go1.20.7 (released 2023-08-01) includes a security fix to the crypto/tls
package, as well as bug fixes to the assembler and the compiler.
Fixes CVE-2023-29409: restrict RSA keys in certificates to <= 8192 bits
Extremely large RSA keys in certificate chains can cause a client/server to
expend significant CPU time verifying signatures. Limit this by restricting the
size of RSA keys transmitted during handshakes to <= 8192 bits.
Based on a survey of publicly trusted RSA keys, there are currently only three
certificates in circulation with keys larger than this, and all three appear to
be test certificates that are not actively deployed. It is possible there are
larger keys in use in private PKIs, but we target the web PKI, so causing
breakage here in the interests of increasing the default safety of users of
crypto/tls seems reasonable.
https://go.dev/doc/devel/release#go1.20.7
Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since its introduction in 7d8a59b40, the BR2_x86_geode CPU target has
pointed to GCC -march=geode which targets AMD Geode processors [0].
This arch tuning enables MMX and 3DNow! extensions in GCC but these are
not currently reflected in the selected flags by BR2_x86_geode.
This is likely due to the confusing naming and history of "Geode".
The AMD Geode can trace its origins back to the Cyrix MediaGXm [1] and
then to the NSC Geode GXm/GXLV/GX1/GX2 [2]. All of these processors have
MMX instruction support listed in their datasheets. The NSC GX2 was the
first in the series to enable 3DNow!.
When 7fed07d3a4 introduced BR2_X86_CPU_HAS_MMX, Geode was skipped
presumably because it wasn't clear that the target is AMD Geode and
because the Wikipedia documentation for Geode is incomplete [2] with
regards to supported instructions as they all support MMX.
When f6cd56b9ce introduced BR2_X86_CPU_HAS_3DNOW, Geode was skipped
presumably for similar reasons.
Note: the in-tree olpc_xo1_defconfig uses BR2_x86_geode which is fine
as this hardware uses the AMD Geode [3].
Make it more clear that the target is AMD Geode by renaming the Kconfig
menu option and add both MMX and 3DNow! flags to BR2_x86_geode.
This also means that BR2_x86_geode_mmx is no longer needed, and can be
removed. No legacy handling is needed since BR2_x86_geode_mmx has
never been part of any release.
[0]: https://gcc.gnu.org/git/?p=gcc.git;a=blob;f=gcc/config/i386/geode.md;;hb=HEAD
[1]: https://en.wikipedia.org/wiki/MediaGX#MediaGXm
[2]: https://en.wikipedia.org/wiki/Geode_%28processor%29
[3]: https://wiki.laptop.org/go/Hardware_specification
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that 2.41.x has been added, that 2.40.x is the default version,
drop support for 2.38.x.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that 2.41 has been released, let's use 2.40.x as the default
binutils version.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes:
https://sourceware.org/pipermail/binutils/2023-July/128719.html
Copied patches from version 2.40.
Build-tested using these four defconfigs:
----------
BR2_arceb=y
----------
BR2_BINUTILS_VERSION_2_39_X=y
----------
(empty defconfig meaning binutils-2.40)
----------
BR2_BINUTILS_VERSION_2_41_X=y
----------
each using these commands:
$ make host-libiberty
$ make host-binutils
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
composer describes itself as a dependency manager for PHP, it is used
by projects such as CakePHP.
Signed-off-by: Nicolas Carrier <carrier.nicolas0@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Having a working PHP with the correct version, is mandatory for
executing some PHP tools, such as composer, when building packages.
Signed-off-by: Nicolas Carrier <carrier.nicolas0@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is needed for the creation of an host-php package.
Signed-off-by: Nicolas Carrier <carrier.nicolas0@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
mhz is a tool to mathematically calculate the real running CPU frequency
and as such has proved as invaluable tool for developing CPUFreq and
similar features in the kernel.
Its source finally got a license recently so it can be packaged.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit [1], the testsuite build is unconditionally disabled
although we have the option BR2_PACKAGE_XENOMAI_TESTSUITE to
install Xenomai testsuite on the target.
Handle --disable-testsuite option with BR2_PACKAGE_XENOMAI_TESTSUITE.
[1] 74196b7d05
Signed-off-by: Pierre Ficheux <pierre.ficheux@smile.fr>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add purge loacle data support (inspired by BR2_ENABLE_LOCALE_PURGE
handling in Makefile) to reduce target space allocation by the
python-babel package, e.g. from 32MB to 24K for
target/usr/lib/python3.11/site-packages/babel/locale-data with
BR2_ENABLE_LOCALE_WHITELIST="C en_US de_DE".
The special en_US_POSIX locale data is kept as it is used by default
by the python-babel code:
0ce196fccc/babel/core.py (L1076)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch adds esp-hosted package that allows to build the Linux
Kernel Driver for Espressif Esp32-* SoCs, that once programmed with
the corresponding firmware behave like a normal Wi-Fi module. Both
SDIO and SPI busses are supported and selectable.
Cc: Jesse Taube <jesse.taube@benettiengineering.com>
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Provides the `swaybg` utility, which is commonly used with `sway` to
manage background images/color configuration for the compositor.
Signed-off-by: James Knight <james.d.knight@live.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Patch 0001-cmake-Check-USE_BUNDLED_DEPS-before-getting-nlohmann.patch
should have been deleted as part of Buildroot commit
08792a60df ("package/sysdig: bump to
version 0.29.3"). Indeed, this patch was merged upstream as commit
114436c1a45142ef73acfc2607fbc6572782160f between 0.29.2 and 0.29.3.
This fixes the following build failure:
Applying 0001-cmake-Check-USE_BUNDLED_DEPS-before-getting-nlohmann.patch using patch:
patching file cmake/modules/nlohmann-json.cmake
Reversed (or previously applied) patch detected! Skipping patch.
1 out of 1 hunk ignored -- saving rejects to file cmake/modules/nlohmann-json.cmake.rej
There are no autobuilder failures, probably because getting to build
sysdig requires so many special conditions that it never triggered.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 9079079092 (utils/docker-run: fix support for git-worktrees)
got last-minute changes when it was applied, and the case when the
current working directory is not the top of the current working copy
got broken.
Fix that by duplicating (and thus reinstating) the 'cd MAIN_DIR' to
match what is done when retrieving the git-common-dir.
Fixes: 9079079092
Reported-by: Brandon Maier <Brandon.Maier@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
From https://marlam.de/msmtp/news/:
"""
msmtp 1.8.24 is released
2023-06-29
This release fixes the allow_from_override command, adds the
from_full_name command, fixes a few minor bugs and updates the
translations (thanks again to everyone at translationproject.org).
msmtp 1.8.23 is released
2023-01-30
This release fixes XOAUTH2 authentication with some servers, updates
the msmtpq scripts, and updates the translations (including a new
Swedish translation).
"""
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The cmocka package checks if a toolchain supports the
-fstack-clash-protection compiler flag, and if it does automatically
uses it. That flag is not supported by GCC for Thumb1 builds (at least
as of both GCC 11 and GCC 12). Let's tell cmocka about this by passing
-DWITH_STACK_CLASH_PROTECTION=OFF in this configuration, as suggested
by Arnout Vandecappelle.
Fixes:
http://autobuild.buildroot.net/results/4044b3a71d3130d934c7a7c0c5badfabb2a97030/
Signed-off-by: Joel Carlson <JoelsonCarl@gmail.com>
[Thomas: change the initial patch from Joel to use the suggestion from
Arnout]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add swugenerator as host utility to generate images for swupdate with
all the possible options available like encryption, passkey etc.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
python-libconf is a pure-Python reader/writer for configuration files in
libconfig format, which is often used in C/C++ projects.
https://github.com/ChrisAichinger/python-libconf
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Current versions of sam-ba are 64bit only.
objdump -p $(HOST_DIR)/bin/sam-ba
$(HOST_DIR)/bin/sam-ba: file format elf64-x86-64
Signed-off-by: Daniel Lang <d.lang@abatec.at>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit adds the Arm CoreSight trace data Decoder support to perf.
See: https://docs.kernel.org/trace/coresight/coresight-perf.html
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This library provides an API suitable for the decode of
ARM(r) CoreSight(tm) trace streams.
OpenCSD is for example an optional dependency in the Linux
"perf" tool, starting from kernel version 5.1.
https://github.com/Linaro/OpenCSD
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If the libiberty package is not the same version as the one packaged
with binutils AND if libiberty is installed before binutils, then the
below error is observed. Hence for now let us keep the versions in sync.
/usr/bin/ld: ../libiberty/libiberty.a(hashtab.o):(.data.rel.local+0x0)
: multiple definition of `htab_eq_pointer'
Fixes:
http://autobuild.buildroot.net/results/f07/f077ec588b395102ad501a18c85d5030c0765031/
Build-tested using these four defconfigs:
----------
BR2_arceb=y
----------
BR2_BINUTILS_VERSION_2_38_X=y
----------
(empty defconfig meaning binutils-2.39)
----------
BR2_BINUTILS_VERSION_2_40_X=y
----------
each using these commands:
$ make host-libiberty
$ make host-binutils
Signed-off-by: Akshay Bhat <nodeax@gmail.com>
[Bernd: bump to version 2.40, replace hash file with link to binutils]
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changelog: https://github.com/fmtlib/fmt/blob/master/ChangeLog.rst
Updated license hash due to upstream commit, no legal changes:
48dfbcaa95
This patch depends on bumping spdlog to version 1.12.0.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch depends on bumping gerbera to version 1.12.1.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Removed patch which is included in this release.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>