The kernel generated by the configuration for the STM32f429-discovery
board is buggy:
Fixes:
Unhandled exception: IPSR = 00000006 LR = fffffff1
CPU: 0 PID: 1 Comm: init Not tainted 4.11.0 #2
Hardware name: STM32 (Device Tree Support)
task: 9041a000 task.stack: 907c0000
PC is at ret_fast_syscall+0x2/0x4a
LR is at tty_ioctl+0x1ad/0x75c
pc : [<0800d942>] lr : [<080c2e05>] psr: 4000000b
sp : 907c1fa8 ip : 0000001c fp : 905961a2
r10: 00000000 r9 : 907c0000 r8 : 0800dae0
r7 : 00000036 r6 : 905e7e60 r5 : 00000000 r4 : 905e7ebc
r3 : 00000000 r2 : 00000000 r1 : 00000000 r0 : 00000000
xPSR: 4000000b
CPU: 0 PID: 1 Comm: init Not tainted 4.11.0 #2
Hardware name: STM32 (Device Tree Support)
[<0800fbf9>] (unwind_backtrace) from [<0800f05b>] (show_stack+0xb/0xc)
[<0800f05b>] (show_stack) from [<0800f553>] (__invalid_entry+0x4b/0x4c)
Inspired by commit a3e3d9c198 ("configs/stm32f469_disco_xip_defconfig:
alternative defconfig for XIP"), update the stm32f429_disco_defconfig
configuration to use a newer kernel. Current setup kernel + rootfs fits
in 1.6MB on-chip flash memory.
The kernel has been moved to new flash bank due to growth of dtb size.
Remove upstream patch.
For better binary size optimization gcc LTO is turned on.
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Acked-by: Christophe Priouzeau <christophe.priouzeau@foss.st.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Newer versions of the kernel generate device trees that are not
storable in a single 16kB sector. In these cases the kernel load address
must be changed.
The commit 2e499dcff3ef ("Add possibility to use custom kernel load address")
adds the possibility to override the default (0x08008000) kernel load
address.
This also required changes to the stm32f429_disco_defconfig and
stm32f469_disco_xip_defconfig configurations. Patching is no longer
needed.
Also update whitespaces in hash file (2 spaces).
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Acked-by: Christophe Priouzeau <christophe.priouzeau@foss.st.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The current configuration fails to boot on the stm32f469-disco board.
Make it bootable again by reverting the DRAM patches.
Also change the kernel load address from 0x8010000 to 0x800C000 to
allocate more space to the kernel, since 32kB for the device tree is
enough.
Also clean up the rootfs a bit with the common stm32-post-build.sh
script.
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Acked-by: Christophe Priouzeau <christophe.priouzeau@foss.st.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure raised since bump to version 2.1.5 in
commit ca39eb212e:
gettcpinfo.c: In function 'gettcpinfo':
gettcpinfo.c:101:42: error: expected declaration or statement at end of input
101 | inline void gettcpinfo (int sock, struct ReportStruct *sample) {
| ^~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/073e070478f0cda34784af96bb3a802c3aac8f72
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fix CVE-2021-42717: ModSecurity 3.x through 3.0.5 mishandles
excessively nested JSON objects. Crafted JSON objects with nesting
tens-of-thousands deep could result in the web server being unable to
service legitimate requests. Even a moderately large (e.g., 300KB)
HTTP request can occupy one of the limited NGINX worker processes for
minutes and consume almost all of the available CPU on the machine.
Modsecurity 2 is similarly vulnerable: the affected versions include
2.8.0 through 2.9.4.
- Use official tarball and so drop autoreconf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Probably due to bogus merge conflicts, Hervé Codina ended up having
two entries in the DEVELOPERS file. This commit brings back all files
watch by Hervé under the same entry.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
They are currently expressed as such:
depends on (BR2_ENABLE_LOCALE && BR2_USE_WCHAR)
which is not the common practice in Buildroot. We prefer to use:
depends on BR2_ENABLE_LOCALE
depends on BR2_USE_WCHAR
This commit ensures linux-pam is consistent with this best practice.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
BR2_PACKAGE_LINUX_PAM depends on BR2_USE_MMU, but this dependency is
not taken into account in the Config.in comment, which this commit
fixes.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The php-pam package provides a PHP PAM (Pluggable Authentication
Modules) integration.
https://pecl.php.net/package/PAM
Based on initial work from Nicolas Carrier <nicolas.carrier@orolia.com>
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The php-lua package provides a PHP extension that embeds the lua
interpreter and offers an OO-API to lua variables and functions.
https://pecl.php.net/package/lua
Based on initial work from Nicolas Carrier <nicolas.carrier@orolia.com>
Two patches are present and were retrieved from the following
upstream pull request in order to support PHP8:
https://github.com/laruence/php-lua/pull/47
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
APCu is an in-memory key-value store for PHP.
Keys are of type string and values can be any PHP variables.
APCu only supports userland caching of variables
https://pecl.php.net/package/APCU
Based on initial work from Nicolas Carrier <nicolas.carrier@orolia.com>
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
select BR2_PACKAGE_MESA3D_DRI3 for all gallium/kmsro drivers in case
X11 is selected, see meson.build:
240 with_gallium_kmsro = with_gallium_v3d or with_gallium_vc4 or with_gallium_etnaviv or with_gallium_panfrost or with_gallium_lima or with_gallium_freedreno
[...]
524 if with_gallium_kmsro and (with_platform_x11 and not with_dri3)
525 error('kmsro requires dri3 for X11 support')
526 endif
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=13831
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add config option for DRI3 support and use it instead
of DRI3 enable/disable logic in *.mk file.
Move the libxshmfence dependency to the DRI3 option, cfr. the following
in meson.build:
if with_dri3
...
dep_xshmfence = dependency('xshmfence', version : '>= 1.1')
endif
Also select DRI3 in the Vulkan Intel driver.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Arnout: make it a blind option, move xshmfence select to dri3]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The modsecurity2 package provides an Apache module implementing
a web application firewall (WAF) module.
Based on initial work from Tom Marcuzzi <tom.marcuzzi@orolia.com>
and Nicolas Carrier <nicolas.carrier@orolia.com>
modsecurity2 will be superseeded sooner or later by modsecurity v3
ie. libmodsecurity [1] and its Apache connector [2]. libmodsecurity
is already supported in Buildroot with its Nginx connector.
According to the Apache connector web page and the discussion [3],
the Apache connector is not ready for production use.
[1] https://github.com/SpiderLabs/ModSecurity
[2] https://github.com/SpiderLabs/ModSecurity-apache
[3] https://github.com/SpiderLabs/ModSecurity-apache/issues/80
The best we can do now is to still use modsecurity2 (v2.9.x) for
Apache:
https://github.com/SpiderLabs/ModSecurity/tree/v2/master
Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
While adding this package with commit[1] Microblaze architecture has been
disabled by default pointing that it suffers from gcc ICE, but this is not
true, indeed the build error is referred to libgeos that is postgis
dependency:
```
during RTL pass: reload
.../bootlin-microblazeel-uclibc/build/libgeos-3.9.0/src/geom/util/Densifier.cpp: In static member function ‘static std::unique_ptr<std::vector<geos::geom::Coordinate> > geos::geom::util::Densifier::densifyPoints(geos::geom::Coordinate::Vect, double, const geos::geom::PrecisionModel*)’:
.../bootlin-microblazeel-uclibc/build/libgeos-3.9.0/src/geom/util/Densifier.cpp:128:1: internal compiler error: in gen_reg_rtx, at emit-rtl.c:1155
128 | }
| ^
```
This build error has been worked around with this commit[2] and I've just
tested this build with Microblaze gcc 9.3/9.4/10.3 and 11.2 and it builds
succesfully since the bug above is gcc bug 90620[3] and it's been handled
in libgeos already.
So let's allow Microblaze(el/be) to build this postgis.
[1]: https://git.buildroot.net/buildroot/commit/?id=9bb1034455de299876dfd03c5074d8bb9622f873
[2]: https://git.buildroot.net/buildroot/commit/?id=847b441b1ca2230c4f26a49aaede69eca5e7e7ad
[3]: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90620
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure with help2man raised since bump to
version 1.26.0 in commit be76508af2:
FAILED: docs/man/mbimcli.1
/usr/bin/help2man --output=docs/man/mbimcli.1 '--name=Control MBIM devices' '--help-option="--help-all"' /home/peko/autobuild/instance-1/output-1/build/libmbim-1.26.0/build/src/mbimcli/mbimcli
help2man: can't get `"--help-all"' info from /home/peko/autobuild/instance-1/output-1/build/libmbim-1.26.0/build/src/mbimcli/mbimcli
Try `--no-discard-stderr' if option outputs to stderr
Fixes:
- http://autobuild.buildroot.org/results/eaa2ba54b9c74f07292d3cad4fa96c80e6079702
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
BMP and NHRPD default to enabled. Both of them require c-ares. However,
if BMP and NHRPD are disabled, it is possible to build without c-ares.
Create user-visible configuration options for BMP and NHRPD and only
depend on c-ares if either of them is selected.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
ICU build scripting adds some host libraries to LD_LIBRARY_PATH by
using constructs of the following form:
LD_LIBRARY_PATH="custom-path:${LD_LIBRARY_PATH}"
If the original LD_LIBRARY_PATH is empty, this causes the last search
directory be an empty string, i.e. the working directory.
ICU build runs some basic host commands (e.g. "rm") in $(TARGET_DIR)/lib
under such an LD_LIBRARY_PATH, causing target libraries (e.g. libc) to
possibly get loaded instead of host system libraries if they are
compatible enough (e.g. arch matches).
Since the target libraries may not actually be ABI compatible with host
system binaries (e.g. target has an old libc), this can cause crashes
or other errors.
Observed errors include:
(1) rm: libc.so.6: version `GLIBC_2.33' not found (required by rm)
(2) sh: line 1: 1362670 Segmentation fault (core dumped) rm -f libicudata.so.65
Workaround the issue by setting a dummy LD_LIBRARY_PATH when it would
otherwise be empty.
https://unicode-org.atlassian.net/browse/ICU-21417
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
zeromq is an optional dependency since version 4.0 and
b6116506ec
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure raised with help2man since bump to
version 1.30.0 in commit 50c5495f81:
FAILED: docs/man/qmicli.1
/usr/bin/help2man --output=docs/man/qmicli.1 '--name=Control QMI devices' '--help-option="--help-all"' /home/peko/autobuild/instance-1/output-1/build/libqmi-1.30.2/build/src/qmicli/qmicli
help2man: can't get `"--help-all"' info from /home/peko/autobuild/instance-1/output-1/build/libqmi-1.30.2/build/src/qmicli/qmicli
Try `--no-discard-stderr' if option outputs to stderr
Fixes:
- http://autobuild.buildroot.org/results/15818b6de7378cd75c59b1d6dc732ed9a20c092a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following vulnerabilities:
* CVE-2021-4008/ZDI-CAN-14192 SProcRenderCompositeGlyphs out-of-bounds
access
The handler for the CompositeGlyphs request of the Render extension does
not properly validate the request length leading to out of bounds memory
write.
* CVE-2021-4009/ZDI-CAN 14950 SProcXFixesCreatePointerBarrier out-of-bounds
access
The handler for the CreatePointerBarrier request of the XFixes extension
does not properly validate the request length leading to out of bounds
memory write.
* CVE-2021-4010/ZDI-CAN-14951 SProcScreenSaverSuspend out-of-bounds access
The handler for the Suspend request of the Screen Saver extension does not
properly validate the request length leading to out of bounds memory
write.
* CVE-2021-4011/ZDI-CAN-14952 SwapCreateRegister out-of-bounds access
The handlers for the RecordCreateContext and RecordRegisterClients
requests of the Record extension do not properly validate the request
length leading to out of bounds memory write.
For details, see the advisory:
https://lists.x.org/archives/xorg-announce/2021-December/003122.html
Builds without systemd unfortunately got broken. Add a patch fixing that
from an upstream merge request:
https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/827
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* drop all upstreamed patches
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- Fix CVE-2021-4048: An out-of-bounds read flaw was found in the CLARRV,
DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0,
as also used in OpenBLAS before version 0.3.18. Specially crafted
inputs passed to these functions could cause an application using
lapack to crash or possibly disclose portions of its memory.
- Update license hash, year changed:
f67034373e
- Update indentation in hash file (two spaces)
http://netlib.org/lapack/lapack-3.10.0.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes:
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition...
scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
Tested on beaglebone black and beaglebone white (A6)
Signed-off-by: Lothar Felten <lothar.felten@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
tftp and traceroute6 has been removed in this release [1][2].
Due that LICENSE file has been changed.
Also remove patch from this release.
[1] https://github.com/iputils/iputils/pull/369
[2] https://github.com/iputils/iputils/pull/362
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure raised since bump to version 1.9.5 in
commit c7233ec2c3 and
6f8f170db3:
/home/giuliobenetti/autobuild/run/instance-2/output-1/host/lib/gcc/arm-buildroot-linux-gnueabihf/11.2.0/../../../../arm-buildroot-linux-gnueabihf/bin/ld: pcscd-pcscdaemon.o: in function `signal_thread':
pcscdaemon.c:(.text+0x444): undefined reference to `HPReCheckSerialReaders'
Fixes:
- http://autobuild.buildroot.org/results/6cf323229f32967aa554418410dc94b7094d09af
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Minor bugfix release:
Changes between 1.1.1l and 1.1.1m [14 Dec 2021]
*) Avoid loading of a dynamic engine twice.
[Bernd Edlinger]
*) Fixed building on Debian with kfreebsd kernels
[Mattias Ellert]
*) Prioritise DANE TLSA issuer certs over peer certs
[Viktor Dukhovni]
*) Fixed random API for MacOS prior to 10.12
These MacOS versions don't support the CommonCrypto APIs
[Lenny Primak]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add xxhash mandatory dependency to avoid the following build failure
with the embedded xxhash (in version 0.8.1) and uclibc raised since
bump to version 1.4.63 in commit
2a00246645 and
23b07fa3ef:
/home/buildroot/autobuild/instance-0/output-1/host/lib/gcc/arm-buildroot-linux-uclibcgnueabi/10.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: src/lighttpd.p/algo_xxhash.c.o: in function `XXH32_canonicalFromHash':
/home/buildroot/autobuild/instance-0/output-1/build/lighttpd-1.4.63/build/../src/algo_xxhash.h:2282: undefined reference to `static_assert'
Fixes:
- http://autobuild.buildroot.org/results/7b644dce244a1aa4a193a3196059a56b2c4c7591
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Install xxhash in staging to allow lighttpd to use it
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Disable cunit to avoid the following build failure raised since bump to
version 8.1 in commit ca2753fd47 and
749714731e:
In file included from pceplib/test/pcep_utils_counters_test.c:33:
./pceplib/pcep_utils_counters.h:112:2: error: unknown type name 'time_t'
112 | time_t start_time;
| ^~~~~~
Fixes:
- http://autobuild.buildroot.org/results/b68d3e369e2925938bde39508988aa9b701f1045
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issues:
- cgi_error_no_template(): Encode the template name to prevent
XSS (cross-site scripting) when Privoxy is configured to servce
the user-manual itself.
Commit 0e668e9409c. OVE-20211102-0001. CVE-2021-44543.
Reported by: Artem Ivanov
- get_url_spec_param(): Free memory of compiled pattern spec
before bailing.
Reported by Joshua Rogers (Opera) who also provided the fix.
Commit 652b4b7cb0. OVE-20211201-0003. CVE-2021-44540.
- process_encrypted_request_headers(): Free header memory when
failing to get the request destination.
Reported by Joshua Rogers (Opera) who also provided the fix.
Commit 0509c58045. OVE-20211201-0002. CVE-2021-44541.
- send_http_request(): Prevent memory leaks when handling errors
Reported by Joshua Rogers (Opera) who also provided the fix.
Commit c48d1d6d08. OVE-20211201-0001. CVE-2021-44542.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
