SSP support requires support in ATF platform code. Not all platforms
implement plat_get_stack_protector_canary() hook. The result is build
failure:
(.text.asm.update_stack_protector_canary+0x4): undefined reference to `plat_get_stack_protector_canary'
Commit cf176128ec ("boot/arm-trusted-firmware: add SSP option")
originally introduces this issue. But then commit ccac9a5bbb
("boot/arm-trusted-firmware: don't force ENABLE_STACK_PROTECTOR") hid
the problem by effectively disabling SSP for all platforms. So only
after commit 09acc7cbc9 ("boot/arm-trusted-firmware: fix SSP
support") the issue showed up.
Make SSP an opt-in for platform that actually provide the
plat_get_stack_protector_canary() hook.
Cc: Sergey Matyukevich <geomatsi@gmail.com>
Cc: Dick Olsson <hi@senzilla.io>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
add leap-seconds.list to installed files so it can be used by other packages
specifically, ntpd's ntp.conf can now include:
leapfile /usr/share/zoneinfo/leap-seconds.list
Signed-off-by: David Johnson <dave-git@centerclick.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Version 7.85.0 fixes CVE-2022-35252: When curl retrieves and parses
cookies from an HTTP(S) server, it accepts cookies using control codes
(byte values below 32). When cookies that contain such control codes are
later sent back to an HTTP(S) server, it might make the server return a
400 response. Effectively allowing a "sister site" to deny service to
siblings.
Drop upstream patches and autoreconf.
Cc: Matt Weber <matthew.weber@collins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We want to show the headers >= 5.1 Config.in comment when the
BR2_LINUX_KERNEL is satisfied, not when it isn't.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
mdio-tools are kernel module and accompanying tools for low-level
debugging of devices attached on MDIO bus like PHY-s, switches etc.
Userspace tools provide C22 or C45 reads and writes, benchmarking
and even dedicated Marvell Link Street tools via the included
kernel module.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop patches (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0
and older releases. This issue may allow an attacker to cause a denial
of service or have other unspecified impact via control over malloc.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure without threads raised since bump to
version 2.1.8 in commit ede944f535:
Settings.cpp: In function 'void Settings_Interpret(char, const char*, thread_Settings*)':
Settings.cpp:1281:9: error: break statement not within loop or switch
1281 | break;
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/2bcddf8439f6913fdf19b1fc2d33999a787ab3b2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Set ac_cv_prog_A2X to disable build of documentation and avoid the
following build failure without a working a2x raised since at least bump
to version 1.1.1 in commit ad21d84a58:
a2x -v -f manpage doc/man/usbguard.1.adoc -D ./$(dirname doc/man/usbguard.1.roff)
a2x -v -f manpage doc/man/usbguard-dbus.8.adoc -D ./$(dirname doc/man/usbguard-dbus.8.roff)
/nvmedata/autobuild/instance-5/output-1/host/bin/python3: Error while finding module specification for 'asciidoc.a2x' (ModuleNotFoundError: No module named 'asciidoc')
Fixes:
- http://autobuild.buildroot.org/results/e41950f3cd4bd83d9b067af498757cb9d2f207ef
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
kmemd let's you inspect a live Linux kernel's memory using GDB.
Signed-off-by: Tobias Waldekranz <tobias@waldekranz.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The libbpf build system currently uses the output of "uname -m" to
determine if the library should be installed in "lib" or
"lib64". However, uname -m returns the architecture of the build
machine, which often has nothing to do with the target CPU
architecture.
A patch has been submitted and accepted upstream to address this
issue, by using the $(CC) -dumpmachine output instead. This ensures
libbpf is installed in either "lib" or "lib64" depending on the
bitness of the target CPU architecture.
Signed-off-by: Tobias Waldekranz <tobias@waldekranz.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since Buildroot commit 3145adfb69 ("package/libbpf: needs headers >=
4.13"), libbpf depends on Linux headers >= 4.13. This requirement
renders the explicit list of supported architectures, previously added
in f693354c30 overly restrictive, as the syscall number for bpf(2)
has been defined since Linux 3.18.
Commit f693354c30 ("package/libbpf: add
BR2_PACKAGE_LIBBPF_ARCH_SUPPORTS") was introduced to fix a build issue
where a toolchain using very old kernel headers (3.13) failed to build
libbpf for ARM, but these architecture dependencies are no longer
needed due to the bump on the kernel headers version requirement.
Signed-off-by: Tobias Waldekranz <tobias@waldekranz.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
s390x doesn't support CONFIG_WIRELESS in Linux so let's disable this
package for this architecture.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Kris Bahnsen <kris@embeddedTS.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
s390x doesn't support CONFIG_WIRELESS in Linux so let's disable this
package for this architecture.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
s390x doesn't support CONFIG_WIRELESS in Linux so let's disable this
package for this architecture.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
s390x doesn't support CONFIG_WIRELESS in Linux so let's disable this
package for this architecture.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
s390x doesn't support CONFIG_WIRELESS in Linux so let's disable this
package for this architecture.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
s390x doesn't support CONFIG_WIRELESS in Linux so let's disable this
package for this architecture.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
s390x doesn't support CONFIG_WIRELESS in Linux so let's disable this
package for this architecture.
Fixes:
http://autobuild.buildroot.net/results/693053491ba61edcff0f75a4f30c13958e7e12ce/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Expat 2.5.0 has been released earlier today. Most importantly, this
release fixes CVE-2022-43680: a heap use-after-free vulnerability after
overeager destruction of a shared DTD in function
XML_ExternalEntityParserCreate in out-of-memory situations, with
expected impact of denial of service or potentially arbitrary code
execution.
https://blog.hartwork.org/posts/expat-2-5-0-releasedhttps://github.com/libexpat/libexpat/blob/R_2_5_0/expat/Changes
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following uclibc build failure raised since bump to version 5.43
in commit f17b56f1aa and
c80065fe69:
file.c: In function 'fname_print':
file.c:605:10: error: macro "putc" requires 2 arguments, but only 1 given
605 | putc(c);
| ^
Fixes:
- http://autobuild.buildroot.org/results/7ff1dd9f79408d2e6286c005302b6f3c505ab259
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure without C++ raised since bump to version
1.0.5 in commit a380244766:
CMake Error at /home/autobuild/autobuild/instance-7/output-1/host/share/cmake-3.22/Modules/CMakeTestCXXCompiler.cmake:62 (message):
The C++ compiler
"/usr/bin/clang++"
is not able to compile a simple test program.
Fixes:
- http://autobuild.buildroot.net/results/30b519aa60d5baddb4015cf3608baa04a30be907
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit backports the patch "fixinc: don't "fix" machine names in
__has_include(...)" from upstream GCC, which is needed to resolve a
header conflict between glibc headers and kernel headers, which has
appeared since we bumped glibc to version 2.36 in commit
80c8c15c85.
The problem comes from the "fixinc" logic used by gcc to fixup some
headers files, generated inside an include-fixed/ folder. This logic
ended up replacing "linux/mount.h" by "__linux__/mount.h" in
__has_include() invocation, like this:
#ifdef __has_include
# if __has_include ("__linux__/mount.h")
# include "linux/mount.h"
# endif
#endif
in
build/host-gcc-final-11.3.0/build/gcc/include-fixed/sys/mount.h. With
this fix in place, this "include-fixed" header is no longer generated,
avoiding the problem.
This issue was visible in two different ways in glibc configurations:
- As a build failure during the gcc build itself, for architectures
that support libsanitizer, as libsanitizer includes mount.h, and
would therefore encounter the header conflict.
- As a build failure during another user-space package (such as
sysvinit for example), on architectures when libsanitizer isn't
used, and therefore for which the gcc build was successful, but the
header conflict shows up when building some "random" user-space
package.
The problem is already fixed in GCC 12.2.0, so no patch is
required. The problem did not exist back in GCC 8.4.0, so this version
does not need patching. Consequently, the patch is only needed for GCC
10.4.0, GCC 11.3.0 and the special ARC 2020.09-release version.
Fixes:
(gcc build issue, on architecture that supports libsanitizer)
http://autobuild.buildroot.net/results/90fe4c3b8b72a2c28555674383de9bbd9e8ae09a/
(sysvinit build issue, on architecture that does not support libsanitizer)
http://autobuild.buildroot.net/results/d7bf5795b7621a92be32f18794e3e67944fb96db/
(crun)
http://autobuild.buildroot.net/results/e3e8da4f797dced48aedf8c636db983d36849850/
(libarchive)
http://autobuild.buildroot.net/results/9fcbf0c036a97b2e9a4fcc6e173bcfa09e1b3dac/
Thanks a lot to Peter Seiderer for pointing the relevant GCC commit.
Fixes:
https://bugs.busybox.net/show_bug.cgi?id=15021
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fix CVE-2022-38784: Poppler prior to and including 22.08.0 contains an
integer overflow in the JBIG2 decoder
(JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a
specially crafted PDF file or JBIG2 image could lead to a crash or the
execution of arbitrary code. This is similar to the vulnerability
described by CVE-2022-38171 in Xpdf.
- Drop patch (already in version)
https://gitlab.freedesktop.org/poppler/poppler/-/blob/poppler-22.10.0/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2022-3213: A heap buffer overflow issue was found in
ImageMagick. When an application processes a malformed TIFF file, it
could lead to undefined behavior or a crash causing a denial of
service.
https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The gdbserver support for or1k is available since 12.1 release, since
commit [1]. Restrict the gdb version choice for or1k to 12.1 for
simplicity. Also enable host-gdb to connect to the gdbserver on the
target.
[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=4933265c3f71b9134363d0c05f09542d5cc677f4
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Stafford Horne <shorne@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add a patch from upstream pull request to fix build with python 3.11.
Fixes:
python/enum.c: In function ‘enumitem_new’:
python/enum.c:55:25: error: lvalue required as left operand of assignment
55 | Py_SIZE(&self->val) = Py_SIZE(longval);
| ^
python/enum.c: In function ‘zbarEnumItem_New’:
python/enum.c:146:25: error: lvalue required as left operand of assignment
146 | Py_SIZE(&self->val) = Py_SIZE(longval);
| ^
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
drop cross-compile patch which is now upstream (again).
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Add host-python-cython so that cython will generate python 3.11
compatible sources instead of using the python 3.11 incompatible
pre-built sources.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The configure file is a shell script which searches for a predefined
python binary and then calls configure.py with that.
As we already call configure with the desired python binary we should
call configure.py directly so that the expected python binary is used
and so that the shell wrapper doesn't throw spurious interpreter
validation errors.
This also avoid spurious errors due to the configure shell wrapper
missing supported python versions, for example this fixes:
Node.js configure: Found Python 3.11.0...
Please use python3.10 or python3.9 or python3.8 or python3.7 or python3.6.
/usr/bin/python3.10 ./configure
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
http://autobuild.buildroot.org/results/3a8/3a8b66027cde3cdd9d02745381526d52bb626a78/
Bootgen embeds an old version of flex, but uses the system include syntax
(#include <>) to reference it, causing conflicts on systems with the
development headers for a modern flex version installed, leading to build
issues like:
../bisonflex/bif.yy.cpp: In member function 'virtual int BIF::FlexScanner::yylex()':
../bisonflex/bif.yy.cpp:1608:18: error: no match for 'operator=' (operand types are 'std::istream' {aka 'std::basic_istream<char>'} and 'std::istream*' {aka 'std::basic_istream<char>*'})
Fix it by using normal local #include statements by:
sed -i 's/<FlexLexer.h>/"FlexLexer.h"/g' *
Patch submitted upstream: https://github.com/Xilinx/bootgen/pull/20
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Neal Frager <neal.frager@amd.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>