This is a small bugfix release which solves a coupld of build issues.
Release notes:
https://wpewebkit.org/release/cog-0.14.1.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
With the move to 5.19-rc1, the ethernet interface is now supported.
Configure it using DHCP at startup.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Opensbi is now based on 1.1, U-Boot on 2022.07-rc3 and Linux on 5.19-rc1.
We don't yet support 5.19 kernel headers, so use 5.17 instead.
The incompatibility between opensbi and u-boot is now fixed, so drop
0001-arch-riscv-dts-sun20i-d1.dtsi-adjust-plic-compatible.patch.
The updated device tree in the kernel tree no longer specifies a memory
node (and the board exists in 512M/1G/2G variants, so instead use the
(otherwise identical) device tree provided by u-boot, where the memory
node is fixed up based on the detected memory size.
On riscv, the linux kernel unconditionally wants to build its bundled
dtc, so it needs flex and bison, even if it is not going to build any
DTB. We can get flex and bison either via the system ones, or we get
them as they are in LINUX_KCONFIG_DEPENDENCIES. However, relying on this
is a bit fragile, so we keep asking the kernel to build a DTB, so that
we do ensure that our host-{flex,bison} are built and in the dependency
chain of the kernel (for PPD).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr:
- extend on why we keep building a DTB from the kernel
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
go1.19.1 includes security fixes to the net/http and net/url packages, as well
as bug fixes to the compiler, the go command, the pprof command, the linker, the
runtime, and the crypto/tls and crypto/x509 packages.
https://github.com/golang/go/issues?q=milestone%3AGo1.19.1+label%3ACherryPickApproved
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
go1.18.6 includes security fixes to the net/http package, as well as bug fixes
to the compiler, the go command, the pprof command, the runtime, and the
crypto/tls, encoding/xml, and net packages.
https://github.com/golang/go/issues?q=milestone%3AGo1.18.6+label%3ACherryPickApproved
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Sub-options of a kconfig symbol are only preperly indented below that
sybol, if there is no inter-mixed sylbols or comments.
In this vase, the comment about perf being unavailable is in-between the
perf symbol and the sub-options, which means the perf options are int
indented.
Move the comment before the definition of perf, so that the options
directly follow the per fsymbol, and so they are properly indented.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Use the mainline ATF as it supports the Pine64 ROCKPro64 board.
Fixes:
- https://gitlab.com/buildroot.org/buildroot/-/jobs/2812054016
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
package/gcc/11.3.0/0005-rs6000-Improve-.machine.patch:4: generate your patches with 'git format-patch -N'
package/gcc/11.3.0/0006-rs6000-Do-not-use-rs6000_cpu-for-.machine-ppc-and-pp.patch:4: generate your patches with 'git format-patch -N'
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
lots of fixes but most importantly:
- don't allow unknown operational/admin states (CVE-2022-29799, CVE-2022-29800)
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
OpenLayers changed its release format again, only two weeks after the
previous change. The good news is, though, that they now ship a
single release archive that includes the compiled JavaScript code
together with the source code. Furthermore, they ship both code with
a single license, which file is part of the archive.
Hence, we still do not need to rely on host-nodejs for this package,
at least not for this version.
Signed-off-by: Thomas Claveirole <thomas.claveirole@green-communications.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
lots of fixes but most importantly:
- don't allow unknown operational/admin states (CVE-2022-29799, CVE-2022-29800)
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
host-python-pillow was needed to build optee-os from STMicroelecronics
during its rc versions but is is not needed anymore in the release.
It is then useless to keep this support.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
host-python-pillow dependency was needed to build the STMicroelecronics
version during its rc versions but is is not needed anymore in the release.
It is then useless to keep this dependency.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Following the switch to Glibc as the default libc in Buildroot [1],
all defconfigs expecting uClibc with wchar (or any other uClibc
specific option) should now select BR2_TOOLCHAIN_BUILDROOT_UCLIBC too.
Even if all defconfigs has been tested with uClibc, maintainers
prefer to not enforce a C library and use the default of Buildroot,
which is now glibc.
This commit remove uClibc specific options BR2_TOOLCHAIN_BUILDROOT_WCHAR,
BR2_PTHREAD_DEBUG (required by gdb) and BR2_TOOLCHAIN_BUILDROOT_USE_SSP.
Since glibc always has argp built-in, also remove the standalone one
from affected toolchains...
Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/2911738579
[1] 4057e36ca9
[2] http://lists.busybox.net/pipermail/buildroot/2022-August/649998.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
[yann.morin.1998@free.fr: also drop argp-standalone]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
gcc 11.3.0 contains a backported patch [1] that introduce
a regression for old powerpc cpus like the powerpc 7400 (G4).
The glibc crash the init process due to a wrong asm machine
directive (.machine).
Run /sbin/init as init process
init[1]: segfault (11) at 7369693e nip 6f6e08 lr 6f6a68 code 1 in libc.so.6[690000+18f000]
init[1]: code: 280a000c 41c1ffe0 811edb80 554a103a 7d48502e 7d4a4214 7d4903a6 4e800420
init[1]: code: 2c08007a 4bffffbc 89290000 5529103a <7d2a482e> 2c090000 41c2ff78 7fe4fb78
Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
Backport two patches from the gcc-11 stable branch (the upcoming gcc
11.4.0).
[1] https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=3cb53c10831be59d967d9dce8e7980fee4703500
Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/2976071284
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Joel Stanley <joel@jms.id.au>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following security vulnerabilities:
- [Low] Fault injection attack on RAM via Rowhammer leads to ECDSA key
disclosure. Users doing operations with private ECC keys such as
server side TLS connections and creating ECC signatures, who also
have hardware that could be targeted with a sophisticated Rowhammer
attack should update the version of wolfSSL and compile using the
macro WOLFSSL_CHECK_SIG_FAULTS.
- [Low] In wolfSSL version 5.3.0 if compiled with
--enable-session-ticket and the client has non-empty session cache,
with TLS 1.2 there is the possibility oàf a man in the middle passing
a large session ticket to the client and causing a crash due to an
invalid free. There is also the potential for a malicious TLS 1.3
server to crash a client in a similar manner except in TLS 1.3 it is
not susceptible to a man in the middle attack. Users on the client
side with –enable-session-ticket compiled in and using wolfSSL
version 5.3.0 should update their version of wolfSSL.
- [Low] If using wolfSSL_clear to reset a WOLFSSL object (vs the normal
wolfSSL_free/wolfSSL_new) it can result in runtime issues. This
exists with builds using the wolfSSL compatibility layer
(--enable-opnesslextra) and only when the application is making use
of wolfSSL_clear instead of SSL_free/SSL_new. In the case of a TLS
1.3 resumption, after continuing to use the WOLFSSH object after
having called wolfSSL_clear, an application could crash. It is
suggested that users calling wolfSSL_clear update the version of
wolfSSL used.
- Potential DoS attack on DTLS 1.2. In the case of receiving a
malicious plaintext handshake message at epoch 0 the connection will
enter an error state reporting a duplicate message. This affects both
server and client side. Users that have DTLS enabled and in use
should update their version of wolfSSL to mitigate the potential for
a DoS attack.
https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Docker Compose v2 is no longer a standalone component, but is now a
plugin loaded by docker-cli.
As such, it should not be installed in /usr/bin, but in the directory
where docker-cli loads its plugins from.
Additionally, we consequently make docker-compose depend on docker-cli;
indeed, it does not really make sense to present a plugin unless the
component it attaches to is already enabled [0].
License hash changed due to strictly copying the license text template,
without customisation to the year and copyright owner.
[0] the original submission by Christian would use a select, to keep
existing config, but that's not sensible, as we already have some
packages that are plugins and that use depends-on, like nginx plugins.
For consistency and as it semantically makes sense, we use a depends-on
here too.
Signed-off-by: Christian Stewart <christian@paral.in>
[yann.morin.1998@free.fr:
- don't select docker-cli, but depends-on it; explain it in commit log
- explain why we override the install commands
- explain change in license file hash
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- drop a patch (already in version)
- update Copyright.txt (changed from 1995-2021 to 1995-2022)
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure with gcc 4.8 raised since commit
8b42bbf30a:
/home/buildroot/autobuild/run/instance-1/output-1/build/sconeserver-8d1935919a2013358993a8e9dfa992cbde56e503/http/AuthRealmDB.cpp: In member function 'virtual std::string http::AuthRealmDB::lookup_hash(const string&)':
/home/buildroot/autobuild/run/instance-1/output-1/build/sconeserver-8d1935919a2013358993a8e9dfa992cbde56e503/http/AuthRealmDB.cpp:93:3: error: 'unique_ptr' is not a member of 'std'
std::unique_ptr<scx::DbQuery> query(m_db->object()->new_query(
^
Fixes:
- http://autobuild.buildroot.org/results/198c23f1de5cc90efe2d3b4ce053939457e003f7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Linux kernel commit 00facc760903 ("perf jevents: Switch build to use
jevents.py") switched to auto-generation of arch-specific PMU events
using python script. Now custom PMU events for different platforms of
the selected target architecture are not embedded into perf binary if
an appropriate host python interpreter is not present. In practice it
means that perf is successfully built, but 'perf list pmu' will show
no custom events on a target platform even if those events are supported
and properly defined in tools/perf/pmu-events/arch/<target arch>
directory in the kernel source tree.
Since building host-python3 is not instantaneous, add a config option,
like we have in the kernel for a bunch of host packages, to id=ndicate
that host-python3 is required, and only add the dependency in that case.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[yann.morin.1998@free.fr:
- add BR2_PACKAGE_LINUX_TOOLS_PERF_NEEDS_HOST_PYTHON3
- extend commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
From the README:
dhcpcd-9 defaults the run directory to `/var/run/dhcpcd` instead of
`/var/run` and the prefix of dhcpcd has been removed from the files.
Make it so.
Signed-off-by: Konstantin Menyaev <KAMenyaev@sberdevices.ru>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Change in license hash is due to version bump and copyright year udpate.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The hash of README.md has changed because the link to the zstd license
has been added:
- ``
+ `- zstd (Dual BSD\GPLv2 Licenses) is from https://github.com/facebook/zstd`
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- gh-92888: Fix memoryview use after free when accessing the backing buffer
in certain cases.
- gh-87389: http.server: Fix an open redirection vulnerability in the HTTP
server when an URI path starts with //.
Release notes:
https://docs.python.org/release/3.10.6/whatsnew/changelog.html#python-3-10-6-final
Signed-off-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
[Peter: Mark as security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6c872197f4)
[Peter: drop Makefile/Vagrantfile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We need to switch to the github download as the sdist published to pypi
doesn't package the epl-v20 license file isn't included there:
https://github.com/eclipse/paho.mqtt.python/pull/635
License changed to EPL-2.0 and EDLv1.0.
Changelog:
https://github.com/eclipse/paho.mqtt.python/blob/master/ChangeLog.txt
Signed-off-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
[yann.morin.1998@free.fr:
- use spaces in hash file
- drop localy computed md5
- license is EPL *and* EDL, not _or_
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This tests valdates that we can publish a message and read it back.
Signed-off-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
Tested-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[yann.morin.1998@free.fr:
- don't manually start mosquitto, there's a startup script for that
- don't pass custom timeout
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following error on calling mqtt.publish():
File "/usr/lib/python3.10/site-packages/paho/mqtt/publish.py", line 222, in single
multiple([msg], hostname, port, client_id, keepalive, will, auth, tls,
File "/usr/lib/python3.10/site-packages/paho/mqtt/publish.py", line 126, in multiple
if not isinstance(msgs, collections.Iterable):
AttributeError: module 'collections' has no attribute 'Iterable'
Backported from https://github.com/eclipse/paho.mqtt.python/pull/497/
This was deprecated in python 3.9 and stopped working in python 3.10
Signed-off-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bf0d8c9659)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is currently no version of gdbserver for or1k. Until this
is implemented we will prevent both the direct and indirect
selection of gdbserver for or1k builds. In practice this means
that 'cross gdb for the host' cannot be selected and that
'full debugger' must be automatically selected for the gdb target
package.
This partially reverts commit 991b7b990a
which claimed that gdbserver for or1k was already supported before
version 8.3. That is not true - the commit that adds gdbserver support
for or1k [1] was only merged for version 12.1, which hasn't been
integrated in Buildroot yet.
Without that support, the build of gdbserver fails with
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-musl/11.2.0/../../../../or1k-buildroot-linux-musl/bin/ld: server.o: in function `main':
server.cc:(.text.startup+0x6dc): undefined reference to `initialize_low()'
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-musl/11.2.0/../../../../or1k-buildroot-linux-musl/bin/ld: remote-utils.o: in function `prepare_resume_reply(char*, ptid_t, target_waitstatus*)':
remote-utils.cc:(.text+0x28a8): undefined reference to `using_threads'
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-musl/11.2.0/../../../../or1k-buildroot-linux-musl/bin/ld: remote-utils.cc:(.text+0x28b0): undefined reference to `using_threads'
Fixes: http://autobuild.buildroot.net/results/b3c/b3c0df53d09d9facaf0c3c2bc4529f9fcf7737ee
[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=4933265c3f71b9134363d0c05f09542d5cc677f4
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Stafford Horne <shorne@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>