When the CVE lookup was added in commit
4a157be9ef, the starting year of the JSON
files was set to 2002. However, there are also CVEs from 1999, 2000 and
2001. It is not clear why these were skipped back then.
Set the start year to 1999 to capture these old CVEs too.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
NVD will deprecate the v1.1 API which allows us to download the full
database as individual JSON files. Instead, there's a horribly crappy
API that is extremely slow and subject to race conditions.
Fortunately, there is a project, Fraunhofer FKIE - Cyber Analysis and
Defense [1], that goes through the effort of adapting to this new API
and regenerating the convenient JSON files. The JSON files and meta
files are re-generated daily.
Instead of implementing the NVD v2 API, we decided to just use the JSON
files generatd by fkie-cad. That saves us the effort of solving the race
conditions, devising a cache mechanism that works, handling the frequent
gateway timeouts on the NVD servers, dealing with the rate limiting, and
keeping up with changes in the API.
Switch to this repository on github as NVD_BASE_URL. The file name is
also slightly different (CVE-20XX.json instead of nvdcve-1.1-20XX.json).
The fkie-cad repository compresses with xz instead of gz. Therefore:
- rename the filename variables to _xz instead of _gz;
- use xz as a subprocess because there is no xz decompressor in Python
stdlib.
[1] https://www.fkie.fraunhofer.de/en/departments/cad.html
Cc: Daniel Lang <dalang@gmx.at>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We currently check the CPE database to see if the CPE ID we use
(including the version) is already in the database.
However, the version part of the CPE ID is not actually used for CVE
matching. Instead, the CVEs have a range of versions associated with
them and we match against those ranges.
In addition, NVD is moving to a new API for accessing the CPE database.
It will not longer be possible to simply download all the CPE IDs, and
due to rate limiting, the download will have to be done in several
queries.
Since all of this is anyway of limited use, drop the CPE database lookup
entirely. Instead, as long as a CPE ID is defined in a package, it is
considered OK, without any checks.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The package/busybox/busybox-minimal.config is the default configuration
for MMU-less systems, so the setting is redundant and can be removed
without effect.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop patch (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure with aarch64 and BR2_OPTIMIZE_0 raised
since commit 0512910e49:
src/convert-neon-body-bayer8.inc.h: In function 'bayer2rgb_convert_neon':
src/convert-neon.c:233:17: error: third argument to '__builtin_prefetch' must be a constant
233 | __builtin_prefetch(((void const *)(_addr)) + 64, 0, (_lvl)); \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/convert-neon-body-bayer8.inc.h:8:9: note: in expansion of macro 'do_prefetch'
8 | do_prefetch(&in[+1*stride - 1], (rows_per_loop) < 3 ? 3 : 0);
| ^~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/307c1c448becd99dfba3a17b3ef816db0bb5cad6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
swugenerator might use openssl to encrypt files in .swu(cpio)
resulting output archive and gzip or zlib to compress the same files
but we're not sure whether build environment have or not openssl, gzip
and zlib installed so we add them as host dependencies.
Signed-off-by: Giulio Benetti <giulio.benetti+tekvox@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Libglib2 can compile without localization support, but still depends
on libiconv, which is selected in Config.in.
This fallback support was broken, and is fixed in this upstream commit:
a497d5be12,
which partially reverts commits that were brought through merge commit
4a8120ec22be0b63705c1ed28b47920b99388087, that landed in 2.74.0 (as
the first stable release).
The other patch is purely added to avoid merge conflicts while
cherry-picking.
Fixes:
http://autobuild.buildroot.org/results/04d9a17e64503e0bece7bad33549ef3ad4b237c9/
Signed-off-by: Thomas Devoogdt <thomas@devoogdt.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
License hash changed due to MIT header added:
a4a82c1b64
Migrate from setuptools to hatchling pep517 build backend.
Drop no longer python-pyopenssl runtime dependency.
Drop no longer python-six runtime dependency.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The meson upgrade from 1.1.1 to 1.2.0 have been reverted because
host-qemu (version v8.0.3) was searching libraries in the build machine
instead of buildroot host directory [1].
$ grep -r LINK_ARGS * | grep "\-L/usr"
build.ninja: LINK_ARGS =
-L/usr/lib/gcc/x86_64-linux-gnu/10 \
-L/usr/lib/gcc/x86_64-linux-gnu/10/../../../x86_64-linux-gnu -L/usr/lib/x86_64-linux-gnu \
-L/usr/lib/gcc/x86_64-linux-gnu/10/../../../../lib -L/usr/lib \
-L/lib/x86_64-linux-gnu \
-L/lib/../lib \
-L/usr/lib/../lib \
-L/usr/lib/gcc/x86_64-linux-gnu/10/../../.. \
-L/lib \
-I/[...]/host/include \
-L/[...]/host/lib \
-I/[...]/host/include/libfdt \
...
Upgrading qemu to version v8.1.0 solves the problem:
$ grep -r LINK_ARGS * | grep "\-L/usr"
build.ninja: LINK_ARGS =
-I/[...]/host/include \
-L/[...]/host/lib \
-I/[...]/host/include/libfdt \
...
Those two tests were done with the same buildroot version (2023.08) on
the same machine were the bug appeared. Using, git bisect, in this
environment, it was found that the problem was fixed in qemu by the
commit [2].
Thus, it is possible that the problem was introduced by improper use of
meson by qemu <= v8.0.3. Also, meson has been updated to version 1.2.1
and 1.3.0 in yocto and it doesn't seem to create any issue. [3]
The original problem is no longer present and some projects require
meson > 1.1.1 (e.g. rusticl requires meson 1.2.0 since mesa 23.3.0 and
meson 1.3.1 since mesa 24.0.0).
"pkgconfig" field is deprecated by meson 1.3.0 and replaced by
"pkg-config". See: [4]
The patch that adds the pkg_config_static property has been rebased.
[1] acfdf21f0b
[2] https://gitlab.com/qemu-project/qemu/-/commit/Fc9a809e0d28417fa1e7f7efc19f845bda4c1be9
[3] https://github.com/yoctoproject/poky/commits/master/meta/recipes-devtools/meson
[4] https://mesonbuild.com/Release-notes-for-1-3-0.html#machine-files-pkgconfig-field-deprecated-and-replaced-by-pkgconfig
Signed-off-by: Antoine Coutant <antoine.coutant@smile.fr>
[yann.morin.1998@free.fr:
- keep our formatting in the patch
- reflow commit log (to keep busy while test-building!)
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
TestGlxinfo fail with a new runtime error:
# glxinfo -B -display :0
name of display: :0
traps: glxinfo[84] trap invalid opcode ip:b73c7027 sp:bf8433c0 error:0 in swrast_dri.so[b6e4c000+64f000]
Illegal instruction
The x86-core2 Bootlin toolchains are built for a core2 CPU [0],
this means that the Bootlin toolchains may use core2-specific
instructions.
The TestGlxinfo test is setup for BR2_x86_core2, so our
executables will also contain core2 instructions.
However, the default Qemu x86 is not guaranteed to emulate all the
instructions specific to core2, causing runtime issues as reported
above.
A similar issue has been fixed by adding Nehalem cpu emulation on
the qemu command line. See 4f565b5222 ("support/testing: use Nehalem
cpu emulation for TestGrubX8664EFI").
Set core2duo cpu emulation for TestGlxinfo on the qemu command line.
[0] https://gitlab.com/buildroot.org/toolchains-builder/-/blob/kubu/toolchain-builder-2023.08/configs/arch/x86-core2.config?ref_type=heads
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
mesa3d 23.3 added dri3_priv.h header and dri3_check_multibuffer() function in
drisw (part of swrast gallium driver) that can be build without dri3.
i686-buildroot-linux-gnu/bin/ld: src/glx/libglx.a.p/drisw_glx.c.o: in function `driswCreateScreenDriver':
drisw_glx.c:(.text.driswCreateScreenDriver+0x3a0): undefined reference to `dri3_check_multibuffer'
collect2: error: ld returned 1 exit status
Add HAVE_DRI3 guard around dri3_priv.h header and the zink code using
dri3_check_multibuffer().
While testing again the TestGlxinfo runtime test, a new unexpected error line
appeared in the glxinfo log:
MESA-LOADER: failed to open zink: /usr/lib/dri/zink_dri.so
mesa3d try to load zink gallium driver even if it was not enabled at
build time, indeed there is no such option in Buildroot.
Apply patches sent upstream:
https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/27478
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6093854455
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
python-bitstring require python-bitarray and python-zlib at runtime
since 4.1.0 release [1][2].
python-zlib is now needed for the "Experimental support for two 8-bit
float types" [2].
Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/6114047821
[1] https://github.com/scott-griffiths/bitstring/releases/tag/bitstring-4.1.0
[2] 70c8af4d8b
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This package is needed at runtime by python-bitstring since
4.1.0 already [1].
Note: the License is under Python-2.0 but "Python Software
Foundation License (PSF)" has been remplaced by the author
of bitarray Ilan Schnell.
[1] https://github.com/scott-griffiths/bitstring/releases/tag/bitstring-4.1.0
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Reviewed-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The defconfig choice is the default one, so it is redundant and can be
removed without effect.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 6b2329bb80 ("configs/ti_am64x_sk: new defconfig") forgot to
specify the Linux kernel version, so do that now.
When the defconfig was added, the default version was 6.4.x, so use
version 6.4.16.
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes build issue of the python support with python 3.12 (2.3.4
unconditionally uses distutils).
The license file used being a header file, it has changed due to code
changes, but the license is still LGPL-3.0+.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 719921bebe (package/kexec: bump to version 2.0.27) forgot to
propagate the new dependency on kernel headers to petitboot, which may
select kexec, causing unmet dependencies warnings (unfortunately, not
errors), such as:
$ KCONFIG_SEED=0x84462FFC make randconfig
WARNING: unmet direct dependencies detected for BR2_PACKAGE_KEXEC
Depends on [n]: BR2_PACKAGE_KEXEC_ARCH_SUPPORTS [=y] && BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_17 [=n]
Selected by [y]:
- BR2_PACKAGE_PETITBOOT [=y] && (BR2_PACKAGE_KEXEC_ARCH_SUPPORTS [=y] || BR2_PACKAGE_KEXEC_LITE_ARCH_SUPPORTS [=n]) && BR2_USE_MMU [=y] && BR2_USE_WCHAR [=y] && !BR2_STATIC_LIBS [=n] && BR2_TOOLCHAIN_HAS_THREADS [=y] && BR2_PACKAGE_HAS_UDEV [=y] && !BR2_PACKAGE_KEXEC_LITE_ARCH_SUPPORTS [=n]
Propagate the dependency from kexec, and add comments about dependencies
also inherited from kexec-lite.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Laurent Vivier <laurent@vivier.eu>
Cc: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit ebe47e7605 forgot to add C++
dependency resulting in the following build failure:
../output-1/build/python-numpy-1.25.0/meson.build:1:0: ERROR: Unable to detect GNU compiler type:
Fixes:
- http://autobuild.buildroot.org/results/6f3532598355732b289730fc751e9aebdab4b0e4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, the comment about availability is between the package main
symbol and its suboptions, breaking the threading in menuconfig.
Invert the order, and move the comment last. Also enclose the suboptions
between an if-block, as it is more customary.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following python3 build failure with -Ofast raised since commit
4513f5198a:
powerpc64-buildroot-linux-gnu-gcc.br_real: error: ast: linker input file not found: No such file or directory
Fixes:
- http://autobuild.buildroot.org/results/904c43241b99a8d848c1891cb5af132a291311b4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, the makedevs syntax explanations are duplicated: one in
the package directory, which was introduced firat but bit-rotted for
a while each time the makedevs was updated, and once in the manual,
which lagged much less. As for all duplicated documentation, the two
diverged and one was not updated.
In commit 738fb6dfa4 (docs/manual: extend makedev syntax section),
we recently updated the makedevs syntax description, but that indeed
missed the old README.
Get rid of the README and replace it with a symlink to the manual
makedevs section.
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The gstreamer plugin select the EGL backend of gst1-plugins-base, but
forgot to propagate all of its dependencies, notably the _HAS_API
condition, causing unmet dependencies warnings (unfortunately, not
errors), such as;
$ KCONFIG_SEED=0x597D22A8 make randconfig
WARNING: unmet direct dependencies detected for BR2_PACKAGE_GST1_PLUGINS_BASE_LIB_OPENGL_EGL
Depends on [n]: BR2_PACKAGE_GSTREAMER1 [=y] && BR2_PACKAGE_GST1_PLUGINS_BASE [=y] && BR2_PACKAGE_GST1_PLUGINS_BASE_LIB_OPENGL [=y] && BR2_PACKAGE_GST1_PLUGINS_BASE_LIB_OPENGL_HAS_API [=n] && BR2_PACKAGE_HAS_LIBEGL [=y]
Selected by [y]:
- BR2_PACKAGE_IVI_HOMESCREEN_GSTREAMER_EGL_PLUGIN [=y] && BR2_PACKAGE_IVI_HOMESCREEN [=y] && BR2_PACKAGE_FFMPEG_ARCH_SUPPORTS [=y] && BR2_PACKAGE_HAS_LIBEGL [=y]
We can't select _HAS_API, because it is a symbol that represents a
capability provided by other features of gst1-plugins-base; it's
semantically like a virtual package: we can't select it, we can only
depend on it.
Add this dependency to fix this situation.
This however causes circular (recursive) dependencies errors:
package/gstreamer1/gst1-plugins-base/Config.in:135:error: recursive dependency detected!
package/gstreamer1/gst1-plugins-base/Config.in:135: symbol BR2_PACKAGE_GST1_PLUGINS_BASE_LIB_OPENGL is selected by BR2_PACKAGE_IVI_HOMESCREEN_GSTREAMER_EGL_PLUGIN
package/ivi-homescreen/Config.in:221: symbol BR2_PACKAGE_IVI_HOMESCREEN_GSTREAMER_EGL_PLUGIN depends on BR2_PACKAGE_GST1_PLUGINS_BASE_LIB_OPENGL_HAS_API
package/gstreamer1/gst1-plugins-base/Config.in:149: symbol BR2_PACKAGE_GST1_PLUGINS_BASE_LIB_OPENGL_HAS_API is selected by BR2_PACKAGE_GST1_PLUGINS_BASE_LIB_OPENGL_OPENGL
package/gstreamer1/gst1-plugins-base/Config.in:152: symbol BR2_PACKAGE_GST1_PLUGINS_BASE_LIB_OPENGL_OPENGL depends on BR2_PACKAGE_GST1_PLUGINS_BASE_LIB_OPENGL
Indeed, _HAS_API is only even set when gstreamer1, gst1-plugins-base,
and the gst1-plugins-base's lib-opengl support, are all already enabled.
As such, the dependency on _HAS_API already implies those, and there is
no need to select them.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <adam.duskett@amarulasolutions.com>
Reviewed-by: Adam Duskett <Adam.Duskett@amarulasolutions.com>
Tested-by: Adam Duskett <Adam.Duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
It is required by package uuu starting from version 1.5.165.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Born as a project to read/write the bootcount on the TI am3xx platform,
over time it has introduced bootcount management on EEPROM and for the
stm32mp1 platform. As a result, the project removed the 'davinci' tag
from its name and GitHub link.
The patch aligns the package name in Buildroot with the current one on
GitHub.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
[Peter: extend/rework legacy handling]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The patch updates the GitHub URL, which has recently changed.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We recently added support for building a bare-metal toolchain, and the
autobuilders are therefore trying to build such toolchains. However,
by default the BR2_TOOLCHAIN_BARE_METAL_BUILDROOT_ARCH option is
empty, causing the target tuple to be empty, and therefore
host-gcc-bare-metal tries to build a toolchain for the target
"x86_64-pc-linux-gnu", which isn't a bare-metal target, and fails
badly.
In order to properly test this bare-metal support, this commit adjusts
the genrandconfig script so that it injects a valid target
architecture tuple.
Fixes:
http://autobuild.buildroot.net/results/6cb1514b19bfe056fb984d3538bdccdda5e174c1/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The defconfig choice is the default one, so it is redundant and can be
removed without effect.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Reviewed-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Commit 4b8fddb060 ("configs/ti_am62x_sk: new defconfig) forgot to
specify the Linux kernel version, so do that now.
When the defconfig was added, the default version was 6.4.x, so use
version 6.4.16.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
[Romain:
use BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_6_4 as suggested
by Giulio Benetti]
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Commit
c6ab9328e1 ("boot/arm-trusted-firmware:
change BR_NO_CHECK_HASH_FOR logic") was written too hastily, and is
actually broken as it does the reverse of what it should do. It really
should disable the check when we're using a custom version/git/tarball
of TF-A, not the opposite.
Thanks to Romain for pointing out the problem, and providing an IRL
patch to solve the issue.
Reported-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This toolset was designed to facilitate the testing, monitoring, and
tracing of various things with virtual memory, pages, and slab objects.
It is an invaluable resource for identifying and analyzing
memory-related issues, such as leaks and bottlenecks, and can greatly
enhance one's understanding of memory utilization within a system.
The mm toolset includes:
- page_owner_sort: userspace helper to sort the output of
/sys/kernel/debug/page_owner, which helps to know who allocates
the page from kernel context
- slabinfo: the tool which gets reports about slabs, for example
show empty slabs, modify of slab debug options at runtime, display
all information about a slabcache
- page-types: a handy tool for querying page flags
Signed-off-by: Dmitry Rokosov <ddrokosov@salutedevices.com>
Signed-off-by: Alexey Romanov <avromanov@salutedevices.com>
[yann.morin.1998@free.fr:
- don't depend on linux, already a patch dependency
- don't set CC: default is based on CROSS_COMPILE
- no need to fully recheck at install time
- move the option for alphabetical ordering
- fix check-package
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>