Since the switch to binutils 2.41 as default version [1], the arm Linux
kernel build is broken with:
arch/arm/mm/proc-v7.S: Assembler messages:
arch/arm/mm/proc-v7.S:640: Error: junk at end of line, first unrecognized character is `#'
A similar issue has already be fixed for qemu m68k [2].
Bump to the latest kernel 5.10 that already include the backport
of 790756c7e022 ("ARM: 8933/1: replace Sun/Solaris style flag on section directive")
Select BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y to fix the following
build error:
scripts/extract-cert.c:21:25: fatal error: openssl/bio.h: No such file or directory
#include <openssl/bio.h>
[1] e88225ed88
[2] a1ce9474e4
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/6655119386
Signed-off-by: Julien BOIBESSOT <julien.boibessot@armadeus.com>
[Romain:
- improve commit log
- Select BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL
]
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Since the switch to binutils 2.41 as default version [1], the arm Linux
kernel build is broken with:
arch/arm/mm/proc-v7.S: Assembler messages:
arch/arm/mm/proc-v7.S:640: Error: junk at end of line, first unrecognized character is `#'
A similar issue has already be fixed for qemu m68k [2].
Bump to the latest kernel 5.10 that already include the backport
of 790756c7e022 ("ARM: 8933/1: replace Sun/Solaris style flag on section directive")
Select BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y to fix the following
build error:
scripts/extract-cert.c:21:25: fatal error: openssl/bio.h: No such file or directory
#include <openssl/bio.h>
[1] e88225ed88
[2] a1ce9474e4
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/6655119389
Signed-off-by: Julien BOIBESSOT <julien.boibessot@armadeus.com>
[Romain:
- improve commit log
- Select BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL
]
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Since the switch to binutils 2.41 as default version [1], the arm Linux
kernel build is broken with:
arch/arm/mm/proc-v7.S: Assembler messages:
arch/arm/mm/proc-v7.S:640: Error: junk at end of line, first unrecognized character is `#'
A similar issue has already be fixed for qemu m68k [2].
Bump to the latest kernel 5.10 that already include the backport
of 790756c7e022 ("ARM: 8933/1: replace Sun/Solaris style flag on section directive")
Select BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y to fix the following
build error:
scripts/extract-cert.c:21:25: fatal error: openssl/bio.h: No such file or directory
#include <openssl/bio.h>
[1] e88225ed88
[2] a1ce9474e4
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/6655119384
Signed-off-by: Julien BOIBESSOT <julien.boibessot@armadeus.com>
[Romain:
- improve commit log
- Select BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL
]
Signed-off-by: Romain Naour <romain.naour@smile.fr>
When glibc was bumped to version 2.39 in commit
b5680f53d6 it removed the deprecated
libcrypt support.
As glibc's libcrypt was providing sshd's libcrypt dependency this broke
the sshd password authentification at runtime using glibc version 2.39.
# sshpass -p testpwd ssh -oStrictHostKeyChecking=no localhost /bin/true
Permission denied, please try again.
Without libcrypt, OpenSSH >= 6.2 fall back to using openssl's DES_crypt
function on platorms that don't have a native crypt() function [1].
Note that DES_crypt is deprecated since openssl 3.0 [2] [3].
"Use of the low level DES functions has been informally discouraged for a
long time. We now formally deprecate them.
Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt
functions."
Also DES_crypt is provided by openssl only if
BR2_PACKAGE_LIBOPENSSL_ENABLE_DES is enabled. Otherwise crypt() is
never defined:
sd-compat.a(xcrypt.o): in function `xcrypt':
xcrypt.c:(.text+0x48): undefined reference to `crypt'
It's not clear why the password authentification fail with openssl's
DES_crypt but since it's deprecated we use libxcrypt to provide
a working crypt() function for glibc based toolchains.
[1] https://github.com/openssh/openssh-portable/blob/V_9_7/openbsd-compat/xcrypt.c#L57
[2] c6fec81b88
[3] https://www.openssl.org/docs/man3.2/man3/DES_crypt.html
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6623402147
Signed-off-by: Romain Naour <romain.naour@smile.fr>
When glibc was bumped to version 2.39 in commit
b5680f53d6 it removed the deprecated
libcrypt support.
But compiler-rt package still use crypt.h header and crypt() function
in the sanitizer code.
Use libxcrypt unconditionally since compiler-rt itself already depends
on glibc based toolchain.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6703222513
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Since the toolchain Bootlin update to 2023.11-1 [1], the arm Linux
kernel build is broken with binutils >= 2.41 with:
arch/arm/mm/proc-v7.S: Assembler messages:
arch/arm/mm/proc-v7.S:640: Error: junk at end of line, first unrecognized character is `#'
A similar issue has already be fixed for qemu m68k [2].
Bump to the latest kernel 4.19 that already include the backport
of 790756c7e022 ("ARM: 8933/1: replace Sun/Solaris style flag on section directive")
[1] 7e0e6e3b86
[2] a1ce9474e4
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6703222383
Signed-off-by: Romain Naour <romain.naour@smile.fr>
GCC14 now treats implicit int types as error so when check() from
check-lxdialog.sh is called to check whether we can link against ncurses
it will fail silently and the help text indicating to install ncurses is
printed.
However, this is not due to missing ncurses but once the stderr redirect
to /dev/null is removed we can see the root cause:
<stdin>:2:1: error: return type defaults to ‘int’ [-Wimplicit-int]
So, in order for menuconfig to work with GCC14 lets just specify the
return type of main() as int.
Npte that the upstream kconfig in the linux kernel source tree no longer
carries or uses the check-lxdialog.sh script since commit 1c5af5cf9308
(kconfig: refactor ncurses package checks for building mconf and nconf),
so there is no commit we can backport to our kconfig copy.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Tested-by: Petr Vorel <petr.vorel@gmail.com>
[yann.morin.1998@free.fr: add note about upstream kernel]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
CVE-2024-32473: Ensure IPv6 is disabled on interfaces only allocated an IPv4
address by the engine
https://github.com/moby/moby/security/advisories/GHSA-x84c-p2g9-rqv9
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Builds the spi-nor.img together with the sdcard.img.
Readme is extended with SPI NOR flash writing instructions
and recovery.
The spi-nor.img layout is based on the following document:
https://doc-en.rvspace.org/VisionFive2/Boot_UG/JH7110_SDK/boot_address_allocation.html
Signed-off-by: Lukasz Tekieli <tekieli.lukasz@gmail.com>
[Arnout: extend readme.txt with paragraph that either boot mode works.]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The configuration is based on defconfig from starfive's kernel fork [1].
[1] 076ede06c0/arch/riscv/configs/starfive_visionfive2_defconfig
Signed-off-by: Lukasz Tekieli <tekieli.lukasz@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The 6.7.x series is now EOL upstream, so drop the linux-headers option
and add legacy handling for it.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Remove ac_cv_prog_cc_c99; axel has been updated to autoconf 2.72, whose C99
test is compatible with BR2_USE_WCHAR=n.
Signed-off-by: Ismael Luceno <ismael@iodev.co.uk>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Adjust DTS_NAME to current kernel source tree location of DTs in
per-vendor directories.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6665749909
Cc: Jan Kundrát <jan.kundrat@cesnet.cz>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2021-3575: A heap-based buffer overflow was found in openjpeg in
color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An
attacker could use this to execute arbitrary code with the permissions of
the application compiled against openjpeg.
Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because
strcpy is used instead of strncpy.
Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Devoogdt <thomas@devoogdt.com>
Reviewed-by: J. Neuschäfer <j.neuschaefer@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Note that, although not explicitly specified in the changelog, version
3.7 renamed the file COPYING to LICENSE, requiring corresponding changes
in Bildroot related to the license file (specifically, the name and hash).
Release notes:
- bmap-tools 3.7:
* Use GitHub Actions for CI (#109)
* Add `poetry` for dependency management and `black` for code
formatting (#104)
* Add functionality for copying from standard input (#99)
* Switch from gpg to gpgme module (#103)
- bmaptool 3.8.0:
* use 'df -P' for POSIX portable output
* bmaptool has new maintainers
* bmaptool has a new home
* bmaptool is now only called 'bmaptool' and not one of a dozen such
variations
* switch to use an X.Y.Z versioning number scheme
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Historically, the package was named bmap-tools, and that's the name
under which it was introduced in Buildroot. Since then, it has moved to
a new home (i. e. to https://github.com/yoctoproject/bmaptool) under the
Yocto Project umbrella, and got renamed to bmaptool. To avoid useless
churn, we keep the old symbols, and just refer to bmaptool in the
prompt.
Link: https://patchwork.ozlabs.org/project/buildroot/patch/20240413131757.3627575-2-dario.binacchi@amarulasolutions.com
Suggested-by: Yann E. Morin <yann.morin.1998@free.fr>
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As reported in the README file of the old GitHub URL (i.e.
https://github.com/intel/bmap-tools), "The code at this location is no
longer maintained and will likely be removed in the future. This project
has moved to https://github.com/yoctoproject/bmaptool".
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Notable changes:
- The web terminal is readonly by default now, to make it writable, use
-W option.
Also set TTYD_CPE_ID_VALID.
cpe:2.3🅰️ttyd_project:ttyd is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/detail/DBEDA75E-4E19-48C1-92D7-43E4035BC048
Signed-off-by: TIAN Yuanhao <tianyuanhao3@163.com>
[yann.morin.1998@free.fr: move CPE_ID_VALID to its own commit]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Also a runtime testcase is added.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
[yann.morin.1998@free.fr:
- fix check-package
- small codign style in test sample
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
/dev/shm is a world-writable directory, like /tmp, and should also
have the sticky bit set. Without this, any user can delete and
replace another user's files in /dev/shm.
This bug has been present since /dev/shm was added to the skeleton
/etc/fstab, but appears to have been fixed for systems using systemd
by commit 76fc9275f1 "system: separate sysv and systemd parts of the
skeleton" which went into Buildroot 2017.08.
Signed-off-by: Ben Hutchings <ben.hutchings@mind.be>
Fixes: 22fde22e35
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
