Commit Graph

58032 Commits

Author SHA1 Message Date
Thomas De Schampheleire
dd14435d81 package/oracle-mysql: use BR2_ENABLE_RUNTIME_DEBUG iso BR2_ENABLE_DEBUG
BR2_ENABLE_DEBUG should just steer the availability of debug symbols and
should have no negative effect on performance.

Introduction of 'assert' statements, 'debug'-type builds with additional
logging, etc. should be steered by BR2_ENABLE_RUNTIME_DEBUG instead.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-06-01 22:39:40 +02:00
Thomas De Schampheleire
a5107b8740 package/boost: use BR2_ENABLE_RUNTIME_DEBUG iso BR2_ENABLE_DEBUG
BR2_ENABLE_DEBUG should just steer the availability of debug symbols and
should have no negative effect on performance.

Introduction of 'assert' statements, 'debug'-type builds with additional
logging, etc. should be steered by BR2_ENABLE_RUNTIME_DEBUG instead.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-06-01 22:39:37 +02:00
Thomas De Schampheleire
77b9b0f8cf package/sysrepo: remove explicit setting of CMAKE_BUILD_TYPE
sysrepo explicitly sets CMAKE_BUILD_TYPE=Release, ignoring any possible
value of BR2_ENABLE_DEBUG (previously) or BR2_ENABLE_RUNTIME_DEBUG (now).

With the introduction of BR2_ENABLE_RUNTIME_DEBUG, this change should no
longer be necessary. Users that do not wish to have additional runtime
debugging just keep BR2_ENABLE_RUNTIME_DEBUG disabled (default value).

As the 'Debug' build type enables tests, disable them explicitly.
As the 'Debug' build type uses a custom REPO_PATH which does not exist on
target, force /etc/sysrepo like in the 'Release' build type.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Acked-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-06-01 22:39:35 +02:00
Thomas De Schampheleire
9a7afc0bb6 package/sysrepo: use default CMAKE_BUILD_TYPE for host package
Use the default build type for host-sysrepo.
In the current version of sysrepo, this happens to be 'Debug'.
As 'Debug' also enables tests, explicitly disable them.

Suggested-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Acked-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-06-01 22:39:33 +02:00
Thomas De Schampheleire
f2f318270e package/flare-engine: disable effect of CMAKE_BUILD_TYPE
flare-engine enables profiling when CMAKE_BUILD_TYPE is 'Debug'. The
Buildroot package explicitly avoided that by forcing CMAKE_BUILD_TYPE to
'RelWithDebInfo' when pkg-cmake.mk would normally set it to 'Debug'. Until
recently, this was the case when BR2_ENABLE_DEBUG was enabled.

A previous commit changed the condition under which CMAKE_BUILD_TYPE=Debug
was set, from BR2_ENABLE_DEBUG=y to BR2_ENABLE_RUNTIME_DEBUG=y, so logically
the flare-engine package would have to be updated accordingly.

However, apart from the profiling flag, the flare-engine package only uses
CMAKE_BUILD_TYPE to determine flags that Buildroot wants to control itself,
like optimization and debugging flags.

This means we can fake CMAKE_BUILD_TYPE to a value that has no meaning for
flare-engine itself, without needing to check BR2_ENABLE_DEBUG nor
BR2_ENABLE_RUNTIME_DEBUG.

Incidentally, this trick was already done in case
BR2_TOOLCHAIN_HAS_GCC_BUG_85180 was true, so move that line out of this
condition.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-06-01 22:39:31 +02:00
Thomas De Schampheleire
61c5e0319c package/pkg-cmake.mk: determine CMAKE_BUILD_TYPE depending on BR2_ENABLE_RUNTIME_DEBUG
The CMAKE_BUILD_TYPE is currently set as 'Debug' in case BR2_ENABLE_DEBUG is
set, and as 'Release' in other cases. However, while the description of
BR2_ENABLE_DEBUG is to enable debug symbols (no runtime impact), the 'Debug'
build type in CMake can actually have runtime impact. For one, because it
does not set -DNDEBUG like is done for 'Release', but also because packages
may do custom things based on it.

The question of which CMAKE_BUILD_TYPE Buildroot should set, be it 'Debug',
'Release', 'RelWithDebInfo' or others, has come up several times in the
past. See some references below:

- July 2016: switch from Debug to RelWithDebInfo:
  https://git.buildroot.org/buildroot/commit/?id=4b0120183404913f7f7788ef4f0f6b51498ef363

- October 2016: switch from RelWithDebInfo back to Debug:
  https://git.buildroot.org/buildroot/commit/?id=104bb29e0490bfb487e2e665448dd3ca07fcc2b5
  and changes to make sure Buildroot's flags are respected:
  https://git.buildroot.org/buildroot/commit/?id=12494ef48f893684d0800e7f6fe39a2ceaed0451

- August 2017: bug #10246 - "BR2_ENABLE_DEBUG does not have the expected
  effect for cmake packages"
  https://bugs.busybox.net/show_bug.cgi?id=10246

- August 2017: mail thread following bug #10246:
  http://lists.busybox.net/pipermail/buildroot/2017-August/200778.html

In the last mail thread, Samuel Martin confirmed that the 'Release' build
type could be used in all cases, because Buildroot is actually making sure
that the optimization flags are those determined by Buildroot, not the
defaults of cmake, thanks to commit 12494ef48f.
But Arnout Vandecappelle objected to using always 'Release', stating that
users may actually want the extra assertions.

With the introduction of BR2_ENABLE_RUNTIME_DEBUG, Buildroot can now cater
for all cases:

- use CMAKE_BUILD_TYPE=Release by default. This makes sure that there is no
  unexpected performance degradation triggered by enabling BR2_ENABLE_DEBUG.

- users can optionally enable BR2_ENABLE_RUNTIME_DEBUG if they want runtime
  debug info like assertions, at the risk of introducing performance
  degradation. In this case, we switch to CMAKE_BUILD_TYPE=Debug.

- orthogonally to the above, BR2_ENABLE_DEBUG still determines passing the
  '-g' flag to enable debug symbols, and BR2_OPTIMIZE_X still determines the
  used optimization flags.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-06-01 22:39:28 +02:00
Thomas De Schampheleire
5a8c50fe05 core: enable 'NDEBUG' unless BR2_ENABLE_RUNTIME_DEBUG is set
The 'assert' statement in glibc honors the 'NDEBUG' preprocessor macro: if
it is set, then the assert statement is compiled away.

Define this 'NDEBUG' macro when BR2_ENABLE_RUNTIME_DEBUG is disabled (the
default case).

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-06-01 22:39:26 +02:00
Thomas De Schampheleire
b7939fe2a0 core: introduce BR2_ENABLE_RUNTIME_DEBUG
Some packages have optional runtime assertions, extra traces, or other
elements that can help in debugging problems. However, such runtime elements
can negatively influence performance.

In a test program performing 100K gRPC calls from a client to a local server
and receiving the returned response, we see following execution time:

    - runtime debug enabled: 1065 seconds
    - runtime debug disabled:  48 seconds

This is more than a factor 20 (!) difference. Analysis shows that the
problem mostly stems from libabseil-cpp (a dependency of gRPC) which enables
mutex deadlock analysis when the preprocessor flag 'NDEBUG' is not set,
which adds a 'backtrace()' call on every lock/unlock.  Potentially worse,
when libunwind is enabled and linked with the test program, 'backtrace()' is
not provided by glibc but by libunwind itself.

For production systems, users expect good performance out-of-the-box. In the
example above, the difference is huge and unless explicitly tested and
analyzed, users may not realize that the performance could be much better.

Address this problem by introducing a new option BR2_ENABLE_RUNTIME_DEBUG,
which can be used by packages or package infrastructures to set the
necessary flags.

Note that BR2_ENABLE_RUNTIME_DEBUG is orthogonal to BR2_ENABLE_DEBUG: the
former changes runtime behavior, while the latter is only expected to add
debug symbols to the build. Today, the cmake build system does introduce a
runtime impact when BR2_ENABLE_DEBUG is set, but that will be rectified in a
subsequent commit.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-06-01 22:39:23 +02:00
Fabrice Fontaine
cb6fd050cd package/directfb: disable on riscv32
directfb unconditionally uses __NR_futex which will raise the following
build failure on riscv32:

system.c:242:21: error: '__NR_futex' undeclared (first use in this function)
  242 |      ret = syscall( __NR_futex, uaddr, op, val, timeout, uaddr2, val3 );
      |                     ^~~~~~~~~~

Fixes:
 - http://autobuild.buildroot.org/results/c0f4168575fa85af933539441eea95a3b10dac91

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-06-01 22:36:55 +02:00
Fabrice Fontaine
5a075b47a8 package/libkcapi: fix build on riscv32
Fix the following build failure on riscv32:

lib/internal.h:331:20: error: '__NR_io_getevents' undeclared (first use in this function); did you mean 'io_getevents'?
  331 |     return syscall(__NR_io_getevents, ctx, min, max, events, timeout);
      |                    ^~~~~~~~~~~~~~

Fixes:
 - http://autobuild.buildroot.org/results/c828d4330a8888fe8db4299dc2f20759947f329f

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-06-01 22:33:16 +02:00
Fabrice Fontaine
34173da168 package/unscd: disable on riscv32
unscd unconditionally uses __NR_clock_gettime which will raise the
following build failure on riscv32:

nscd-0.54.c:339:14: error: '__NR_clock_gettime' undeclared (first use in this function); did you mean 'clock_gettime'?
  339 |  if (syscall(__NR_clock_gettime, CLOCK_MONOTONIC, &ts))
      |              ^~~~~~~~~~~~~~~~~~
      |              clock_gettime

Fixes:
 - http://autobuild.buildroot.org/results/eb77b18f268d8e59c407f757662117a33d3f9ee3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-06-01 22:32:10 +02:00
Fabrice Fontaine
dc34fa5c6c package/libcamera: fix build on sparc v8
Fix build failure with sparc v8 which is raised since commit
bd9b7b092c due to
https://git.linuxtv.org/libcamera.git/commit/?id=a8310248fc26cc1e1b791af5e9394c1d20bee269

Fixes:
 - http://autobuild.buildroot.org/results/d0726b2253f1f3d006e057f3b32c646c4b9b5f7a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-06-01 22:24:34 +02:00
Fabrice Fontaine
689033a8c2 package/uftrace: needs dynamic library
Since its addition in commit 09c97972d9,
uftrace always builds a dynamic library which will raise the following
build failure:

  LINK     libmcount/libmcount.so
.../ld: .../crtbeginT.o: relocation R_X86_64_32 against hidden symbol `__TMC_END__' can not be used when making a shared object

Fixes:
 - http://autobuild.buildroot.org/results/980bb38c6417bd48828379677762382030c5b28a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-06-01 22:17:53 +02:00
Baruch Siach
1410cbd163 package/libesmtp: move SITE to s.b.n
The original site is gone, and the author is no longer providing
tarballs:

  https://libesmtp.github.io/notes.html

Change website link to the current official page.

Fixes:
http://autobuild.buildroot.net/results/d788315bf708c31e14ba5fb35dccf94753d5f78a/
http://autobuild.buildroot.net/results/83bfdd8e5f897b4d4be81c4c16106feb4e17bd50/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-06-01 22:08:29 +02:00
Bernd Kuhls
20a4c7a7f6 DEVELOPERS: add Bernd Kuhls for intel-mediasdk & deps
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-06-01 22:02:31 +02:00
Fabrice Fontaine
4d6ca0a8ac package/libcutl: fix build with gcc 11
Add -std=c++11 to fix the following build failure with gcc 11:

In file included from shared-ptr/base.cxx:5:
../cutl/shared-ptr/base.hxx:34:41: error: ISO C++17 does not allow dynamic exception specifications
   34 | operator new (std::size_t, cutl::share) throw (std::bad_alloc);
      |                                         ^~~~~

Fixes:
 - http://autobuild.buildroot.org/results/60a39d402a0d051c92aa11421b7a14f7729a0380

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-06-01 21:59:35 +02:00
Heiko Thiery
9584765654 package/i2c-tools: add I2C_TOOLS_CPE_ID_VENDOR
cpe:2.3🅰️i2c-tools_project:i2c-tools is a valid CPE identifier for this
package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ai2c-tools_project%3Ai2c-tools

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-06-01 21:57:01 +02:00
Romain Naour
826d350fc3 uclibc: powerpc: fix PIE/PIC builds with secureplt enabled by default
Apply the fix provided by Yann Sionneau when secureplt is enabled
by default by gcc compiler along with PIE/PIC options.

"For the secure PLT to work in PIC, the r30 register needs to point to the GOT"

Fixes:
[qemu_ppc_e500mc_defconfig] https://gitlab.com/buildroot.org/buildroot/-/jobs/1255661606
[qemu_ppc_g3beige_defconfig] https://gitlab.com/buildroot.org/buildroot/-/jobs/1255661607
[qemu_ppc_mac99_defconfig] https://gitlab.com/buildroot.org/buildroot/-/jobs/1255661609

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yann Sionneau <yann@sionneau.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-06-01 21:48:49 +02:00
Romain Naour
6b4b63a571 Config.in: disable PIC/PIE for Nios2
Recently in Buildroot the option BR2_PIC_PIE has been enabled by default along
with other hardening features [1]. Since then the nios2 defconfig
qemu_nios2_10m50_defconfig is failing to boot due to a segfault in init program:

Run /init as init process
  with arguments:
    /init
  with environment:
    HOME=/
    TERM=linux
Failed to execute /init (error -12)

See Buildroot build log and Qemu runtime test log in build artifacts [2].

Analyzing one of the binary with strace show that the problem occur
very early when starting the new process:

 # strace ./busybox
 execve("./busybox", ["./busybox"], 0x7f91ce90 /* 10 vars */) = -1 ENOMEM
(Cannot allocate memory)
 +++ killed by SIGSEGV +++

Several binutils/glibc/gcc version has been tested without any success.

The issue has been reported to the glibc mailing list but it can be a linker
or kernel bug [3].

For the Buildroot 2021.05 release, disable BR2_PIC_PIE until the problem is
found and fixed.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1285145889

[1] https://git.buildroot.net/buildroot/commit/?id=810ba387bec3c5b6904e8893fb4cb6f9d3717466
[2] https://gitlab.com/buildroot.org/buildroot/-/jobs/1285145889
[3] https://sourceware.org/pipermail/libc-alpha/2021-May/126912.html

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-06-01 21:47:51 +02:00
Sam Voss
93b8d601bc package/hostapd: add upstream patch to fix CVE-2021-27803
Fixes the following:

- CVE-2021-27803: A vulnerability was discovered in how p2p/p2p_pd.c in
wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision
discovery requests. It could result in denial of service or other impact
(potentially execution of arbitrary code), for an attacker within radio
range.

Signed-off-by: Sam Voss <sam.voss@collins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-06-01 21:47:51 +02:00
Peter Korsgaard
e4132725bd Update for 2021.05-rc3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-05-31 23:29:41 +02:00
Peter Korsgaard
cebf2b91b3 package/dhcp: security bump to version 4.4.2-P1
Fixes the following security issue:

- CVE-2021-25217: A buffer overrun in lease file parsing code can be used to
  exploit a common vulnerability shared by dhcpd and dhclient

For details, see the advisory:
https://kb.isc.org/docs/cve-2021-25217

Update the LICENSE hash for a change of copyright years.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-05-31 22:29:04 +02:00
Yann E. MORIN
fe3cb7978a docs: move the IRC channel away from Freenode
Due to the recent events at Frenode [0], the channel has become a bit
unreliable (much spammed), and users have started to move away already,
as quite a few other projects have moved their IRC presence away from
Freenode.

There are a few alternatives. The first to spring to mind, is the new
Libera.Chat network [1], managed by the previous Freenode staff, so we
could expect quite a good experience there. However, it is a very young
network. The second well known alternative is the long-established OFTC,
which has been very reliable in its 20 years of existence.

So, let's move to OFTC, just because it has a track-record of robustness
(which Libera.Chat still has to build, for being young).

Note: there are a lot of other IRC networks, some very good too, but we
probably would be much off-topic on most of them.

[0] https://lwn.net/Articles/856543/
[1] https://libera.chat/
[2] https://www.oftc.net/

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Acked-by: Matthew Weber <matthew.weber@collins.com>
Acked-by: Heiko Thiery <heiko.thiery@gmail.com>
Acked-By: Vincent Fazio <vfazio@xes-inc.com>
Acked-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-29 22:16:23 +02:00
Fabrice Fontaine
fb25c95a0b package/strace: xtensa needs headers >= 5.0
xtensa support needs user_pt_regs since version 5.6 and
2429c69961

However user_pt_regs is only available since kernel 5.0 and
06fbac8e89

Fixes:
 - http://autobuild.buildroot.org/results/c6c4fb3b9098c5fc5dbe4415e2a9757fc775b746

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-29 22:05:19 +02:00
Fabrice Fontaine
c3ba90d69a package/pkg-meson: always set b_pie to false
pipewire unconditionally enables b_pie since version 0.3.20 and
abe73c9146
which will raise the following build failure on m68k since commit
a6d88d3ba5:

/srv/storage/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/9.3.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: /srv/storage/autobuild/run/instance-1/output-1/host/m68k-buildroot-linux-uclibc/sysroot/usr/lib/Scrt1.o: in function `lib_main':
(.text+0x4): undefined reference to `__shared_flat_add_library'

To fix this build failure, always set b_pie to false as PIE will be
enabled by toolchain/toolchain-wrapper.mk if needed

Fixes:
 - http://autobuild.buildroot.org/results/c258a2736661af8ea73abeda2503d8682e65f1e2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-29 21:00:06 +02:00
Yann E. MORIN
bfceec6b5f Revert "package/pkg-meson: handle b_pie"
This reverts commit a8a147f604.

That commit incorrectly made use of BR2_TOOLCHAIN_SUPPORTS_PIE, when it
should have been using BR2_PIC_PIE.

Besides, another attempt is pending, that unconditionally disables it as
it will be set by the toolchain wrapper already.

For both reasons, revert rather than switch over to BR2_PIC_PIE.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-29 11:16:35 +02:00
Fabrice Fontaine
a8a147f604 package/pkg-meson: handle b_pie
pipewire unconditionally enables b_pie since version 0.3.20 and
abe73c9146
which will raise the following build failure on m68k since commit
a6d88d3ba5:

/srv/storage/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/9.3.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: /srv/storage/autobuild/run/instance-1/output-1/host/m68k-buildroot-linux-uclibc/sysroot/usr/lib/Scrt1.o: in function `lib_main':
(.text+0x4): undefined reference to `__shared_flat_add_library'

Fixes:
 - http://autobuild.buildroot.org/results/c258a2736661af8ea73abeda2503d8682e65f1e2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-29 11:10:00 +02:00
Fabrice Fontaine
4fce8cd4ae package/pipewire: alsa needs ucm
alsa unconditionally uses ucm since version 0.3.7 and
1612f5e4d2
which will result in the following build failure since commit
a6d88d3ba5:

../spa/plugins/alsa/acp/alsa-ucm.h:26:10: fatal error: alsa/use-case.h: No such file or directory
   26 | #include <alsa/use-case.h>
      |          ^~~~~~~~~~~~~~~~~

Fixes:
 - http://autobuild.buildroot.org/results/ef53534daf84397b4e22392f2a6be2c335819ab5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-29 10:28:04 +02:00
Peter Korsgaard
ab9ceea782 package/nginx: add upstream CVE-2021-23017 security fix
Fixes the following vulnerability:

- CVE-2021-23017: 1-byte memory overwrite in resolver

For more details, see the advisories:
https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html
https://www.openwall.com/lists/oss-security/2021/05/25/5

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: annotate the patch, that it is a backport]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-28 14:36:39 +02:00
Peter Korsgaard
eae15d62c6 package/libcurl: security bump to version 7.77.0
Fixes the following security issues:

- CVE-2021-22897: schannel cipher selection surprise
  https://curl.se/docs/CVE-2021-22897.html

- CVE-2021-22898: TELNET stack contents disclosure
  https://curl.se/docs/CVE-2021-22898.html

- CVE-2021-22901: TLS session caching disaster
  https://curl.se/docs/CVE-2021-22901.html

Unconditionally disable the ldap(s) options.  These require external
libraries, but the options were ignored if the needed libraries weren't
available. This is now changed to be a fatal error since

dae382a1a1

Additionally, add a post-7.77.0 upstream patch to fix compilation with
bearssl.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: annotate the patch, that it is a backport]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-28 14:19:33 +02:00
Peter Korsgaard
1f1d220419 docs/website: update for 2021.05-rc2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-05-27 23:41:23 +02:00
Yann E. MORIN
c2a1f906d6 package/{hostapd,wpa_supplicant}: alphabetical order to select openssl features
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-27 17:35:52 +02:00
Baruch Siach
154b99d0a7 package/wget: enable MD4 and DES support in openssl
NTLM support in wget requires MD4 and DES. Make sure that openssl
supports these algorithms.

Fixes:
http://autobuild.buildroot.net/results/a342a4547dce1551e141c06c454f6e5f0830b671/
http://autobuild.buildroot.net/results/12b1f6f701b46a1dd2de5e32c86beecf590b6530/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-27 17:33:00 +02:00
Adrian Perez de Castro
f1e65b0b96 package/wlroots: check for BR2_PACKAGE_SEATD
Fix the wlroots packaging by checking for the correct variable to
determine whether seatd is being built.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-27 17:30:03 +02:00
Fabrice Fontaine
8d7ac28707 package/gdb: fix gdbserver build with m68k and uclibc
Allow to build gdbserver with m68k and uclibc. This patch is not needed
for version above 9.2 because build_gdbserver as been
moved to its own file since
https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=919adfe8409211c726c1d05b47ca59890ee648f1

This new file (gdbserver/configure.srv) does not seem to be affected by
this issue

Fixes:
 - http://autobuild.buildroot.org/results/f4d6d9d8418c0da48a3db4ad5a82e19bd16eae34

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-27 17:25:02 +02:00
Fabrice Fontaine
34a387b5f6 package/mpv: security bump to version 0.33.1
Fix CVE-2021-30145: A format string vulnerability in mpv through 0.33.0
allows user-assisted remote attackers to achieve code execution via a
crafted m3u playlist file.

https://github.com/mpv-player/mpv/releases/tag/v0.33.1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-05-27 17:22:04 +02:00
Fabrice Fontaine
9dad1ef144 package/paho-mqtt-c: security bump to version 1.3.9
Old security issue not fixed:
https://github.com/eclipse/paho.mqtt.c/issues/1084

https://github.com/eclipse/paho.mqtt.c/milestone/16?closed=1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-05-27 17:21:48 +02:00
Fabrice Fontaine
d72350e62a package/boost: disable logs with riscv32
boost logs can't be built with riscv32 because it unconditionally uses
__NR_futex:

libs/log/src/event.cpp: In member function 'void boost::log::v2_mt_posix::aux::futex_based_event::wait()':
libs/log/src/event.cpp:38:29: error: '__NR_futex' was not declared in this scope
   38 | #define BOOST_LOG_SYS_FUTEX __NR_futex
      |                             ^~~~~~~~~~

Fixes:
 - http://autobuild.buildroot.org/results/8c8135fd7c0517c66c9b3975c494da6d7934cc1b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-05-27 09:44:54 +02:00
Sergey Matyukevich
a92e4f992b package/hostapd: enable DES in openssl
Hostapd/wpa_supplicant crypto backend assumes that openssl always
provides DES support. However DES support in openssl has become
optional since  commit a83d41867c ("package/libopenssl: add
option to enable some features").

Select openssl DES support in hostapd Kconfig to avoid
build failures.

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-26 23:31:49 +02:00
Sergey Matyukevich
a2baf1dbfa package/wpa_supplicant: enable DES in openssl
Hostapd/wpa_supplicant crypto backend assumes that openssl always
provides DES support. However DES support in openssl has become
optional since  commit a83d41867c ("package/libopenssl: add
option to enable some features").

Select openssl DES support in wpa_supplicant Kconfig to avoid
build failures.

Fixes:
http://autobuild.buildroot.net/results/00d46eb765f23a1f6e168338f2cc863ae348045d/

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-26 23:31:47 +02:00
Raphaël Mélotte
71f7fc8a27 package/python-pymupdf: new package.
Python bindings for the PDF rendering library MuPDF.

Signed-off-by: Raphaël Mélotte <raphael.melotte@essensium.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout:
 - propagate harfbuzz dependencies;
 - add comment to mupdf to keep versions in sync;
 - clarify license situation + lack of license file]
2021-05-26 22:04:36 +02:00
Raphaël Mélotte
9806302851 package/mupdf: new package.
MuPDF is a lightweight PDF, XPS, and E-book viewer.

Note: some packages, like PyMuPDF, depend on mupdf's libraries, hence
the patch.

Signed-off-by: Raphaël Mélotte <raphael.melotte@essensium.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout:
 - propagate harfbuzz dependencies;
 - correct version number in hash file;
 - patch on post-patch hook instead of post-extract;
 - nicer line splitting]
2021-05-26 21:47:50 +02:00
Thomas De Schampheleire
ebc1ded191 package/Makefile.in: pass '-g0' explicitly if !BR2_ENABLE_DEBUG
If BR2_ENABLE_DEBUG is not set, Buildroot did not pass any flag
to control debug level. This means that the build system of the package
itself would control it.

Instead, provide an explicit '-g0' (no debugging symbols) to get consistent
behavior across packages.

Suggested-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-05-25 22:29:44 +02:00
Adrian Perez de Castro
97b2511edb package/webkitgtk: disable gamepad support
Pass -DENABLE_GAMEPAD=OFF to CMake in order to disable support for the
gamepad API, which requires libmanette, a library that is not yet
available in Buildroot.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-05-25 22:24:06 +02:00
Fabrice Fontaine
8258081602 package/pifmrds: always link with -lm
Commit 888546e527 wrongly removed linking
with -lm resulting in the following build failure:

/home/buildroot/autobuild/run/instance-3/output-1/host/bin/arm-linux-gnueabihf-gcc  -o pi_fm_rds rds.o waveforms.o pi_fm_rds.o fm_mpx.o control_pipe.o -L/home/buildroot/autobuild/run/instance-3/output-1/host/bin/../arm-buildroot-linux-gnueabihf/sysroot/usr/lib -lsndfile
/home/buildroot/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-linux-gnueabihf/7.3.1/../../../../arm-linux-gnueabihf/bin/ld: fm_mpx.o: undefined reference to symbol 'cos@@GLIBC_2.4'
/home/buildroot/autobuild/run/instance-3/output-1/host/arm-buildroot-linux-gnueabihf/sysroot/lib/libm.so.6: error adding symbols: DSO missing from command line

Fixes:
 - http://autobuild.buildroot.org/results/b2a6e6fd77bf9071ce9f75fed1811be9ffe5366d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-05-25 21:29:59 +02:00
Fabrice Fontaine
52b875d3ac package/libopenh264: fix mips32 build
Fix build failure with mips32 which is raised since the addition of
bootlin toolchains

Fixes:
 - http://autobuild.buildroot.org/results/cba3e9d0fd061cc3a92cb732bcdc2c7b66dbf6cb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-05-25 21:27:42 +02:00
Fabrice Fontaine
4f79b1cb93 package/python-bluezero: select dbus
Build is broken since commit
8bdc5e7c4d because BR2_PACKAGE_DBUS_PYTHON
is selected without selecting BR2_PACKAGE_DBUS

Fixes:
 - http://autobuild.buildroot.org/results/378dd714940440b8f9db763479ae929e90e33b80

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-24 22:19:44 +02:00
Xiaobing Luo
77a0167155 package/mtd: add BR2_PACKAGE_MTD_UBIHEALTHD option
mtd-utils-2.1.2 add ubihealthd daemon

Signed-off-by: Xiaobing Luo <luoxiaobing0926@gmail.com>
Reviewed-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-24 19:52:14 +02:00
Nicolas Cavallari
cb53b131f6 package/libgit2: disable NTLM support unconditionally.
NTLM is an old authentication protocol depending on DES and MD4 and
its creator, Microsoft, discourage its use since 2010, because it is
weak and vulnerable to many attacks.

libgit2 has support for NTLM and it is enabled by default if openssl
is used, however, since commit a83d41867c ("package/libopenssl: add
option to enable some features"), support for DES and MD4 can be
disabled in openssl.

Since openssl is an optional dependency to libgit2 and getting rid of
NTLM is a goal in itself for many windows administrators, disable NTLM
by default.

Fixes: http://autobuild.buildroot.net/results/efb4ce2174cb6944558e895ce852182ba2738a70
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-24 19:44:00 +02:00
Adrian Perez de Castro
bd2b819faa package/libepoxy: bump to version 1.5.7
This update includes a build fix for the RaspberryPi 4 (from 1.5.7)
and a fix for the GL library loader when GLX is involved (from 1.5.6)
Release notes:

  https://github.com/anholt/libepoxy/releases/tag/1.5.6
  https://github.com/anholt/libepoxy/releases/tag/1.5.7

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
[francois.perrad@gadz.org: fix indent in hash file]
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[yann.morin.1998@free.fr: meld Adrian and François' patches together]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-24 19:37:47 +02:00