The pixman package exhibits gcc bug 101737 when built for the SH4
architecture with optimization enabled, which causes a build failure.
As done for other packages in Buildroot work around this gcc bug by
setting optimization to -O0 if BR2_TOOLCHAIN_HAS_GCC_BUG_101737=y.
Also let's add PIXMAN_CFLAGS and pass the Codesourcery work around CFLAGS
to it for consistency like we do for the rest of the packages.
Fixes:
http://autobuild.buildroot.net/results/b20/b20869bbb48edb1f0a847ea9e2e1a0462d6350be/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit a8a9b12766)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Highly parallel host-python3 builds sometimes fail with:
Exception in thread Thread-1:
Traceback (most recent call last):
File "/tmp/instance-3/output-1/host/lib/python3.9/threading.py", line 973, in _bootstrap_inner
self.run()
File "/tmp/instance-3/output-1/host/lib/python3.9/concurrent/futures/process.py", line 317, in run
result_item, is_broken, cause = self.wait_result_broken_or_wakeup()
File "/tmp/instance-3/output-1/host/lib/python3.9/concurrent/futures/process.py", line 376, in wait_result_broken_or_wakeup
worker_sentinels = [p.sentinel for p in self.processes.values()]
File "/tmp/instance-3/output-1/host/lib/python3.9/concurrent/futures/process.py", line 376, in <listcomp>
worker_sentinels = [p.sentinel for p in self.processes.values()]
RuntimeError: dictionary changed size during iteration
During the compile_all.py step of host-python3. This issue is reported
upstream at https://bugs.python.org/issue43498, and while not yet
fixed upstream, a PR was proposed with a possible fix for it. Seems
the PR seems reasonable, let's give it a chance and see if it improves
the situation.
Hopefully Fixes:
http://autobuild.buildroot.net/results/ae6c4ab292589a4e4442dfb0a1286349a9bf4d29/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e17946b409)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
xlib_libxshmfence unconditionally uses SYS_futex which raises the
following build failure on riscv32:
xshmfence_futex.h:58:17: error: 'SYS_futex' undeclared (first use in this function); did you mean 'sys_futex'?
58 | return syscall(SYS_futex, addr1, op, val1, timeout, addr2, val3);
| ^~~~~~~~~
| sys_futex
Fixes:
- http://autobuild.buildroot.org/results/b3523e35fde0fac04b96a6278cbc6ffdfe56f7d1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e39ad96136)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer
overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and
Pl_AES_PDF::finish) when a certain downstream write fails.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 96865f02d4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Replace libjson by jsoncpp for C++ dependency which was wrongly added
by commit 74fc60a267
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f23129ee1e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since bump to version 3.4.7 in
commit bb75c4b541:
/tmp/instance-5/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/9.3.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: ui/qt/CMakeFiles/qtui.dir/sequence_diagram.cpp.o: undefined reference to symbol '__atomic_compare_exchange_4@@LIBATOMIC_1.0'
/tmp/instance-5/output-1/host/opt/ext-toolchain/bin/../lib/gcc/sparc-buildroot-linux-uclibc/9.3.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: /tmp/instance-5/output-1/host/sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line
Fixes:
- http://autobuild.buildroot.org/results/6617ee0e0046a0452a1515b89e9c704b1c125ec4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 0344be5299)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
GCC 11 defaults to C++17. Fix the following build failure with gcc 11:
In file included from _internal/Source/JSONDefs.h:12,
from _internal/Source/JSONDebug.h:4,
from _internal/Source/JSONNode.h:4,
from _internal/Source/JSONNode.cpp:1:
_internal/Source/JSONDefs/GNU_C.h:58:28: error: ISO C++17 does not allow dynamic exception specifications
58 | #define json_throws(x) throw(x)
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/1e66dff705bbb38e7e0f0e5864ce794b4345dcc6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ff55c323af)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build with libmaxminddb is broken since bump to version 3.0.5 in commit
464d0be380 because of
785958f9b5
So revert this commit until upstream answer to comment to
https://github.com/SpiderLabs/ModSecurity/issues/2131
Reverting this commit requires autoreconfiguring, which itself causes
lots of warnings as configure.ac queries git to know the version of
various parts of libmodsecurity. However, it turns out that those
versions are only used to be displayed in the output of the configure
script, which is quite useless. The only one that is referenced
elsewhere is LIBINJECTION_VERSION, but it's in fact a different thing:
it is defined by others/libinjection/src/libinjection_sqli.c.
The only variable that was AC_SUBST() and therefore visible elsewhere
was MSC_GIT_VERSION, but it is not used anywhere in the code base,
except in the configure script itself.
Note that one patch is 0001 and the other 0003, because there was
already a 0002 patch.
Fixes:
- http://autobuild.buildroot.org/results/4c639fd967faa06f8ae362bacd38f3409c47267c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 94b6fbd582)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use pkg-config to find numa to avoid the following build failure when
checking for numa_available:
configure:9667: checking for numa_available in -lnuma
configure:9692: /tmp/instance-7/output-1/host/bin/microblazeel-linux-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -static -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -static conftest.c -lnuma >&5
/tmp/instance-7/output-1/host/opt/ext-toolchain/bin/../lib/gcc/microblazeel-buildroot-linux-uclibc/9.3.0/../../../../microblazeel-buildroot-linux-uclibc/bin/ld: /tmp/instance-7/output-1/host/microblazeel-buildroot-linux-uclibc/sysroot/usr/lib/libnuma.a(libnuma.o): in function `numa_node_to_cpus_v1':
(.text+0x2a80): undefined reference to `__atomic_fetch_and_1'
/tmp/instance-7/output-1/host/opt/ext-toolchain/bin/../lib/gcc/microblazeel-buildroot-linux-uclibc/9.3.0/../../../../microblazeel-buildroot-linux-uclibc/bin/ld: /tmp/instance-7/output-1/host/microblazeel-buildroot-linux-uclibc/sysroot/usr/lib/libnuma.a(libnuma.o): in function `numa_node_to_cpus_v2':
(.text+0x2ddc): undefined reference to `__atomic_fetch_and_1'
collect2: error: ld returned 1 exit status
Fixes:
- http://autobuild.buildroot.org/results/577a63432fba2f9ae1ed2c6c2a77c5ce54ac5521
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 3be90cd5b1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
GCC 11 defaults to C++17. Fix the following build failure with gcc 11:
In file included from details/shared-ptr/base.cxx:5:
../odb/details/shared-ptr/base.hxx:38:49: error: ISO C++17 does not allow dynamic exception specifications
38 | operator new (std::size_t, odb::details::share) throw (std::bad_alloc);
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/cfd5f92f0aa923815edba5fbfcd5b7b312d9d40e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 69d2d1d91e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with gcc 11:
In file included from ../include/loki/SmartPtr.h:33,
from SmartPtr.cpp:20:
../include/loki/SmallObj.h: At global scope:
../include/loki/SmallObj.h:462:57: error: ISO C++17 does not allow dynamic exception specifications
462 | static void * operator new ( std::size_t size ) throw ( std::bad_alloc )
|
Fixes:
- http://autobuild.buildroot.org/results/768727160beaca5df3ef18be29cfbaa3ced67ad5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0239ea5615)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-22235: Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6
and 3.2.0 to 3.2.14 allows denial of service via packet injection or
crafted capture file
https://www.wireshark.org/security/wnpa-sec-2021-06.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit bb75c4b541)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- [High] OCSP verification issue when response is for a certificate with
no relation to the chain in question BUT that response contains the
NoCheck extension which effectively disables ALL verification of that
one cert.
- [Low] OCSP request/response verification issue. In the case that the
serial number in the OCSP request differs from the serial number in
the OCSP response the error from the comparison was not resulting in a
failed verification.
- [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in
base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier.
Versions 4.6.0 and up contain a fix and do not need to be updated for
this report.
https://github.com/wolfSSL/wolfssl/blob/v4.8.1-stable/ChangeLog.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6427f12bba)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with gcc 11:
In file included from ../../ibrdtn/data/PrimaryBlock.h:30,
from ../../ibrdtn/data/Serializer.h:27,
from ../../ibrdtn/data/Block.h:29,
from ../../ibrdtn/data/Bundle.h:27,
from ../../ibrdtn/api/Client.h:26,
from Client.cpp:22:
/tmp/instance-0/output-1/host/bin/../arm-buildroot-linux-gnueabihf/sysroot/usr/include/ibrcommon-1.0/ibrcommon/thread/Mutex.h:43:40: error: ISO C++17 does not allow dynamic exception specifications
43 | virtual void trylock() throw (MutexException) = 0;
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/c2d9033c68b5c1407d2cf87b98dff61958b8e7b6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 581687e34b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with gcc 11:
In file included from ../../ibrcommon/data/BLOB.h:25,
from BLOB.cpp:22:
../../ibrcommon/thread/Mutex.h:43:40: error: ISO C++17 does not allow dynamic exception specifications
43 | virtual void trylock() throw (MutexException) = 0;
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/7a9a4319916efe8cd7e04b8686a9ae0b233b017a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 867e7a040c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
01.org url is permission denied. There seems to be no project page
anymore. Use kernel.org repo with cleaner https url.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 88556ef3b4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2021-34558: crypto/tls clients can panic when provided a certificate
of the wrong type for the negotiated parameters. net/http clients
performing HTTPS requests are also affected. The panic can be triggered
by an attacker in a privileged network position without access to the
server certificate's private key, as long as a trusted ECDSA or Ed25519
certificate for the server exists (or can be issued), or the client is
configured with Config.InsecureSkipVerify. Clients that disable all
TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE),
as well as TLS 1.3-only clients, are unaffected.
- CVE-2021-36221: A net/http/httputil ReverseProxy can panic due to a race
condition if its Handler aborts with ErrAbortHandler, for example due to
an error in copying the response body. An attacker might be able to force
the conditions leading to the race condition.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
fail2ban is a daemon to ban hosts that cause multiple authentication
errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0
through 0.11.2, there is a vulnerability that leads to possible remote
code execution in the mailing action mail-whois. Command `mail` from
mailutils package used in mail actions like `mail-whois` can execute
command if unescaped sequences (`\n~`) are available in "foreign" input
(for instance in whois output). To exploit the vulnerability, an
attacker would need to insert malicious characters into the response
sent by the whois server, either via a MITM attack or by taking over a
whois server. The issue is patched in versions 0.10.7 and 0.11.3. As a
workaround, one may avoid the usage of action `mail-whois` or patch the
vulnerability manually.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6a7decee50)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
code.bulix.org no longer exists, suggest paste.ack.tf instead, as an
example.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0a954d4412)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8e789e96bb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The project URL is 404. Link to github instead.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1431dbf9b6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Starting with nmap 7.91, ncat segfaults on an attempt to use it for a
Unix-domain socket (`ncat -U path`). The fix has been committed to nmap
in r38121.
Signed-off-by: Alexey Neyman <stilor@att.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2f99483a59)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit e43c050944 introduced two flake8
errors:
utils/scanpypi:300:26: E231 missing whitespace after ','
utils/scanpypi:302:9: F841 local variable 'setup' is assigned to but never used
The first one is easily fixed. The second one needs a little bit of
explanation. Before commit e43c0509, the return value of
imp.load_module() was used to be able to explicitly call the 'setup'
function in it in case the metadata was not populated. Since that
commit, calling that function is no longer needed, since setup.py is
executed in exactly the same way as when it's run from the command line,
so if that doesn't work, it's completely broken anyway. Therefore, we
can simply discard the return value of imp.load_module().
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f982f70434)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Change sources location from bintray to github since bintray doesn't
work anymore.
Use commit hash for version instead of git tag to avoid breaking
existing source caches.
Signed-off-by: Daniil Stas <daniil.stas@posteo.net>
Cc: Baruch Siach <baruch@tkos.co.il>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7332bc6eb0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix a denial of service attack against the KDC encrypted challenge
code [CVE-2021-36222].
- Fix a memory leak when gss_inquire_cred() is called without a
credential handle.
- Update indentation in hash file (two spaces)
- Update hash of NOTICE (update in year:
9cbfdf65e1)
https://web.mit.edu/kerberos/krb5-1.18/krb5-1.18.4.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b65220f566)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In case the setup.py file of a python package does not directly call the
'setup' method, utils/scanpypi was hoping there be a 'main' function which
would do the work, normally called via a construct like:
if __name__ == '__main__':
main()
However, this construct is nonstandard, and there are packages in PyPI which
call 'setup()' directly from the 'if' statement, without a main() method.
But scanpypi does not actually need to make such assumption: when loading
the module, it can decide the name to be '__main__', just as if setup.py
would be loaded interactively.
Additionally, remove some logic seemingly related to the previous trick of
calling 'main'. There should not be a problem in keeping already loaded
modules in sys.modules, as this is the purpose of sys.modules.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e43c050944)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Even though the directory containing a package's setup.py was added to
sys.path, some setup.py implementations rely on the fact that it is placed
in sys.path[0].
An example package is 'cram' which failed to be added with scanpypi:
Traceback (most recent call last):
File "utils/scanpypi", line 756, in <module>
main()
File "utils/scanpypi", line 703, in main
package.load_setup()
File "utils/scanpypi", line 303, in load_setup
setup = imp.load_module('setup', s_file, s_path, s_desc)
File "/usr/lib/python3.8/imp.py", line 234, in load_module
return load_source(name, filename, file)
File "/usr/lib/python3.8/imp.py", line 171, in load_source
module = _load(spec)
File "<frozen importlib._bootstrap>", line 702, in _load
File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 783, in exec_module
File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
File "/tmp/scanpypi-2pzc5wb_/python-cram/cram-0.7/setup.py", line 44, in <module>
long_description=long_description(),
File "/tmp/scanpypi-2pzc5wb_/python-cram/cram-0.7/setup.py", line 20, in long_description
return open(os.path.join(sys.path[0], 'README.rst')).read()
FileNotFoundError: [Errno 2] No such file or directory: '.../buildroot/utils/README.rst'
The corresponding code from cram's setup.py is:
def long_description():
"""Get the long description from the README"""
return open(os.path.join(sys.path[0], 'README.rst')).read()
Indeed, the Python documentation says:
https://docs.python.org/3.8/library/sys.html#sys.path
"...
As initialized upon program startup, the first item of this list,
path[0], is the directory containing the script that was used to invoke
the Python interpreter.
..."
Fix this by inserting explicitly at index 0 instead of appending to
sys.path.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ad042904f4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
