Update site to avoid redirections (HSTS, etc.)
Version 5.0.3 - 12/17/2023
A memory leak fix in the prior version wasn't applied correctly, resulting
in an invalid memory access causing a crash. Bug fixed.
Version 5.0.2 - 11/8/2023
Fixed bug that caused crash when a CLIENT_KEY arrived out of order
Fixed option handling on Windows when an argument is missing
https://sourceforge.net/projects/uftp-multicast/files/Changes.txt/download
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit bfe2fe2269)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
HAVE_{MMX,SSE2,...} are not defined if ax_cv_have_{i}_cpu_ext is not set
resulting in the following build failure raised since bump to version
1.5.0 in commit c2aaa0fbe2 and
02c4e8b99b:
src/dotprod/src/dotprod_cccf.sse.c: In function 'dotprod_cccf_execute_sse':
src/dotprod/src/dotprod_cccf.sse.c:258:5: error: unknown type name '__m128'; did you mean '__int128'?
258 | __m128 v; // input vector
| ^~~~~~
| __int128
or
src/dotprod/src/dotprod_cccf.mmx.c: In function 'dotprod_cccf_execute_mmx':
src/dotprod/src/dotprod_cccf.mmx.c:262:5: error: unknown type name '__m128'; did you mean '__int128'?
262 | __m128 v; // input vector
| ^~~~~~
| __int128
While at it, add AVX2 support
Fixes:
- http://autobuild.buildroot.org/results/738ce9d3dc74ec165391f21256c955e5524f1632
- http://autobuild.buildroot.org/results/a2d150c724ab6787aeabaf31f65116f802e8584e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 620bd7220a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
CVE-2022-28737: There's a possible overflow in handle_image() when shim
tries to load and execute crafted EFI executables
https://github.com/advisories/GHSA-hmxr-46w2-jjwh
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f29cbc6ce3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This usage of <PKG>_NAME was introduced in commit f9e9c6349a
("package/rng-tools: bump to 6.7"). No other package uses <PKG>_NAME
this way.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a2b8596873)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We switched to new upstream since commit f9e9c6349a
("package/rng-tools: bump to 6.7"). Update the website URL as well.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 717fe9dc39)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
No functional change.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1d97f8c41e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure without neon raised since bump to
version 1.4.0 in commit 2f7f8f3813 and
c821187dd9:
/home/peko/autobuild/instance-0/output-1/host/bin/arm-none-linux-gnueabi-gcc -std=gnu11 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -g0 -D_FORTIFY_SOURCE=2 -ffast-math -mcpu=cortex-a7 -mfloat-abi=hard -mfpu=neon-vfpv4 -Wall -fPIC -Wno-deprecated -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -I. -Iinclude -c -o src/audio/src/cvsd.o src/audio/src/cvsd.c
In file included from /home/peko/autobuild/instance-0/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/features.h:388:0,
from /home/peko/autobuild/instance-0/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/stdlib.h:24,
from src/libliquid.c:25:
/home/peko/autobuild/instance-0/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/gnu/stubs.h:10:29: fatal error: gnu/stubs-hard.h: No such file or directory
# include <gnu/stubs-hard.h>
^
Indeed, upstream considers that NEON is available on all ARM platforms,
and their configure.ac contains that code snippet:
239 arm|armv7*|armv8*)
240 # assume neon instructions are available
241 # TODO: check for Neon availability
242
243 # ARM architecture : use neon extensions
Fixes:
- http://autobuild.buildroot.org/results/36b3c2220c462e7a20262fd1b9064d9aeb6c9ec4
- http://autobuild.buildroot.org/results/881826b4b6c141e59a0da2d7d1ad55d3709fdb95
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- refactor with LIQUID_DSP_SIMDOVERRIDE
- add comment about --disable-simdoverride
- extend commit log with upstream code snippet
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9501bc80f5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update MUSEPACK_VERSION to match what is returned by
https://release-monitoring.org/project/21865
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c740676c51)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update LIBREPLAYGAIN_VERSION to match what is returned by
https://release-monitoring.org/project/370816
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 558a25994b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libaio is only needed for standard install
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: fix check-package]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ee9c92e4a4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with kernel < 4.16 raised since bump to
version 4.0.0 in commit 8a8fa20068 and
3ac968ee7c:
/home/buildroot/autobuild/instance-3/output-1/build/optee-client-4.0.0/tee-supplicant/src/tee_supplicant.c: In function 'register_local_shm':
/home/buildroot/autobuild/instance-3/output-1/build/optee-client-4.0.0/tee-supplicant/src/tee_supplicant.c:356:44: error: storage size of 'data' isn't known
356 | struct tee_ioctl_shm_register_data data;
| ^~~~
Fixes:
- http://autobuild.buildroot.org/results/d63eb7c8574366377760f5ab2eaec02f46173975
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d1c067e01b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
--{dis,en}able-avahi is unrecognized since bump to version 2.3.3op2 in
commit 8cf034ab0f (which switched upstream
location from apple to openprinting):
configure: WARNING: unrecognized options: --disable-gtk-doc, --disable-gtk-doc-html, --disable-doc, --disable-docs, --disable-documentation, --with-xmlto, --with-fop, --disable-dependency-tracking, --enable-ipv6, --disable-nls, --disable-systemd, --disable-avahi
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 36743d6175)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
openssl is an optional dependency since bump to version 2.4.2 in commit
433fd541ea and
3e9f2c04d6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f2c76fbbfc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libostree unconditionally uses loop_config since bump to version 2023.5
in commit c64a3e9767 and
d7f24100c9
which is only available with kernel >= 5.8 and
3448914e8c
resulting in the following build failure:
composefs/libcomposefs/lcfs-mount.c: In function 'setup_loopback':
composefs/libcomposefs/lcfs-mount.c:273:16: error: variable 'loopconfig' has initializer but incomplete type
273 | struct loop_config loopconfig = { 0 };
| ^~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/25d9d4f256861628ddd8e8ce659a39655d27b457
- http://autobuild.buildroot.org/results/5c7e1e47c6eb43f7832ef7820ec2b5ac0f3c3696
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit aa10975643)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With [1], [2] & [3] we made sure Buildroot packages get built with
proper MMU page size assumed. This was done nicely through insertion of
required flags into the toolchain wrapper so that there's no need to
pass these flags to each and every package separately - toolchain
wrapper used for real building has all set internally and so proper
flags are implicitly used.
But there's yet another corner case which is not handled that way -
these are binaries or rather libraries which are being used as a part of
GCC compilation: libgcc_s.so.1 and libstdc++.so.
And so to make sure both the libraries get built properly we need to
set TARGET_CFLAGS (cures libgcc_s.so) & TARGET_LDFLAGS (cures
libstdc++.so).
In case of ARM by defaut 64 KiB page size seems to be used, as w/o
that patch we see the following for BR2_ARM64_PAGE_SIZE_4K=y:
--------------------------->8----------------------------
$ ./output/host/bin/aarch64-linux-readelf -l ./output/target/lib/libgcc_s.so.1
Elf file type is DYN (Shared object file)
Entry point 0x0
There are 6 program headers, starting at offset 64
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000013d1c 0x0000000000013d1c R E 0x10000
LOAD 0x000000000001fd98 0x000000000002fd98 0x000000000002fd98
0x0000000000000438 0x00000000000005c8 RW 0x10000
DYNAMIC 0x000000000001fdb8 0x000000000002fdb8 0x000000000002fdb8
0x0000000000000200 0x0000000000000200 RW 0x8
$ ./output/host/bin/aarch64-linux-readelf -l ./output/target/usr/lib/libstdc++.so.6.0.32
Elf file type is DYN (Shared object file)
Entry point 0x0
There are 7 program headers, starting at offset 64
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x00000000001d3462 0x00000000001d3462 R E 0x10000
LOAD 0x00000000001d5760 0x00000000001e5760 0x00000000001e5760
0x000000000000e528 0x0000000000012de8 RW 0x10000
DYNAMIC 0x00000000001deef0 0x00000000001eeef0 0x00000000001eeef0
0x0000000000000240 0x0000000000000240 RW 0x8
--------------------------->8----------------------------
Note alignment of 0x10000 in sections marked for loading.
And with the patch applied we get expected alignment of 0x1000 (4
KiB):
--------------------------->8----------------------------
$ ./output/host/bin/aarch64-linux-readelf -l ./output/target/lib/libgcc_s.so.1
Elf file type is DYN (Shared object file)
Entry point 0x0
There are 6 program headers, starting at offset 64
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000013d1c 0x0000000000013d1c R E 0x1000
LOAD 0x0000000000013d98 0x0000000000014d98 0x0000000000014d98
0x0000000000000438 0x00000000000005c8 RW 0x1000
DYNAMIC 0x0000000000013db8 0x0000000000014db8 0x0000000000014db8
0x0000000000000200 0x0000000000000200 RW 0x8
$ ./output/host/bin/aarch64-linux-readelf -l ./output/target/usr/lib/libstdc++.so.6.0.32
Elf file type is DYN (Shared object file)
Entry point 0x0
There are 7 program headers, starting at offset 64
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x00000000001d3462 0x00000000001d3462 R E 0x1000
LOAD 0x00000000001d3760 0x00000000001d4760 0x00000000001d4760
0x000000000000e528 0x0000000000012de8 RW 0x1000
DYNAMIC 0x00000000001dcef0 0x00000000001ddef0 0x00000000001ddef0
0x0000000000000240 0x0000000000000240 RW 0x8
--------------------------->8----------------------------
A nice side effect is that we can get rid of the special handling of
"-matomic" as it's already part of ARCH_TOOLCHAIN_WRAPPER_OPTS.
[1] https://git.buildroot.net/buildroot/commit/?id=3cc2c6d19ab2e1bb4634f26f9318da9b07df5fff
[2] https://git.buildroot.net/buildroot/commit/?id=dcb74db89e74e512e36b32cea6f574a1a1ca84c4
[3] https://git.buildroot.net/buildroot/commit/?id=5e52c28397b79f8c4c99552217cbe95202166626
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Vladimir Isaev <VVIsaev@gmail.com>
Signed-off-by: Pavel Kozlov <kozlov@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 747dff5a36)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following wolfssl build failure raised since commit
d6319d97a7:
-- Checking for one of the modules 'wolfssl'
CMake Error at lib/tls/CMakeLists.txt:79 (message):
You must set LWS_WOLFSSL_LIBRARIES and LWS_WOLFSSL_INCLUDE_DIRS when
LWS_WITH_WOLFSSL is turned on.
Fixes:
- http://autobuild.buildroot.org/results/fe062b9f0b330e71309334d7605d64ea73761b59
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e946401406)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
trousers is an optional dependency since version 1.11.26 and
1752f0d522
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 55b0434940)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 1718c2ba6a removed all patches but
forgot to drop autoreconf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e39b53dd03)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since the addition of the
package in commit c8ff8d41c0:
File "/home/buildroot/autobuild/instance-2/output-1/build/python-pysensors-0.0.4/setup.py", line 3, in <module>
import sensors
File "/home/buildroot/autobuild/instance-2/output-1/build/python-pysensors-0.0.4/sensors/__init__.py", line 20, in <module>
raise ImportError("can't find the sensors library.")
Fixes:
- http://autobuild.buildroot.org/results/acd8583fb635ea27811405a2478182ddcd5642f7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Brandon Maier <brandon.maier@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d1eea4f90c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop all patches except first one (already in version)
- This bump will fix the following build failure with kernel >= 6.6:
/home/autobuild/autobuild/instance-2/output-1/build/dahdi-linux-3.2.0/drivers/dahdi/wct4xxp/base.c: In function ‘free_wc’:
./include/linux/workqueue.h:639:9: error: call to ‘__warn_flushing_systemwide_wq’ declared with attribute warning: Please avoid flushing system-wide workqueues. [-Werror=attribute-warning]
639 | __warn_flushing_systemwide_wq(); \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/home/autobuild/autobuild/instance-2/output-1/build/dahdi-linux-3.2.0/drivers/dahdi/wct4xxp/base.c:2025:9: note: in expansion of macro ‘flush_scheduled_work’
2025 | flush_scheduled_work();
| ^~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
https://github.com/asterisk/dahdi-linux/releases/tag/v3.3.0
Fixes:
- http://autobuild.buildroot.org/results/e9755e1f4814b6b0c151c590b5c34acfd89556ad
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a608e519a0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with linux >= 6.4:
/home/autobuild/autobuild/instance-15/output-1/build/cryptodev-linux-1.13/./ioctl.c:1249:18: error: ‘struct ctl_table’ has no member named ‘child’
1249 | .child = verbosity_ctl_dir,
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/ecbf426f6b0ff920a51c1674b080c35edf5db859
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f5eba2ef3a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit d264b6e81e forgot to drop
valijson_INSTALL_HEADERS option which has been removed with
c7d5f2cbec
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a1dce92c72)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
threads are mandatory since the addition of the package in commit and
99ccdf671e
resulting in the following build failure since commit
9d58b525fc which enables build on uclibc
and musl:
In file included from config.c:30:
./libcgroup-internal.h:29:10: fatal error: pthread.h: No such file or directory
29 | #include <pthread.h>
| ^~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/87c4454aee97b6955f461651c41c4186a8838c4d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8649be9fa6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following musl build failure with powerpc raised since bump to
version 2.14 in commit c6addf4606:
In file included from fault.h:36,
from handler-unix.c:77,
from handler.c:19:
handler-unix.c: In function 'sigsegv_handler':
fault-linux-powerpc.h:35:73: error: 'mcontext_t' has no member named 'uc_regs'; did you mean 'gregs'?
35 | # define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_mcontext.uc_regs->gregs[1]
| ^~~~~~~
handler-unix.c:157:43: note: in expansion of macro 'SIGSEGV_FAULT_STACKPOINTER'
157 | uintptr_t old_sp = (uintptr_t) (SIGSEGV_FAULT_STACKPOINTER);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/77b600071f07605be3ec28e2da46d6938e240087
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 74f401025d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
PostgreSQL has optional ICU support. So enable it if library are available.
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 70935d6585)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
giflib and qhull are mandatory since the addition of the package in
commit 1e64fa2956 and
cb136fc051
Indeed, as explained in above commit, internal (bundled) libraries will
be used if GDAL_USE_GIF and GDAL_USE_QHULL are set to OFF
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4c6ff16cf2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
I will only be supporting Flutter and other packages needed by Amarula Solution
in a professional related capacity from now on.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 00d55c0730)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
I will only be supporting Buildroot in a professional capacity from now on.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 951c9a8ebc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Effectively that's a revert of a very old fix [1]
which is no longer needed.
[1] https://git.buildroot.net/buildroot/commit/?id=ca99d0ea925e5a8e42bd270402b0171a39d1d955
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7077476c8c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit 245b13a077 as docker
selinux module is for docker-engine, not for "a system tray dock for X"
Moreover, it raises the following build failure:
Compiling targeted policy.33
env LD_LIBRARY_PATH="/home/buildroot/autobuild/instance-0/output-1/per-package/refpolicy/host/lib:/home/buildroot/autobuild/instance-0/output-1/per-package/refpolicy/host/usr/lib" /home/buildroot/autobuild/instance-0/output-1/per-package/refpolicy/host/usr/bin/checkpolicy -c 33 -U deny -S -O -E policy.conf -o policy.33
policy.conf:1912:ERROR 'attribute container_engine_domain is not declared' at token ';' on line 1912:
type dockerd_t, container_engine_domain;
type dockerd_exec_t;
Fixes:
- http://autobuild.buildroot.org/results/87d78b6f15875f0fa3e6fc85e352db14ab0383bb
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3e91de6428)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann reported in [1] that edk2 build could sometimes fail. The issue
can be reproduced when per-package directories is enabled, or also
when building on a system with GNU Make >= 4.4 using the
"--shuffle=reverse" option (such as Fedora 39). Those are pointing
toward a Makefile dependency issue.
The issue can be reproduced with commands:
cat > .config <<EOF
BR2_riscv=y
BR2_RISCV_64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TARGET_EDK2=y
EOF
make olddefconfig
Then, building either with:
make --shuffle=reverse
Or:
utils/config -e BR2_PER_PACKAGE_DIRECTORIES
make olddefconfig
make -j$(nproc)
It is interesting to mention that when using "make --shuffle=reverse"
to build, the build can be completed if restarted only with "make". It
will not pull any other Buildroot package. This fact hints toward a
Makefile dependency issue internal to the EDK2 build system, rather
than in the Buildroot recipe.
The EDK2 build system is quite unique. See [2]. It generates files,
makefiles and internally uses GNU Make to compile code. This system is
likely not tested as being a sub-Make process in a complex Makefile
such as Buildroot.
In order to prevent Buildroot to pass unexpected Make flags to the
EDK2 sub-Make, this commit unset the MAKEFLAGS variable in the EDK2
build environment. This will put the EDK2 build script in a more
common and tested state. See GNU Make documentation about recursive use
of Make, more specifically [3].
Note: as mentioned, the build failure is likely due to an internal
issue of the EDK2 build system. The failure points to a missing
dependency in the EDK2 generator itself. This commit does not fix this
issue, but rather put the EDK2 build system in a normalized
environment, avoiding Buildroot flags being passed to the internal
EDK2 sub-Make invocation. The upstream EDK2 build system most likely
need a fix too.
Fixes:
make[2]: *** No rule to make target '/buildroot/output/build/edk2-edk2-stable202308/Build/RiscVVirtQemu/RELEASE_GCC5/RISCV64/MdeModulePkg/Application/UiApp/UiApp/DEBUG/UiApp.efi', needed by '/buildroot/output/build/edk2-edk2-stable202308/Build/RiscVVirtQemu/RELEASE_GCC5/FV/Ffs/462CAA21-7614-4503-836E-8AB6F4662331UiApp/UiApp.offset'. Stop.
build.py...
: error 7000: Failed to execute command
make tbuild [/buildroot/output/build/edk2-edk2-stable202308/Build/RiscVVirtQemu/RELEASE_GCC5/RISCV64/MdeModulePkg/Application/UiApp/UiApp]
build.py...
: error F002: Failed to build module
/buildroot/output/build/edk2-edk2-stable202308/MdeModulePkg/Application/UiApp/UiApp.inf [RISCV64, GCC5, RELEASE]
[1] https://lists.buildroot.org/pipermail/buildroot/2023-December/681507.html
[2] https://tianocore-docs.github.io/edk2-BuildSpecification/draft/4_edk_ii_build_process_overview/42_build_process_overview.html
[3] https://www.gnu.org/software/make/manual/make.html#Options_002fRecursion
Reported-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 44af6938fb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
1) CVE-2023-6377: X.Org server: Out-of-bounds memory write in XKB button actions
A device has XKB button actions for each button on the device. When a
logical device switch happens (e.g. moving from a touchpad to a mouse), the
server re-calculates the information available on the respective master
device (typically the Virtual Core Pointer). This re-calculation only
allocated enough memory for a single XKB action rather instead of enough for
the newly active physical device's number of button. As a result, querying
or changing the XKB button actions results in out-of-bounds memory reads and
writes.
This may lead to local privilege escalation if the server is run as root or
remote code execution (e.g. x11 over ssh).
2) CVE-2023-6478: X.Org server: Out-of-bounds memory read in
RRChangeOutputProperty and RRChangeProviderProperty
This fixes an OOB read and the resulting information disclosure.
Length calculation for the request was clipped to a 32-bit integer. With
the correct stuff->nUnits value the expected request size was truncated,
passing the REQUEST_FIXED_SIZE check.
The server then proceeded with reading at least stuff->nUnits bytes
(depending on stuff->format) from the request and stuffing whatever it finds
into the property. In the process it would also allocate at least
stuff->nUnits bytes, i.e. 4GB.
See also CVE-2022-46344 where this issue was fixed for other requests.
For more details, see the advisory:
https://lists.x.org/archives/xorg-announce/2023-December/003435.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9b62f5905e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
mbedtls is an optional dependency since bump to version 1.5.0 in
commit a42e0e4600 and
19f2cbf0e7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4d07864d4c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop second patch (already in version)
http://www.gnuplot.info/ReleaseNotes_5_4_10.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 4908332d51)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
