openrc raises the following uclibc build failures since bump to version
0.51 in commit 730c90faa3:
../src/rc-abort/rc-abort.c: In function 'main':
../src/rc-abort/rc-abort.c:27:21: error: implicit declaration of function 'kill'; did you mean 'killpg'? [-Werror=implicit-function-declaration]
27 | if (kill(pid, SIGUSR1) != 0)
| ^~~~
| killpg
../src/libeinfo/libeinfo.c: In function 'colour_terminal':
../src/libeinfo/libeinfo.c:319:26: error: implicit declaration of function 'fileno' [-Werror=implicit-function-declaration]
319 | if (f && !isatty(fileno(f)))
| ^~~~~~
../src/librc/librc-misc.c: In function 'rc_getfile':
../src/librc/librc-misc.c:79:14: error: implicit declaration of function 'fileno'; did you mean 'd_fileno'? [-Werror=implicit-function-declaration]
79 | fd = fileno(fp);
| ^~~~~~
| d_fileno
../src/librc/librc-daemon.c: In function 'rc_service_daemons_crashed':
../src/librc/librc-daemon.c:633:37: error: implicit declaration of function 'kill'; did you mean 'killpg'? [-Werror=implicit-function-declaration]
633 | if (kill(pid, 0) == -1 && errno == ESRCH)
| ^~~~
| killpg
These build failures could be fixed by patching openrc but upstream
is not happy with this patch: https://github.com/OpenRC/openrc/pull/674.
So, as advised by Yann E. Morin, openrc is hidden away for uClibc, until
upstream has a proper fix.
Fixes:
- http://autobuild.buildroot.org/results/494ef392a971ddb3c5c7b01e0149c6439018dbe7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2023-45322: libxml2 through 2.11.5 has a use-after-free that can
only occur after a certain memory allocation fails. This occurs in
xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think
these issues are critical enough to warrant a CVE ID ... because an
attacker typically can't control when memory allocations fail."
https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.11.6/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2023-46852: In Memcached before 1.6.22, a buffer overflow exists
when processing multiget requests in proxy mode, if there are many
spaces after the "get" substring.
Fix CVE-2023-46853: In Memcached before 1.6.22, an off-by-one error
exists when processing proxy requests in proxy mode, if \n is used
instead of \r\n.
https://github.com/memcached/memcached/wiki/ReleaseNotes1622
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2023-47359: Videolan VLC prior to version 3.0.20 contains an
incorrect offset read that leads to a Heap-Based Buffer Overflow in
function GetPacket() and results in a memory corruption.
Fix CVE-2023-47360: Videolan VLC prior to version 3.0.20 contains an
Integer underflow that leads to an incorrect packet length.
https://code.videolan.org/videolan/vlc/-/blob/3.0.20/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the favicon image was added in f26e61319f (docs/website: add
favicon.png), it was added to a different directory then where the header's
icon link points. This causes the favicon to fail to load with 404.
While we are here, remove the "shortcut" rel attribute as it is non-standard
and it's recommended not to use it[1].
[1] https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/rel#sect4
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
janet unconditionally uses fork since version 1.32.0 and
4b8c1ac2d2
resulting in the following build failure since bump to version 1.32.1 in
commit c87abf01a9:
janet.c:(.text+0x19bbc): undefined reference to `fork'
Fixes:
- http://autobuild.buildroot.org/results/f0771fc6c9905d3a6d60ce245df585b3c6096f7f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure raised since bump of webp to version
1.3.2 in commit c88c1d3319:
/home/autobuild/autobuild/instance-9/output-1/host/lib/gcc/aarch64_be-buildroot-linux-uclibc/13.2.0/../../../../aarch64_be-buildroot-linux-uclibc/bin/ld: picture.o: undefined reference to symbol 'WebPMemoryWriterClear'
/home/autobuild/autobuild/instance-9/output-1/host/lib/gcc/aarch64_be-buildroot-linux-uclibc/13.2.0/../../../../aarch64_be-buildroot-linux-uclibc/bin/ld: /home/autobuild/autobuild/instance-9/output-1/host/aarch64_be-buildroot-linux-uclibc/sysroot/usr/lib64/libwebp.so.7: error adding symbols: DSO missing from command line
Fixes:
- http://autobuild.buildroot.org/results/9b859a701debeaddf1f9909e16adc6811a620576
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2023-45897: exfatprogs before 1.2.2 allows out-of-bounds memory
access, such as in read_file_dentry_set.
https://github.com/exfatprogs/exfatprogs/blob/1.2.2/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Version 83dafbc will match the with kernel 6.1.61
Signed-off-by: Bram Oosterhuis <dev@bybram.com>
Reviewed-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
Tested-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Linux 6.1 has been marked LTS for a long time now. Time to bump
Linux for RaspberryPi's to the latest 6.1.61 Since April 2022
the RaspberryPi defconfigs have compressed kernel module enabled
by default. (see [1] and [2]).
To load compressed kernel modules kmod and xz packages are needed
because busybox doesn't support it.
For testing I used RaspberryPi 2, 3(32+64bit) and 4(32+64bit), all with mdev enabled.
[1] c45b4223a4
[2] https://github.com/raspberrypi/linux/issues/4966
Signed-off-by: Bram Oosterhuis <dev@bybram.com>
Reviewed-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
Tested-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- libabseil-cpp is now a dependency
- required c++ standard is now c++14 [0] --> requires gcc8
- drop fix for gcc <= 5 introduced in 25fd3b0a52
(c++ >= 14 is the default for gcc >= 8)
- update gcc required for depending packages qt5webengine & grpc
[0] 7c2552dd54
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Update README hash for changed not related to license.
Change patch 0001 to git format. socat is now hosted on git. Also,
update to apply to current version.
Add upstream status to both patches.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bump the package version to 2.43.0. For the full changelog, see the
release announcement at [1].
Link: https://lore.kernel.org/git/xmqqzfz8l5or.fsf@gitster.g/ [1]
Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop local patch applied upstream:
12b0ca9c46
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
With this version we can build with Linux 6.7.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure with libressl >= 3.8 raised since bump
of libressl to version 3.8.2 in commit
21eca49ed5:
In file included from card-westcos.c:37:
/home/autobuild/autobuild/instance-11/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/openssl/evp.h:627:32: error: macro "EVP_sha3_224" passed 1 arguments, but takes just 0
627 | const EVP_MD *EVP_sha3_224(void);
| ^
Fixes:
- http://autobuild.buildroot.org/results/cecee659371f370bf4bd2b27a4752bf20ceff326
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The following build failure without stack-protector occurs since commit
160f0e4b5f (package/libpam-tacplus: bump to version 1.7.0):
cc1: warning: '-fstack-protector' not supported for this target
In file included from libtac/lib/xstrncpy.c:36:
libtac/lib/xstrncpy.c: In function 'xstrncpy':
./libtac/include/libtac.h:71:15: error: called object is not a function or function pointer
71 | #define abort exit(EXIT_FAILURE)
| ^~~~
Since we are passing the appropriate SSP and fortify flags via our
toolchain wrapper, we need to tell the package not to add its own.
Upstream commit b1054ad8bb33 (Add '--disable-am-ldcflags' configure
option), available since version 1.4.1, has been added for "a
distribution to select its own C/LD flags" which is exactly our
situation.
So that's what we do: replace the ax cache variable by this new
configure flag.
Fixes:
- http://autobuild.buildroot.org/results/cc8a7c5cca65e002d40a775f09e3c4577fbab5b7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Prior to being updated to version 1.0.7 in
014a66fcde python-msgpack would
automatically fall back to the pure python version if the cpp based
optimized extension would fail to build for any reason.
This however is no longer the case after updating to 1.0.7 where it
is now required that we explicitely set the MSGPACK_PUREPYTHON=1 if
we do not have cpp support enabled in the toolchain.
Fixes:
- http://autobuild.buildroot.net/results/361/36185a19bed4bd57421a4d909bce1976c89d130f
- http://autobuild.buildroot.net/results/477/477f822cb196ebc2246bcbdc1b6eaf940fc018cd
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr: add the comment]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In commit 13fc9dcb34, netsnmp was bumped
from 5.9.3 to 5.9.4 to fix two CVEs.
However, even though it's a minor version bump, there are actually 163
commits upstream between those two minor releases, and some of them
are breaking existing use-cases. In particular upstream
a2cb167514ac0c7e1b04e8f151e0b015501362e0 now requires that config_()
macros in MIB files are terminated with a semicolon, causing a build
breakage with existing MIB files that were totally valid with 5.9.3.
This commit therefore proposes to revert back to 5.9.3, by reverting
those two commits:
56caafceab package/netsnmp: fix musl build
13fc9dcb34 package/netsnmp: security bump to version 5.9.4
and instead backport the one upstream commit that fixes both CVEs.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: fix typo as reported by Baruch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add new python-annotated-types runtime dependency.
Add new python-pydantic-core runtime dependency.
Migrate build backend from setuptools to hatchling.
License hash changed due to adding contributors:
7bc9c6525a
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Although pydantic-core likely implements a subset of the functionality
in pydantic 1.10.8 as we currently package, there will not be any
conflict as the modules namespace differ:
import pydantic # 1.10.8
import pydantic_core
So, we can add pydantic-core, then bump pydantic; we don't need to do
both in the same commit.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr: add explanations from James about no-conflict]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Git-generated patches embed the short-hash of the objects in the
repository. The length of those short hashes are subject to change
in at least three cases:
- the number of objects in the repository increases, so git increases
the length of short hashes to get a good change there is no
collision;
- the git configuration changes, see core.abbrev in git-config;
- the heuristic to compute the length changes in a newer git version.
Since the bump to zfs 2.1.4 in commit 68dfd09708, the patch generated
by github has changed, causing download failures:
wget --passive-ftp -nd -t 3 -O '/home/ymorin/dev/buildroot/O/master/build/.bc3f12bfac152a0c28951cec92340ba14f9ccee9.patch.uoFq9e/output' 'bc3f12bfac.patch'
--2023-11-26 16:53:25--
bc3f12bfac.patch
Resolving github.com (github.com)... 140.82.121.3
Connecting to github.com (github.com)|140.82.121.3|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2976 (2.9K) [text/plain]
Saving to: ‘/home/ymorin/dev/buildroot/O/master/build/.bc3f12bfac152a0c28951cec92340ba14f9ccee9.patch.uoFq9e/output’
/home/ymorin/dev/buildroot/O/ 100%[================================================>] 2.91K --.-KB/s in 0s
2023-11-26 16:53:25 (15.0 MB/s) - ‘/home/ymorin/dev/buildroot/O/master/build/.bc3f12bfac152a0c28951cec92340ba14f9ccee9.patch.uoFq9e/output’ saved [2976/2976]
ERROR: while checking hashes from package/zfs//zfs.hash
ERROR: bc3f12bfac152a0c28951cec92340ba14f9ccee9.patch has wrong sha256 hash:
ERROR: expected: 96a27353fe717ff2c8b95deb8b009c4eb750303c6400e2d8a2582ab1ec12b25a
ERROR: got : 246c80f66abca5a7e0c41cc7c56eec0b4cb7f16b142262480401142bbc2f999f
ERROR: Incomplete download, or man-in-the-middle (MITM) attack
And indeed, the length of short hashes has increased by one since then.
Fix that by bundling the patch, with the short hashes that were known
then, so that it matches the sha256 we had for it.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
gcc.mk attempts to disable building the documentation by setting
MAKEINFO=missing, but it is not working. If makeinfo is installed
and recent enough, gcc still uses it. This can be checked easily:
grep BUILD_INFO='info' host-gcc-initial-*/build/gcc/config.log
It happens because the root ./configure script will check
$MAKEINFO --version (aka 'missing --version') and will overwrite it with
MAKEINFO='missing makeinfo' because the version does not match.
Having MAKEINFO='missing makeinfo' is a problem because
'missing makeinfo' will actually attempt to run 'makeinfo' before
failing with an error message. If makeinfo is installed on the host,
then 'missing makeinfo' will successfully run makeinfo anyway.
Many gcc subprojects will check $MAKEINFO --version and enable building
the documentation if it is recent enough. This patch overrides these
checks by forcing gcc_cv_prog_makeinfo_modern=no.
Building the GCC documentation can fail with the wrong makeinfo version.
It happened at least when building GCC 11.3.0 with makeinfo 7.1.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following uclibc build failure raised since the addition of the
package in commit d5bba26801:
In file included from /home/autobuild/autobuild/instance-4/output-1/build/oatpp-1.3.0/src/oatpp/algorithm/CRC.hpp:28,
from /home/autobuild/autobuild/instance-4/output-1/build/oatpp-1.3.0/src/oatpp/algorithm/CRC.cpp:25:
/home/autobuild/autobuild/instance-4/output-1/build/oatpp-1.3.0/src/oatpp/core/base/Environment.hpp:359:93: error: 'va_list' has not been declared
359 | static void vlogFormatted(v_uint32 priority, const std::string& tag, const char* message, va_list args);
| ^~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/bcdf7548ff752f936defd111d13c63245ea70cbe
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
These variables were removed. In addition, the text describing them
wasn't terribly useful. Just remove the sentences describing them.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The _BASE_INSTALL*_CMD variables are set based on the setup type, and
only based on the setup type. Because of this, we have a large
conditional tree in inner-python-package which makes things hard to
read.
Rather than conditions, it's also possible to use indirect variables.
Concretely, we can define PKG_PYTHON_DISTUTILS_INSTALL_TARGET_CMD etc.,
and use $(PKG_PYTHON_$($(PKG)_SETUP_TYPE)_INSTALL_TARGET_CMD) instead of
$($(PKG)_BASE_INSTALL_TARGET_CMD) to dispatch to the right
_INSTALL_TARGET_CMD variable. The same applies to _INSTALL_STAGING_CMD
and HOST_..._INSTALL_CMD.
Since the _INSTALL*_OPTS variables are not (or no longer) used anywhere
else, we can fold them into the _INSTALL*_CMD variables.
setuptools-rust, flit and maturin didn't have their own definition of
_BUILD_CMD but were under the setuptools resp. pep517 condition. For
these, we have to define new variables that copy the value from
PKG_PYTHON_SETUPTOOLS_BUILD_CMD resp. PKG_PYTHON_PEP517_BUILD_CMD.
The condition tree is now empty, except for the error handling. Rework
the conditions for the error handling and remove all other conditions.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In a follow-up patch, we want to remove this variable. Replace it with
its expansion, which is anyway just
$(PKG_PYTHON_SETUPTOOLS_INSTALL_OPTS) --root=$(TARGET_DIR)
Also remove PKG_PYTHON_SETUPTOOLS_BUILD_OPTS, which is not defined (i.e.
empty).
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
In a follow-up patch, we want to remove this variable. Replace it with
its expansion, which is anyway just
$(PKG_PYTHON_SETUPTOOLS_INSTALL_OPTS) --root=$(TARGET_DIR)
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
[yann.morin.1998@free.fr:
- fixup after introduction of JAILHOUSE_INSTALL_HELPER_SCRIPTS
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The usual way of having conditional build and installation of parts
of a generic-package, is to conditionally define macros that do that
build and installation, and unconditionally expand the macros in the
_BUILD_CMDS and _INSTALL_CMDS.
Do that in jailhouse, which used to use an ad-hoc conditional block
directly in _BUILD_CMDS and _INSTALL_CMDS.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
host-python-flit-core is the only package that overrides
_BASE_INSTALL_CMD. Since we're going to remove that variable in a
follow-up patch, we no longer will be able to do that.
Since host-python-flit-core is really a special case, it makes sense to
define HOST_PYTHON_FLIT_CORE_INSTALL_CMDS in its entirety.
While we're at it, also instantiate
HOST_PKG_PYTHON_PEP517_BOOTSTRAP_INSTALL_OPTS directly there. This
variable is not used anywhere else, and it's a bit confusing to have it
in pkg-python.mk - it looks like a mistake.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The _BASE_BUILD_CMD variable is set based on the setup type, and only
based on the setup type. Because of this, we have a large conditional
tree in inner-python-package which makes things hard to read.
Rather than conditions, it's also possible to use indirect variables.
Concretely, we can define PKG_PYTHON_DISTUTILS_BUILD_CMD etc., and use
$(PKG_PYTHON_$($(PKG)_SETUP_TYPE)_BUILD_CMD) instead of
$($(PKG)_BASE_BUILD_CMD) to dispatch to the right _BUILD_CMD variable.
Once we do the same for all other variables that are set in the
condition tree, we'll be able to remove the condition tree entirely.
setuptools-rust, flit and maturin didn't have their own definition of
_BUILD_CMD but were under the setuptools resp. pep517 condition. For
these, we have to define new variables that copy the value from
PKG_PYTHON_SETUPTOOLS_BUILD_CMD resp. PKG_PYTHON_PEP517_BUILD_CMD.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The _BASE_ENV variable is set based on the setup type, and only based on
the setup type. Because of this, we have a large conditional tree in
inner-python-package which makes things hard to read.
Rather than conditions, it's also possible to use indirect variables.
Concretely, we can use $(PKG_PYTHON_$($(PKG)_SETUP_TYPE)_ENV) instead
of $($(PKG)_BASE_ENV) to dispatch to the right ENV variable.
Once we do the same for all other variables that are set in the
condition tree, we'll be able to remove the condition tree entirely.
Because $($(PKG)_SETUP_TYPE) is lowercase (e.g. 'setuptools' or
'pep517'), while the existing _ENV variables have uppercase names (e.g.
PKG_PYTHON_SETUPTOOLS_ENV), we need to convert the setup type to
uppercase. Introduce the variable $(PKG)_SETUP_TYPE_UPPER for this.
flit was reusing the _BASE_ENV definition from pep517, and flit-bootstrap
also didn't have its own _ENV definition yet, so those have to be added.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Only define the _CMDS variables that are relevant for the target resp.
host variant. Duplicate the _BUILD_CMDS. This will allow us to
differentiate part of the _BUILD_CMDS definition in a follow-up patch.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This variable can just as well be merged into _BASE_BUILD_CMD. This is
how it's done for the install opts. And anyway it's only used by
distutils and nowhere else.
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
