Commit Graph

66983 Commits

Author SHA1 Message Date
Ricardo Martincoski
e6ae825319 package/fwts: use ifeq instead of ifdef
The conditional code using ifdef was added in 2018 and works as
expected.
But there is no reason to use ifdef instead of ifeq.

For consistence, switch to use ifeq like almost all packages already do.

Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Erico Nunes <nunes.erico@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-02-06 14:22:37 +01:00
Ricardo Martincoski
0ad3ae14c5 support/scripts/generate-gitlab-ci-yml: improve test-pkg support
Following the example of test-pkg config described in commit
"12c7a05da1 utils/test-pkg: add gitlab-ci support" to test a defconfig
fragment that contains a disabled option is currently possible, but
it do requires one to change the git config core.commentChart so the
lines starting with "#" are not discarded by git when creating/editing
the commit message.

For instance, without the indentation the 3rd line below would be
excluded from the commit message when the editor is closed:
    test-pkg config:
    SOME_OPTION=y
    # OTHER_OPTION is not set
    SOME_VARIABLE="some value"

Requiring to change git configs is not very nice.
So make the developer's life easier by changing the sed expression to
remove indentation with spaces from a defconfig fragment found on a
commit message.
For instance these lines become valid and generate a defconfig fragment
without the indentation of one space to be tested in GitLab CI:
test-pkg config:
 SOME_OPTION=y
 # OTHER_OPTION is not set
 SOME_VARIABLE="some value"

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-02-06 14:22:37 +01:00
Yann E. MORIN
5bd2cafc32 Makefile: fix build when $(O) ends in _defconfig
Commit e6195c5304 (Makefile: fix use of many br2-external trees) fixed
a slowdown with many br2-external trees. In doing so, it changed the
type of the %_defconfig rule: the stem is no longer present in the
prerequisites, so it changes from a pattern rule to an implicit pattern
rule [0].

It is not unusual to name the build directory after the defconfig that
is being built, so we may end up with a build directory named
meh_defconfig. Before e6195c5304, the pattern rule would not match
[1], but now it does, which causes somewhat-cryptic build failures:

    Makefile:1015: *** "Can't find /some/path/meh_defconfig".  Stop.

The issue is that we have this set of rules and assignments (elided and
reordered for legibility):

    all: world
    world: target-post-image
    target-post-image: staging-finalize
    staging-finalize: $(STAGING_DIR_SYMLINK)
    $(STAGING_DIR_SYMLINK): | $(BASE_DIR)
    BASE_DIR := $(CANONICAL_O)
    CANONICAL_O := $(shell mkdir -p $(O) >/dev/null 2>&1)$(realpath $(O))

So, there is a rule that (eventually) has a dependency on $(O), but we
have no rule that provides it explicitly, so the %_defconfig rule kicks
in, with the stem as "/some/path/meh". When the loop searches all the
".../configs/" directories for a file named ".../configs/%_defconfig",
it actually looks for a file named ".../configs//some/path/meh_defconfig"
and that indeed never matches anything.

The solution is to provide an actual rule for $(BASE_DIR), so that the
implicit rule does not kick in.

[0] Terminology and behaviour in make is hard, so the terms we used here
    may be wrong or incorrectly used, and/or the explanations for the
    behaviour be wrong or incomplete... Still, the reasoning stands, and
    the root cause is the removal of the stem in the RHS of the rule
    (adding one back does fix the issue).

[1] not sure how the prerequisite was solved  before e6195c5304,
    though...

Fixes: e6195c5304

Reported-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Nevo Hed <nhed+buildroot@starry.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Tested-by: Sebastian Weyer <sebastian.weyer@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-02-06 14:21:42 +01:00
Thomas Petazzoni
0b42512f2f boot/optee-os: rewrap Config.in help text to fix check-package warning
Fixes:

boot/optee-os/Config.in:140: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)

which is a warning that was introduced by commit
46306d135e ("boot/optee-os: add
out-of-source OPTEE-OS device tree support").

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-06 14:19:30 +01:00
Yann E. MORIN
d3cab8f29e package/Config.in.host: fix missing double-quote
Commit c96b2b21f7 (package/python-iniparse: add host-python-iniparse)
missed that.

Reported-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-02-06 12:36:56 +01:00
Joachim Wiberg
6ddc29708d package/netopeer2: fix sysv init script, does not start
- The netopeer server forks to background by default, no need for '-b'
 - The path to the daemon is /usr/sbin, not /usr/bin

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Acked-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-02-06 12:34:35 +01:00
Petr Vorel
b89eff429d package/iputils: bump version to 20221126
This release removed: ninfod, rarpd, rdisc
=> add entries to Config.in.legacy.

LICENSE file got updated (just to use SPDX)
=> update checksum.

Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Reviewed-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-02-06 12:20:17 +01:00
Giulio Benetti
3def0679e3 package/postgresql: work around gcc bug 43744
Package postgresql suffers from gcc bug 43744 other than 85180, so let's
work around disabling compiler optimization for this gcc bug too.

Fixes:
http://autobuild.buildroot.net/results/cf272cdc5be2faf4070de3d235ec7a0f7190867a

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-06 12:13:36 +01:00
Kory Maincent
46306d135e boot/optee-os: add out-of-source OPTEE-OS device tree support
Similarly to U-Boot, this patch adds the ability to copy in and build
out-of-source device tree sources during an OPTEE-OS build. To build
the external device tree source file, the OP-TEE OS configuration must
refer to it with the CFG_EMBED_DTB_SOURCE_FILE option and no platform
flavor needs to be specified.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-06 12:07:12 +01:00
Konstantin Menyaev
c96b2b21f7 package/crudini: add host-crudini
Make the host variant of crudini package. This can be useful in
post-{build,image} scripts.

Signed-off-by: Konstantin Menyaev <KAMenyaev@sberdevices.ru>
Reviewed-by: Heiko Thiery <heiko.thiery@gmail.com>
[yann.morin.1998@free.fr: select python3, don't depend on it]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-02-06 12:00:14 +01:00
Konstantin Menyaev
87af250c0e package/python-iniparse: add host-python-iniparse
Make the host variant of python-iniparse as host-crudini dependency.

Note: usually, we would not have needed to add a Config.in.host,
because it is jsut a library, but since there is an Config.in.host
for python-six, we need to select it, so we need an host entry.

Signed-off-by: Konstantin Menyaev <KAMenyaev@sberdevices.ru>
Reviewed-by: Heiko Thiery <heiko.thiery@gmail.com>
[yann.morin.1998@free.fr:
  - add the note
  - reorder alphabetically
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-02-06 12:00:14 +01:00
Angelo Compagnucci
101b05a374 docs/website: better recent commits/discussions output
Removing the "[Buildroot]" and the "Re:" from messages title to have a
cleaner look on the "news" boxes.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-06 11:59:03 +01:00
Bernd Kuhls
0664623830 package/libass: bump version to 0.17.0
Release notes: https://github.com/libass/libass/releases/tag/0.17.0

Added new optional dependency to libunibreak introduced by this bump.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-06 11:57:29 +01:00
Thomas Petazzoni
11e75ecbf0 boot/barebox: explicitly set the timezone for the kbuild timestamp
This adjusts the code added in commit
c90bd74ebb ("boot/barebox: pass required
environment variables for reproducible build") to explicitly set the
timezone when calculating KBUILD_BUILD_TIMESTAMP, like is already done
in linux/linux.mk.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-06 11:57:08 +01:00
Thomas Petazzoni
75c313816e boot/barebox: use $$ instead of $ where needed
Commit c90bd74ebb ("boot/barebox: pass
required environment variables for reproducible build") caused the
build to generate a spurious error message due to the $(shell
... date -d @$(SOURCE_DATE_EPOCH)) command being executed even when
BR2_REPRODUCIBLE was disabled.

This is due to the fact that variable references must be done using $$
within macros. This commit fixes that for the two variables that we
are referencing in the code added in commit
c90bd74ebb.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-06 11:57:08 +01:00
Bernd Kuhls
014180011d package/libunibreak: new package
Introduced as optional dependency with libass 0.17.0.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-06 11:57:08 +01:00
Ricardo Martincoski
4bbda72743 utils/checkpackagelib: warn about redefined config
Warn the developer in the case the same config is declared more than
once in the same Config.in file.
But take into account the conditional code that lets the config be
visible and warn only when it is declared more than once in the same
conditions.
For instance, do not warn for:
 if BR2_PACKAGE_BUSYBOX
 config BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
 endif
 if !BR2_PACKAGE_BUSYBOX # kconfig doesn't support else
 config BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
 endif

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-02-06 11:26:41 +01:00
Ricardo Martincoski
316e149611 Config.in.legacy: fix typo on BR2_PACKAGE_MEDIAART_BACKEND_QT
Currently using this minimal .config:
 BR2_PACKAGE_MEDIAART_BACKEND_GDK_PIXBUF=y
triggers:
     *** Legacy options removed in 2018.05 ***
 [ ] libmediaart none backend option renamed (NEW)
 [*] libmediaart gdk-pixbuf backend option renamed
 [*] libmediaart qt backend option renamed

Commit "8553b39887 libmediaart: rename options to have proper prefix",
part of the 2018.05 release had a copy&paste error.

As stated in the beginning of the file:
 The oldest symbols will be removed again after about two years.
But while we carry these legacy symbols, let's fix the typo.

Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-02-06 11:24:31 +01:00
Ricardo Martincoski
6a9feaabbc package, legacy: fix typo for "daemon" on help text
deamon -> daemon

At same time, in Config.in.legacy fix other typos in the same help text:
spae -> space
monolitic -> monolithic

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-02-06 11:23:43 +01:00
Ricardo Martincoski
4092d2a354 *: fix typo for separate(d|) in text
seperate is a common misspelling of separate

Fix all the typos in the tree that are not related to patch files.

CHANGES
  seperate -> separate, in the list of changes
Config.in.legacy
  seperate -> separate, in option name and help texts
package/leafnode2/leafnode2.mk
  seperate -> separate, in a comment
system/Config.in
  seperated -> separated, in a help text

Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-02-06 11:22:17 +01:00
Bernd Kuhls
67ceef8aff package/xmrig: bump version to 6.19.0
Changelog: https://github.com/xmrig/xmrig/blob/master/CHANGELOG.md

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-02-06 11:19:44 +01:00
Fabrice Fontaine
e279599d25 package/tmux: bump to version 3.3a
systemd is an optional dependency since
fc7f1e7acb

https://github.com/tmux/tmux/blob/3.3a/CHANGES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-02-06 11:19:32 +01:00
James Hilliard
c6929c0cdd package/iwd: bump to version 2.3
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-02-06 11:17:15 +01:00
Ricardo Martincoski
11d98385f5 package/thermald: bump to 2.5.1
README.txt states only these changes:
- Static analysis fixes
- Missing init, which causes skipping of conditions in a Dell system

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-02-06 11:03:19 +01:00
Arnout Vandecappelle
5be76a39d3 package/yajl: explicitly request a tag in _SITE
The yajl repository has both a branch and a tag names 2.1.0. Because of
this, when we use the usual github URL [1], github doesn't return a
tarball but rather an ASCII string:
   the given path has multiple possibilities: #<Git::Ref:0x00007f193bebe4d8>, #<Git::Ref:0x00007f193bebd858>

This obviously (and fortunately) leads to a hash check failure.

To make sure we get the tag and not the branch, we should use a URL that
explicitly asks for refs/tags/2.1.0 [2]. We can't change VERSION to
include refs/tags, because that also affects the _SOURCE default, the
contents of the tarball, the CPE ID and the release-monitoring access.
Therefore, add the refs/tags/ prefix to the github helper call.

[1] https://github.com/lloyd/yajl/archive/2.1.0/yajl-2.1.0.tar.gz
[1] https://github.com/lloyd/yajl/archive/refs/tags/2.1.0/yajl-2.1.0.tar.gz

Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-02-06 11:02:53 +01:00
Fabrice Fontaine
3c7fece853 package/gpsd: bump to version 3.25
Drop patch (not needed anymore)

https://gitlab.com/gpsd/gpsd/-/blob/release-3.25/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Yann E. MORIN <yann.morin@orange.com>
Acked-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-02-06 11:01:01 +01:00
Fabrice Fontaine
6139aeacd8 package/mongoose: fix build with gcc 4.8
Fix the following build failure with gcc 4.8 raised since bump to
version 7.8 in commit f9e51e1150:

/home/buildroot/autobuild/run/instance-2/output-1/build/mongoose-7.8/mongoose.c: In function 'mg_iotest':
/home/buildroot/autobuild/run/instance-2/output-1/build/mongoose-7.8/mongoose.c:4484:3: error: 'for' loop initial declarations are only allowed in C99 mode
   for (struct mg_connection *c = mgr->conns; c != NULL; c = c->next) {
   ^

Fixes:
 - http://autobuild.buildroot.org/results/c538c6d8e87e4e24097c9878ee15083802276505

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-02-06 11:01:01 +01:00
Angelo Compagnucci
ca97c78ee0 docs/website: fixing js for the new feed source
Feed source is moved to a local atom file available on the web server to
remove further problems with unreliable feed sources.
Moving the feed required a bit of refactor of the load_activity function
so it won't download two times te same url.

This change requires a cron job like this enabled on the website:
* * * * * wget -O new.atom https://lore.kernel.org/buildroot/new.atom

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-06 10:51:28 +01:00
Giulio Benetti
ee7cf14b51 toolchain/Config.in: extend gcc bug 43744 to every sh architecture
Gcc bug 43744 affects seems to affect all SH family because it already
affects:
1) sh4, here you can find a buildroot defconfig that fails to build:
http://autobuild.buildroot.net/results/1db/1db6c59c98e3c09fa13277076ee2fbe7967f1f6b/defconfig
2) sh4a, here you can find a buildroot defconfig that fails to build:
http://autobuild.buildroot.net/results/cf272cdc5be2faf4070de3d235ec7a0f7190867a/defconfig
Note also that gcc bugzilla entry reports the bug for SH and not for
sub-architectures:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=43744

So let's extend the bug to BR2_sh to match the entire SH architecture.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-06 10:28:02 +01:00
Marcus Folkesson
bbf8d89810 package/libcamera-apps: fix overflow conversion error
Upstream commit:
a65682a97e

Fixes:
- http://autobuild.buildroot.net/results/758631a9fcd62835844f78914a36dfb579e7beba/

Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-06 10:14:11 +01:00
Marcus Folkesson
80d98cd2a1 package/libcamera-apps: bump to version 1.1.1
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-06 09:54:21 +01:00
Casey Reeves
c90bd74ebb boot/barebox: pass required environment variables for reproducible build
Barebox makes use of the same variables as the linux kernel does for
handling reproducible build -- KBUILD_BUILD_HOST,
KBUILD_BUILD_TIMESTAMP, KBUILD_BUILD_USER. This patch sets the proper
variables based on linux/linux.mk, and passes them to the make
invocation when building, to ensure a reproducible build is possible
when BR2_REPRODUCIBLE is enabled.

Signed-off-by: Casey Reeves <casey@xogium.me>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-06 09:50:15 +01:00
Fabrice Fontaine
bfef88762d package/xxhash: use MOREFLAGS instead of overriding CFLAGS
Set MOREFLAGS instead of overriding CFLAGS to avoid the following build
failure raised since commit 94b66fb49c:

/home/autobuild/autobuild/instance-6/output-1/host/lib/gcc/x86_64-buildroot-linux-uclibc/11.3.0/../../../../x86_64-buildroot-linux-uclibc/bin/ld: /tmp/ccabb8cF.o: relocation R_X86_64_32S against `.rodata' can not be used when making a shared object; recompile with -fPIC

Fixes:
 - http://autobuild.buildroot.org/results/953133575d8c13266f1450fa545e70e4a518508d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-06 09:34:39 +01:00
Fabrice Fontaine
78e3637dd2 package/fluent-bit: fix openssl dependency
Fix the following build failure raised since the addition of the package
in commit 6a0f7c39bc:

Makefile:576: *** libopenssl is in the dependency chain of fluent-bit that has added it to its _DEPENDENCIES variable without selecting it or depending on it from Config.in.  Stop.

Fixes:
 - http://autobuild.buildroot.org/results/9c3b8e19063f7587877fdb0598739b55abccb3e8

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-02-05 16:02:31 +01:00
Julien Olivain
5a7b1b913e package/z3: bump to version 4.12.1
For change log since v4.12.0, see:
- https://github.com/Z3Prover/z3/releases/tag/z3-4.12.1

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-02-05 15:42:56 +01:00
Fabrice Fontaine
1f618aa388 package/tmux: add utf8proc optional dependency
utf8proc is an optional dependency since version 2.3 and
6c94774b70

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-02-05 15:42:05 +01:00
Fabrice Fontaine
ce2ac1fecf package/wireshark: security bump to version 4.0.3
Fix CVE-2023-0411, CVE-2023-0412, CVE-2023-0413, CVE-2023-0414,
CVE-2023-0415, CVE-2023-0416 and CVE-2023-0417

https://www.wireshark.org/security/wnpa-sec-2023-01
https://www.wireshark.org/security/wnpa-sec-2023-02
https://www.wireshark.org/security/wnpa-sec-2023-03
https://www.wireshark.org/security/wnpa-sec-2023-04
https://www.wireshark.org/security/wnpa-sec-2023-05
https://www.wireshark.org/security/wnpa-sec-2023-06
https://www.wireshark.org/security/wnpa-sec-2023-07

https://www.wireshark.org/docs/relnotes/wireshark-4.0.3.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-02-05 15:37:50 +01:00
Fabrice Fontaine
02befac8f9 package/upx: security bump to version 4.0.2
Fix CVE-2023-23456: A heap-based buffer overflow issue was discovered in
UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to
cause a denial of service (abort) via a crafted file.

Fix CVE-2023-23457: A Segmentation fault was found in UPX in
PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a
crafted input file allows invalid memory address access that could lead
to a denial of service.

https://github.com/upx/upx/blob/v4.0.2/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-02-05 15:24:43 +01:00
Fabrice Fontaine
42e34cf10f package/modsecurity2: security bump to version 2.9.7
- Fix CVE-2023-24021: Incorrect handling of '\0' bytes in file uploads
  in ModSecurity before 2.9.7 may allow for Web Application Firewall
  bypasses and buffer overflows on the Web Application Firewall when
  executing rules that read the FILES_TMP_CONTENT collection.
- host-pkgconf is mandatory and used to find libxml2 since
  baa38ddbaf
- pcre2 is supported since:
  8fc0b519b7

https://github.com/SpiderLabs/ModSecurity/blob/v2.9.7/CHANGES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-02-05 15:24:39 +01:00
Fabrice Fontaine
ae65870e65 package/opusfile: fix CVE-2022-47021
A null pointer dereference issue was discovered in functions op_get_data
and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows
attackers to cause denial of service or other unspecified impacts.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-02-05 15:24:34 +01:00
Fabrice Fontaine
32602f9cbb package/fluent-bit: add CPE variables
cpe:2.3🅰️treasuredata:fluent_bit is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Atreasuredata%3Afluent_bit

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-02-05 15:24:30 +01:00
Niklas Cassel
f6f15e85b3 package/elf2flt: fix error when building gdb for target on m68k
Thomas reported that m68k fails to build when enabling BR2_PACKAGE_GDB.

It fails when building gdb for the target with the following error:
elf2flt: ERROR: text=0x3c826 overlaps data=0x256e0 ?

It turns out that the gdb binary has another problematic input section
(.gcc_except_table), which causes elf2flt to try to append to the .text
output section, after it has already moved on with appending sections
to the .data output section.

elf2flt cannot append to a previous output section once it has moved on
to another output section.

Update the existing elf2flt patch to also add an exception for
.gcc_except_table.

Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-05 15:13:15 +01:00
Yann E. MORIN
93e7fc3e53 toolchain: make paranoid check of library/header paths unconditional
When we introduced support for the paranoid check of unsafe libraries
and headers path with commit 4ac8f78d37 (Add option for paranoid
unsafe path checking) back in 2014, we made it optional, as we expected
that would break quite a few packages.

Now, almost 8 years later, we only have three packages that explicitly
reference the option (dillo, gnuradio, and libtalloc), either in a patch
or in their .mk.

The option has been enabled by default since 2016, with 61c8854cef
(toolchain: enable paranoid unsafe path check by default), and that has
not triggered many build failures in a while.

The minimal defconfig used by test-pkg has also had it enabled as of
b6c98b3549 (minimal.config: add BR2_COMPILER_PARANOID_UNSAFE_PATH=y)
in 2017.

It is time to make that globally unconditional now.

There is still a remnant, in our binutils patches. As our toolchain may
get used outside of Buildroot, people may got the expectation that path
poisoning is only a warning, so we keep the current behaviour.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Romain Naour <romain.naour@gmail.com>
Acked-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-02-05 15:11:25 +01:00
Julien Olivain
d4ecefa3cc package/perftest: new package
Open Fabrics Performance Tests.

This is a collection of tests written over uverbs intended
for use as a performance micro-benchmark. The tests may be
used for HW or SW tuning as well as for functional testing.

https://github.com/linux-rdma/perftest

Tested-by: Shamraiz Ashraf <shamraizashraf092@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
[yann.morin.1998@free.fr
  - move all arch-related dependencies to _ARCH_SUPPORTS
  - include musl condition in comment and its dependnecies
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-02-05 15:03:50 +01:00
Julien Olivain
ea47e177f0 package/rdma-core: new package
This is the userspace components for the Linux Kernel's
drivers/infiniband subsystem.

https://github.com/linux-rdma/rdma-core

Tested-by: Shamraiz Ashraf <shamraizashraf092@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
[yann.morin.1998@free.fr:
  - select iproute2 as it provides the 'rdma' utility
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-02-05 13:51:13 +01:00
Giulio Benetti
9b439a721e package/libfuse3: bump to version 3.13.1
Fixes:
http://autobuild.buildroot.net/results/a98/a984d275d949e8dc989870d2d2b6f6c7168d52bb/

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-02-05 13:32:48 +01:00
James Hilliard
8f291a3843 package/gst1-plugins-bad: add new va option
This option enables va plugin support.

These plugins are vaapi based encoders/decoders that are eventually
intended to replace the legacy vaapi plugins.

Details:
https://gstreamer.freedesktop.org/documentation/va/index.html

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-02-05 13:29:22 +01:00
Arnout Vandecappelle
f802249c62 package/python-pytest: remove runtime dependency on python-toml
Since version 7.2 [1], with Python 3.11+ pytest no longer uses tomli to
parse pyproject.toml but instead uses tomllib which is part of Python
itself [2]. Note that toml was replaced with tomli in version 7.0, so
the dependency was anyway incorrect.

Note that tomllib is unconditionally installed as part of Python 3.11,
there is no PYTHON3_LIBTOML option or anything like that that needs to
be selected.

[1] https://docs.pytest.org/en/latest/changelog.html#pytest-7-2-0-2022-10-23
[2] https://github.com/pytest-dev/pytest/pull/9741

Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Reviewed-by: Ryan Barnett <ryanbarnett3@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-05 13:28:07 +01:00
Neal Frager
122c85985f board/versal/post-image.sh: do not require xilinx/ prefix for .dts files
If using BR2_LINUX_KERNEL_CUSTOM_DTS_PATH to copy .dts files from
buildroot into the linux tree, these .dts files are copied to
arch/arm64/boot. Unfortunately, the post-image.sh script expects to find
them in arch/arm64/boot/xilinx.

This patch does not require the xilinx/ prefix to be present when
symlinking the device-tree to system.dtb where u-boot expects to find
it.

It is effectively applying the below patch for zynqmp to versal as well:
https://patchwork.ozlabs.org/project/buildroot/patch/20230201195956.1758827-1-gsmecher@threespeedlogic.com/

Signed-off-by: Neal Frager <neal.frager@amd.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-05 13:24:10 +01:00
Graeme Smecher
70477e5fee board/zynqmp/post-image.sh: Don't insist on a xilinx/ prefix for .dts files.
If using BR2_LINUX_KERNEL_CUSTOM_DTS_PATH to copy .dts files from
buildroot into the linux tree, these .dts files are copied to
arch/arm64/boot. Unfortunately, the post-image.sh script expects to find
them in arch/arm64/boot/xilinx.

This patch does not require the xilinx/ prefix to be present when
symlinking the device-tree to system.dtb where u-boot expects to find
it.

Signed-off-by: Graeme Smecher <gsmecher@threespeedlogic.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Reviewed-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-02-05 13:20:46 +01:00