/usr/bin/install -c -m 644 ./Lib/typing.py output/host/lib/python3.12
make[3]: *** [Makefile:2068: sharedinstall] Error 1
...
Fixes: 36e635d2d5 ("package/python3: bump version to 3.12.1")
Signed-off-by: Roy Kollen Svendsen <roy.kollen.svendsen@akersolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>