Commit Graph

57130 Commits

Author SHA1 Message Date
Matthew Weber
d657acfffb package/kvm-unit-tests: fix powerpc64 PHDR seg err
Upstream comment: "Let's introduce some fake PHDRs
to the linker script to get this working again."

Fixes:
(next) http://autobuild.buildroot.net/results/ae091dbcb155e63c208ce5adb289807cee83e28d/
(master) http://autobuild.buildroot.net/results/ef0/ef0b044802c54a697d8bffb28eba08cf9ce44f4c/
(2021.02.x) http://autobuild.buildroot.net/results/044/04495aa23ce51c48b9b850890453abded85dc477/
(2021.05.x) http://autobuild.buildroot.net/results/0fa/0fa94f1f930aa16cec3bc96e64bc57b460238a0a/

[Cherry-picked upstream]
5126732d73aa75a0bc84f898042bfe35640624b8

Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5cfaf5e23e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-06 17:09:53 +02:00
Fabrice Fontaine
a56e34c64a package/cpio: fix CVE-2021-38185
GNU cpio through 2.13 allows attackers to execute arbitrary code via a
crafted pattern file, because of a dstring.c ds_fgetstr integer overflow
that triggers an out-of-bounds heap write. NOTE: it is unclear whether
there are common cases where the pattern file, associated with the -E
option, is untrusted data.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 89857df2d1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-06 17:06:46 +02:00
Angelo Compagnucci
09164c0b4a linux: bump CIP RT kernel to version 4.19.198-cip54-rt21
This patch bumps Linux CIP RT to version 4.19.198-cip54-rt21

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 835ea5b94c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-06 16:47:05 +02:00
Angelo Compagnucci
72c3599b0c linux: bump CIP kernel to version 4.19.198-cip54
This patch bumps Linux CIP to version 4.19.198-cip54.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 595209da93)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-06 16:45:57 +02:00
Michael Fischer
2d7b00d4b6 package/gdb: bump version 10.x to 10.2
Signed-off-by: Michael Fischer <mf@go-sys.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2ee1063136)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-06 15:43:21 +02:00
Fabrice Fontaine
5f651a510f Revert "package/libshout: enable optional dependency for libressl"
This reverts commit 46b8fb7500 indeed if
libressl is selected as the openssl provider, the BR2_PACKAGE_OPENSSL
conditition will always be used and the BR2_PACKAGE_LIBRESSL condition
will never be triggered. Moreover, libressl provides a pkg-config file.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit da4d8fc407)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-06 15:39:15 +02:00
Peter Korsgaard
d64b9a944c package/haproxy: security bump to version 2.2.16
Fixes the following security issues:

- CVE-2021-39240: An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3
  before 2.3.13, and 2.4 before 2.4.3.  It does not ensure that the scheme
  and path portions of a URI have the expected characters.  For example, the
  authority field (as observed on a target HTTP/2 server) might differ from
  what the routing rules were intended to achieve.

- CVE-2021-39241: An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2
  before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3.  An HTTP method
  name may contain a space followed by the name of a protected resource.  It
  is possible that a server would interpret this as a request for that
  protected resource, such as in the "GET /admin?  HTTP/1.1 /static/images
  HTTP/1.1" example.

- CVE-2021-39242: An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3
  before 2.3.13, and 2.4 before 2.4.3.  It can lead to a situation with an
  attacker-controlled HTTP Host header, because a mismatch between Host and
  authority is mishandled.

For more details, see the advisory:
https://www.mail-archive.com/haproxy@formilux.org/msg41041.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-06 15:35:35 +02:00
Giulio Benetti
65a07bd610 package/openvmtools: fix time_t build failure on 32-bit platforms
Add upstream pending patch[1] to fix time_t on 32-bit platform.

[1]: https://github.com/vmware/open-vm-tools/pull/387

Fixes:
http://autobuild.buildroot.net/results/eb3dfe679536b578a0f16762312a96ada7162095/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 75b02d6f3d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-06 15:23:17 +02:00
Giulio Benetti
a6feaccf18 DEVELOPERS: add myself to toolchain topics/packages
Since I've dealt and deal with toolchain bugs and their work-around
very often add myself to toolchain topic(toolchain/) as well as
package/binutils and package/gcc.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8d0fcab128)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-06 14:27:12 +02:00
Matthew Weber
1d5b786911 package/eigen: override Fortran path
The language detection is falling back to the host system
Fortran compiler. An example of this is in RHEL7.9
(gcc4.8.5 20150623 (Red Hat 4.8.5-44)).

This patch bypasses detection and points to the location
where the compiler would be installed (if present). In the
cases where it doesn't exist, the detection falls through
and leaves Fortran disabled.

Fixes:
http://autobuild.buildroot.net/results/8354da225d1e5e337aa7ea62a7e6524fb5f1135f/

Signed-off-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9f59154245)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-06 14:25:52 +02:00
Bernd Kuhls
d35b87a605 package/postgresql: security bump version to 13.4
Release notes:
https://www.postgresql.org/about/news/postgresql-134-128-1113-1018-9623-and-14-beta-3-released-2277/

Fixes CVE-2021-3677:
https://www.postgresql.org/support/security/CVE-2021-3677/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 743f3a4c54)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-06 12:37:50 +02:00
Peter Korsgaard
05585d38d3 package/tor: security bump to version 0.4.5.10
Fixes CVE-2021-38385: https://blog.torproject.org/node/2062

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-05 22:02:54 +02:00
Asaf Kahlon
e1fedf442e package/python-secretstorage: depend comment on BR2_PACKAGE_PYTHON3
The user shouldn't see the comment on the python2 menu.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit bf0b9048f2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-04 23:47:23 +02:00
Asaf Kahlon
12545dd5bd package/python-keyring: depend comment on BR2_PACKAGE_PYTHON3
The user shouldn't view the comment on the python2 menu.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6a932714d3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-04 23:40:22 +02:00
Fabrice Fontaine
6cdae45fd3 package/fontconfig: fix build with NLS
Add TARGET_NLS_DEPENDENCIES and host-gettext dependency to avoid the
following build failure in a per-package-directorie build with
host-cairo raised because fontconfig installs its ITS files in the wrong
directory (i.e. outside of gettext-tiny symlink):

mkdir -p /tmp/instance-0/output-1/per-package/host-cairo/host
rsync -a --link-dest=/tmp/instance-0/output-1/per-package/host-fontconfig/host/ /tmp/instance-0/output-1/per-package/host-fontconfig/host/ /tmp/instance-0/output-1/per-package/host-cairo/host
rsync -a --link-dest=/tmp/instance-0/output-1/per-package/host-freetype/host/ /tmp/instance-0/output-1/per-package/host-freetype/host/ /tmp/instance-0/output-1/per-package/host-cairo/host
rsync -a --link-dest=/tmp/instance-0/output-1/per-package/host-libglib2/host/ /tmp/instance-0/output-1/per-package/host-libglib2/host/ /tmp/instance-0/output-1/per-package/host-cairo/host
cannot delete non-empty directory: share/gettext
could not make way for new symlink: share/gettext

This only happens with per-package directories because then the rsync is
done. Otherwise the fontconfig installation will simply follow the
symlink.

The error of course exists for target as well, but doesn't occur in
autobuilders since it already fails for host.

Fixes:
 - http://autobuild.buildroot.org/results/00e29958cecfffa4e994ab549637117dd8f55c30

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 93351fa0b3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-04 23:36:19 +02:00
Fabrice Fontaine
ed54e66af6 package/fontconfig: break circular dependency
Build fails because of the following circular dependency:

fontconfig -> util-linux -> udev -> systemd -> polkit ->
gobject-introspection -> cairo -> fontconfig

which results in the following build failure:

checking for UUID... no
checking where uuid functions comes from... configure: error:
*** uuid is required. install util-linux.

To break it, apply the same ugly workaround that was applied for
libglib2 and cryptsetup until a better solution is found:
https://patchwork.ozlabs.org/project/buildroot/patch/20201101150619.1709959-1-fontaine.fabrice@gmail.com/

Fixes:
 - http://autobuild.buildroot.org/results/2c6ef073e7e98e13daa409e1ea6130e9abd32c87

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit eb05822259)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-04 23:36:12 +02:00
Peter Korsgaard
6bb11a7721 package/busybox/udhcpc.script: ensure action argument is correctly passed to hook scripts
commit f79a420825 (package/busybox/udhcpc.script: support RFC3442
static routes) used 'set --' clobbering the positional arguments, causing
the action argument to not be correctly forwarded to hook scripts for the
renew / bound cases if static routes are provided by the server.

As a workaround, save the action argument at the beginning of the script and
use that when calling hook scripts.

Reported-by: 王琦 <wangwangqi2011@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 94c41eef61)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-04 23:02:35 +02:00
Fabrice Fontaine
14e07eb7b2 package/libargtable2: update LIBARGTABLE2_VERSION
Update LIBARGTABLE2_VERSION to reflect what is used by
https://release-monitoring.org

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5a3d1f34bc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-04 22:59:04 +02:00
Fabrice Fontaine
0b45059785 package/iozone: update IOZONE_VERSION
Update IOZONE_VERSION to reflect what is used by
https://release-monitoring.org

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1e75050bbb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-04 22:58:05 +02:00
Fabrice Fontaine
c64565e980 package/sqlite: add SQLITE_TAR_VERSION
3.34.1 is the version used by https://release-monitoring.org as well as
NVD NIST database so add SQLITE_TAR_VERSION and drop
SQLITE_CPE_ID_VERSION

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3943b6f003)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-04 22:57:08 +02:00
Kyle Harding
7e3b63f6b6 package/unbound: bump to version 1.13.2
The release contains a bugfix to fix the make install of the python
module after build changes introduced in this release RC1.

This release contains a number of bug fixes. There is a crash fix for
broken internal structures in stream reuse, that is used when many TCP
or TLS upstream connections are made. Also a number of features are added.

https://github.com/NLnetLabs/unbound/releases/tag/release-1.13.2

Signed-off-by: Kyle Harding <kyle@balena.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aaad2ab8e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-04 22:52:04 +02:00
Thomas Petazzoni
8c6f578a4b DEVELOPERS: drop Sven Fischer
Sven has privately asked to no longer receive notifications related to
this package.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 829ecf7d79)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-04 22:48:05 +02:00
Fabrice Fontaine
f42dd76bc3 package/gd: fix CVE-2021-38115
read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD)
through 2.3.2 allows remote attackers to cause a denial of service
(out-of-bounds read) via a crafted TGA file.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0eebfba388)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-04 22:40:44 +02:00
Fabrice Fontaine
53af97d577 package/python-matplotlib: merge dependency comments
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d77aba25a5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-04 22:35:15 +02:00
Fabrice Fontaine
3560d99544 package/jszip: add JSZIP_CPE_ID_VENDOR
cpe:2.3🅰️jszip_project:jszip is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ajszip_project%3Ajszip

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d55535622f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-04 22:33:46 +02:00
Fabrice Fontaine
cb07d93847 package/sylpheed: fix CVE-2021-37746
textview_uri_security_check in textview.c in Claws Mail before 3.18.0,
and Sylpheed through 3.7.0, does not have sufficient link checks before
accepting a click.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 634dcbd50d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-04 22:32:50 +02:00
Fabrice Fontaine
99952c08a8 package/sylpheed: add SYLPHEED_CPE_ID_VENDOR
cpe:2.3🅰️sylpheed_project:sylpheed is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asylpheed_project%3Asylpheed

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7b30697b31)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-04 22:32:48 +02:00
Francois Perrad
68776d578d package/prosody: security bump version to 0.11.10
fixes CVE-2021-37601
see https://blog.prosody.im/prosody-0.11.10-released/

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 047b85e7d5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-04 22:27:02 +02:00
Fabrice Fontaine
eddbbbabc7 package/jszip: fix CVE-2021-23413
This affects the package jszip before 3.7.0. Crafting a new zip file
with filenames set to Object prototype values (e.g __proto__, toString,
etc) results in a returned object with a modified prototype instance.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 921830e92d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-04 22:25:56 +02:00
Fabrice Fontaine
58c73ff9e2 package/xenomai: fix build on arc and riscv32
Fix the following build failures on arc and riscv32:

latency.c: In function 'display':
latency.c:326:21: error: format '%ld' expects argument of type 'long int', but argument 2 has type 'time_t' {aka 'long long int'} [-Werror=format=]
  326 |         ("RTT|  %.2ld:%.2ld:%.2ld  (%s, %Ld us period, "
      |                 ~~~~^
      |                     |
      |                     long int
      |                 %.2lld
  327 |          "priority %d)\n", dt / 3600,
      |                            ~~~~~~~~~
      |                               |
      |                               time_t {aka long long int}

altency.c: In function ‘display’:
altency.c:262:21: error: format ‘%ld’ expects argument of type ‘long int’, but argument 2 has type ‘time_t’ {aka ‘long long int’} [-Werror=format=]
  262 |         ("RTT|  %.2ld:%.2ld:%.2ld  (%s, %Ld us period, "
      |                 ~~~~^
      |                     |
      |                     long int
      |                 %.2lld
  263 |          "priority %d)\n", dt / 3600,
      |                            ~~~~~~~~~
      |                               |
      |                               time_t {aka long long int}

Fixes:
 - http://autobuild.buildroot.org/results/448efe22e8fe058a1b354a3c124874e30b9ce138

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 74196b7d05)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-04 22:08:52 +02:00
Fabrice Fontaine
527018a3f1 package/ogre: fix build on musl
Fix the following build failure on musl raised since the addition of the
package in commit eb91fa730c:

/tmp/instance-1/output-1/build/ogre-1.12.0/OgreMain/src/OgreStringConverter.cpp: In static member function 'static bool Ogre::StringConverter::parse(const String&, Ogre::int32&)':
/tmp/instance-1/output-1/build/ogre-1.12.0/OgreMain/src/OgreStringConverter.cpp:253:22: error: 'strtol_l' was not declared in this scope; did you mean 'strtold_l'?
  253 |         ret = (int32)strtol_l(val.c_str(), &end, 0, _numLocale);
      |                      ^~~~~~~~
      |                      strtold_l

Fixes:
 - http://autobuild.buildroot.org/results/491f89e45610a7752c0700ac02b80a92b7876ec3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 84333281cd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-04 21:55:21 +02:00
Alexander Egorenkov
fdfd8f0fe9 package/prelink-cross: fix handling of TLS offsets for s390 arch
/tmp/instance-1/output-1/host/sbin/prelink-rtld: error while loading
shared libraries: /lib64/libc.so.6: cannot handle TLS data
ERROR: can't resolve libraries to shared libraries: glib-2.0, gobject-2.0
ninja: build stopped: subcommand failed.
make: *** [package/pkg-generic.mk:270:
/tmp/instance-1/output-1/build/gobject-introspection-1.68.0/.stamp_built]
Error 1
make: Leaving directory '/tmp/instance-1/buildroot'

Fixes:
- http://autobuild.buildroot.org/results/7614f5928e845331d7295349da891a76f1786b79/

Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 27b032941a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-04 21:53:19 +02:00
Quentin Schulz
8ec21bd179 package/qt5/qt5base: fix libatomic handling to not affect host builds
qt5declarative builds qmltyperegistrar for the host as part of its build
process.
When building qt target packages (which is the case for qt5declarative),
-spec devices/linux-buildroot-g++ is passed to qmake in QT5_QMAKE
variable and this spec currently has -latomic in its LIBS.

This -latomic makes it to the build of the host build of
qmltyperegistrar which is not useful.

This was discovered on Fedora 34 where libatomic is not pulled with gcc
package, therefore was missing on the host machine.

This makes sure that -latomic is not added for host build of qt
packages.

Fixes: 7d286be4f9 ("package/qt5base: link with -latomic when needed")

Cc: Quentin Schulz <foss@0leil.net>
Suggested-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2d991fd7b2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-04 21:50:58 +02:00
Fabrice Fontaine
32fead8f28 package/iputils: fix rdisc server option
Commit 95b0078cc0 wrongly added
BUILD_RDISC_SERVER instead of ENABLE_RDISC_SERVER:

WARNING: Unknown options: "BUILD_RDISC_SERVER"

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 93be993591)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-01 22:57:52 +02:00
Baruch Siach
99a4994ca6 boot/arm-trusted-firmware: don't force ENABLE_STACK_PROTECTOR
Commit 5f432df7e2 ("boot/arm-trusted-firmware: change
ENABLE_STACK_PROTECTOR value when disabled") set
ENABLE_STACK_PROTECTOR=0 when disabled. But since we pass this value as
MAKE_OPT, the internal ATF logic that sets ENABLE_STACK_PROTECTOR again
based on its initial value breaks. This leads to build failure:

make[1]: *** [/builds/buildroot.org/buildroot/output/build/arm-trusted-firmware-v2.4/build/a80x0_mcbin/release/libc/assert.o] Error 1
aarch64-buildroot-linux-uclibc-gcc.br_real: error: unrecognized command-line option ‘-fstack-protector-0’; did you mean ‘-fstack-protector’?

Move ENABLE_STACK_PROTECTOR to make environment instead to allow make to
change its value.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1497663294

Cc: Dick Olsson <hi@senzilla.io>
Cc: Sergey Matyukevich <geomatsi@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ccac9a5bbb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-01 22:51:25 +02:00
Thomas Petazzoni
42c68f604f boot/arm-trusted-firmware: change ENABLE_STACK_PROTECTOR value when disabled
Since commit
cf176128ec ("boot/arm-trusted-firmware:
add SSP option"), we are passing ENABLE_STACK_PROTECTOR=none when we
want to disable SSP usage in TF-A. While this works fine in recent
versions of TF-A, older versions such as TF-A will end up passing
-fstack-protector-none in this situation, which fails as this is not a
valid gcc option (the valid gcc option is -fno-stack-protector).

To solve this, we pass ENABLE_STACK_PROTECTOR=0 which was in older
TF-A versions used to say "don't do anything with SSP", and is also
still supported in newer versions of TF-A.

Fixes:

 https://gitlab.com/buildroot.org/buildroot/-/jobs/1478738580

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5f432df7e2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-01 22:51:19 +02:00
Peter Korsgaard
004a792dcf Update for 2021.02.4
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-08-10 22:32:54 +02:00
Peter Korsgaard
84c010f468 package/ruby: security bump to version 2.7.4
Fixes the following security issues:

- CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
- CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
- CVE-2021-31799: A command injection vulnerability in RDoc

For more details, see the announcement:
https://www.ruby-lang.org/en/news/2021/07/07/ruby-2-7-4-released/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-08-08 22:54:47 +02:00
Peter Korsgaard
6f50ae1c29 package/nodejs: security bump to version 12.22.4
Fixes the following security issues:

- CVE-2021-22930: Use after free on close http2 on stream canceling (High)

  Node.js is vulnerable to a use after free attack where an attacker might
  be able to exploit the memory corruption, to change process behavior.

Drop 0002-Fix-build-with-ICU-68.patch as this is now fixed upstream since
https://github.com/nodejs/node/commit/e459c79b02

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ca92d31cff)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-08-08 22:48:54 +02:00
James Hilliard
a1966dc62c package/nodejs: fix build with ICU 69
Fixes:
../deps/v8/src/objects/js-list-format.cc: In static member function ‘static v8::internal::MaybeHandle<v8::internal::JSListFormat> v8::internal::JSListFormat::New(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Map>, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>)’:
../deps/v8/src/objects/js-list-format.cc:173:67: error: ‘static icu::ListFormatter* icu::ListFormatter::createInstance(const icu::Locale&, const char*, UErrorCode&)’ is private within this context
  173 |       icu_locale, GetIcuStyleString(style_enum, type_enum), status);
      |                                                                   ^
In file included from ../deps/v8/src/objects/js-list-format.cc:25:
/home/buildroot/buildroot/output/per-package/host-icu/host/include/unicode/listformatter.h:267:27: note: declared private here
  267 |     static ListFormatter* createInstance(const Locale& locale, const char* style, UErrorCode& errorCode);
      |                           ^~~~~~~~~~~~~~

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6507ac846c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-08-08 22:48:43 +02:00
Peter Korsgaard
12e583a177 package/glibc: security bump to version 2.32-50-g737efa27fca5c97f5
Fixes the following security issue:

- CVE-2021-33574: The mq_notify function has a potential use-after-free
  issue when using a notification type of SIGEV_THREAD and a thread
  attribute with a non-default affinity mask.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-08-08 21:46:39 +02:00
Peter Korsgaard
abffd2c23c {linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 10, 12, 13}.x series
Includes fixes for the recent "Sequoia" seq_file vulnerability
(CVE-2021-33909):

https://lwn.net/Articles/863729/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 79e230178b)
[Peter: drop 5.12.x/5.13.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-08-08 21:32:44 +02:00
Fabrice Fontaine
4a7eb93b7d package/guile: fix build on riscv32
Fix the following build failure on riscv32:

system/base/target.scm:132:16: In procedure triplet-pointer-size:
unknown CPU word size "riscv32"

Fixes:
 - http://autobuild.buildroot.org/results/6705630c1484239ec8b73d57ebc2e2570fbfc8f8

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 55f1afe6db)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-08-08 21:27:37 +02:00
Thomas Petazzoni
deccccf5a0 configs/microchip_sam9x60ek_mmc_dev_defconfig: add missing options
This defconfig needs wchar, thread debugging, and udev support to be
able to use all the packages it enables.

Fixes:

  https://gitlab.com/buildroot.org/buildroot/-/jobs/1478738516

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 28803d38e5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-08-08 21:23:14 +02:00
Fabrice Fontaine
3f62b3002b package/mpd: needs gcc >= 8
Since bump to version 0.22.3 in commit b6576a458c (package/mpd: bump
to version 0.22.3), mpd needs gcc >= 8, as documented in their manual
[0], to avoid the following build failure with gcc 7.3.1:

/tmp/instance-7/output-1/host/opt/ext-toolchain/aarch64-linux-gnu/include/c++/7.3.1/bits/stl_tree.h:2091:28: error: no matching function for call to 'std::_Rb_tree<std::__cxx11::basic_string<char>, std::pair<const std::__cxx11::basic_string<char>, std::__cxx11::basic_string<char> >, std::_Select1st<std::pair<const std::__cxx11::basic_string<char>, std::__cxx11::basic_string<char> > >, std::less<std::__cxx11::basic_string<char> >, std::allocator<std::pair<const std::__cxx11::basic_string<char>, std::__cxx11::basic_string<char> > > >::_M_get_insert_unique_pos(std::pair<std::basic_string_view<char>, std::basic_string_view<char> >::first_type&)'
  = _M_get_insert_unique_pos(_KeyOfValue()(__v));
    ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~

Fixes:
 - http://autobuild.buildroot.org/results/4888d99404cc4273349ab036035c5ff7e086b83e

[0] https://mpd.readthedocs.io/en/stable/user.html#compiling-from-source)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: reword commit log to reference the manual]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8f7d7d9d86)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-08-08 21:18:31 +02:00
Fabrice Fontaine
82c0a9a248 package/ltp-testsuite: renumber patch
Commit 84968aa495 forgot to renumber
remaining patch

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a9d585a417)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-08-08 21:16:43 +02:00
Fabrice Fontaine
0175b49f0c package/libqmi: add gobject-introspection optional dependency
gobject-introspection is an optional dependency (enabled by default)
since version 1.26.0 and
2aa0badc79

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit af34a67be6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-08-08 21:11:57 +02:00
Giulio Benetti
d06f5f0a5f package/pixman: fix build failure due to gcc bug 101737
The pixman package exhibits gcc bug 101737 when built for the SH4
architecture with optimization enabled, which causes a build failure.

As done for other packages in Buildroot work around this gcc bug by
setting optimization to -O0 if BR2_TOOLCHAIN_HAS_GCC_BUG_101737=y.
Also let's add PIXMAN_CFLAGS and pass the Codesourcery work around CFLAGS
to it for consistency like we do for the rest of the packages.

Fixes:
http://autobuild.buildroot.net/results/b20/b20869bbb48edb1f0a847ea9e2e1a0462d6350be/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a8a9b12766)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-08-08 21:02:05 +02:00
Giulio Benetti
129c4ecdc3 toolchain: introduce BR2_TOOLCHAIN_HAS_GCC_BUG_101737
pixman package fails to build for the SH4 architecture with optimization
enabled with gcc up to 11.1.0:
http://autobuild.buildroot.net/results/b20/b20869bbb48edb1f0a847ea9e2e1a0462d6350be/

It's been reported upstream:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101737

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 4b22106fb5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-08-08 21:01:58 +02:00
Thomas Petazzoni
fe3d8c5f60 package/python3: add patch to fix highly parallel builds
Highly parallel host-python3 builds sometimes fail with:

Exception in thread Thread-1:
Traceback (most recent call last):
  File "/tmp/instance-3/output-1/host/lib/python3.9/threading.py", line 973, in _bootstrap_inner
    self.run()
  File "/tmp/instance-3/output-1/host/lib/python3.9/concurrent/futures/process.py", line 317, in run
    result_item, is_broken, cause = self.wait_result_broken_or_wakeup()
  File "/tmp/instance-3/output-1/host/lib/python3.9/concurrent/futures/process.py", line 376, in wait_result_broken_or_wakeup
    worker_sentinels = [p.sentinel for p in self.processes.values()]
  File "/tmp/instance-3/output-1/host/lib/python3.9/concurrent/futures/process.py", line 376, in <listcomp>
    worker_sentinels = [p.sentinel for p in self.processes.values()]
RuntimeError: dictionary changed size during iteration

During the compile_all.py step of host-python3. This issue is reported
upstream at https://bugs.python.org/issue43498, and while not yet
fixed upstream, a PR was proposed with a possible fix for it. Seems
the PR seems reasonable, let's give it a chance and see if it improves
the situation.

Hopefully Fixes:

  http://autobuild.buildroot.net/results/ae6c4ab292589a4e4442dfb0a1286349a9bf4d29/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e17946b409)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-08-08 11:54:08 +02:00