Unless told otherwise, ninja will spawn as many jobs as there are CPU
(plus 2). Nodejs is built with ninja, but it is a generic package, so
there is no variable (like with cmake-package) that passes the proper
number of parallel jobs as configured by the user.
As a consequence, the nodejs build will use as many CPU as are
available, possibly overcommitting the rsources the user expected to be
used.
Set the JOBS variableto limit that number.
Signed-off-by: Jens Maus <mail@jens-maus.de>
[yann.morin.1998@free.fr: reword commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security vulnerability:
- CVE-2023-27585: Heap buffer overflow when parsing DNS packet
https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr
Drop now upstreamed security fixes for CVE-2022-23537 and CVE-2022-23547.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit fixes a problem where the NUT package couldn't be
used as a NUT server due to the fact that the default group for
nobody is "nogroup" and not "nobody" like the internal default
of NUT. Thus, when starting a NUT server daemon the daemon starts
with incorrect group permissions. This commit fixes this
shortcoming by introducing a dedicated 'nut' user and 'nut' group
to drop priviledges to it.
Signed-off-by: Jens Maus <mail@jens-maus.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
For release announce, see:
https://lists.infradead.org/pipermail/kexec/2023-August/027830.html
This new version introduced a usage of memfd_create() in [1]. This
function was introduced in Kernel 3.17. Therefore, this commit adds
this new dependency. This direct use of memfd_create() requires a
glibc >= 2.27. As is, this version would no longer work with uclibc-ng
or musl libc. This commit also adds a patch to allow compilation with
glibc < 2.27, and also uclibc and musl. See the patch commit log for
more details.
[1] https://git.kernel.org/pub/scm/utils/kernel/kexec/kexec-tools.git/commit/?id=714fa11590febc9cf6fd3c6309374a040a05ebb0
Signed-off-by: Julien Olivain <ju.o@free.fr>
[yann.morin.1998@free.fr: add arch dependency to comment]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
According to a collaborator [0] the affected code isn't in 4.3.1
[0]: https://github.com/obgm/libcoap/issues/1117
Signed-off-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The affected code isn't present in any release, see [0].
[0]: https://www.libssh.org/2023/07/14/cve-2023-3603-potential-null-dereference-in-libsshs-sftp-server/
The CPE entry for this CVE is
cpe:2.3🅰️libssh:libssh:-:*:*:*:*:*:*:*
We interpret the "-" as matching any version. It actually means
"unspecified version", which is the cop-out in case there is nothing
useful to match. We can't really make our infrastructure ignore "-"
entirely, because for all we know our version is an unreleased commit
sha which _is_ vulnerable. Thus, the only way out is an exclusion which
we'll never be able to remove.
Signed-off-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Allow enabling support for both the X11 and Wayland backends.
This in turn needs reorganizing how desktop GL or OpenGL ES is chosen,
as it no longer can depend on whether Wayland support is enabled: the
BR2_PACKAGE_HAS_LIBGL and BR2_PACKAGE_HAS_LIBGLES variables are both
checked, and ENABLE_GLES2 is set only if the package providing OpenGL
claims only GLES is supported; otherwise desktop GL is preferred. This
matches the existing logic.
The existing comment indicating that only one of both windowing systems
can be enabled was wrong: the same WebKitGTK build can target both
X11 and Wayland at the same time, as long as GTK itself has been built
accordingly. Enabling both is the approach taken by most Linux
distributions, and has been supported for years.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Devoogdt <thomas.devoogdt@barco.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Sometimes it happens that a Company or a Physical Person sponsors the
creation and/or the upstreaming process of a patch, but at the moment
there is no way to give credits to it. In Linux they prepend '+sponsor'
to the e-mail of the contributor in both authorship and commit log tag as
discussed here[0]. So let's describe in the manual how to do that as a
standard.
[0]: https://lore.kernel.org/linux-doc/20230817220957.41582-1-giulio.benetti@benettiengineering.com/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
[yann.morin.1998@free.fr:
- reword to reference sub-addressing and the RFC
- move to the "submitting patches" section, that already deals with
SoB tags
- differentiate between Your/Their names
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following musl build failure raised since bump to version
2023.05 in commit b86542085d and
8228b13906:
In file included from core/bootloader.c:9:
include/util.h:210:23: error: unknown type name 'mode_t'
210 | int mkpath(char *dir, mode_t mode);
| ^~~~~~
Fixes:
- http://autobuild.buildroot.org/results/e545f294c7f032fd7434fdb91aa18a38b2e19038
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
libuv unconditionally uses stdatomic since
2f33980a91
resulting in the following build failure with gcc < 4.9 since bump to
version 1.45.0 in commit 21764235cb:
In file included from src/fs-poll.c:23:0:
src/uv-common.h:41:24: fatal error: stdatomic.h: No such file or directory
# include <stdatomic.h>
^
Fixes:
- http://autobuild.buildroot.org/results/6b9ce25ba7e5c5602313d533f460f8829f767f81
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Per default, the fio package uses the "-march=native" GCC option. This
is of course wildly inappropriate for cross-compilation and can result
in illegal instructions. Thus we make sure fio will not use that
compiler option by adding --disable-native to FIO_OPTS.
Signed-off-by: Jens Maus <mail@jens-maus.de>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The old expect homepage URL [1] is now redirecting to [2]. This commit
updates the URL to the new one.
[1] http://expect.sourceforge.net/
[2] https://core.tcl.tk/expect/
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
This commit integrates support for the iwlwifi QuZ firmware files
to support the wifi chipsets for the intel NUC10 type of hardware.
Thus, this change adds BR2_PACKAGE_LINUX_FIRMWARE_IWLWIFI_QUZ.
Signed-off-by: Jens Maus <mail@jens-maus.de>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The commit 4e365d1768 "package/tcl: bump to version 8.6.13" did NOT
refreshed the package patch, because the patch was still applying
correctly and the package was working as expected.
It was refreshed in the previous bump, in commit 9cf314745a
"package/tcl: bump to version 8.6.12". This was part of 2022.02.
Looking closer at the patch content, the -/+ lines are exactly the
same. So this patch does not change anything. Since the file was kept
and the commit log mention a patch refresh, the intent was more
likely to carry over the old patch (which was declaring all libc
functions as "unbroken".
This commit actually refreshes this patch. It was regenerated with
git format-patch. Since the patch is renamed due to git format-patch,
the .checkpackageignore is updated accordingly.
Note:
This ancient patch will be removed soon, as an upstream commit [1],
not yet in a release, cleaned up and removed those old parts.
[1] 04d66a2571
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
As off 2022-11-22 CVE-2022-39377 is listed as affecting sysstat
< 2.16.1 instead of < 2.17.1. The text is not updated, but the CPE info
is.
Signed-off-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The install to staging commands of the ne10 package are careful to
install the shared libraries only if they are built, but we forgot to
use the same care for the install to target commands, causing a build
failure on BR2_STATIC_LIBS=y configurations as no shared library was
built:
cp: cannot stat '/home/autobuild/autobuild/instance-15/output-1/build/ne10-1.2.1/modules/libNE10*.so*': No such file or directory
This commit fixes this by guarding the target installation commands to
BR2_STATIC_LIBS being empty.
The problem exists since the package was introduced in commit
318f3db0dc ("ne10: new package"), a good
10 years ago. Most likely it was not seen for many years as this
package is only available for ARM with NEON and AArch64, and we were
not testing fully static builds, except for ARMv5 that don't have
NEON. Now that we are doing more random testing, the problem started
being visible.
Fixes:
http://autobuild.buildroot.net/results/45b2c1af052271bc2f1bb96544f138d29e4f7dfd/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Commit bc4110b073 ("package/libraw: fix CVE-2023-1729") mistakenly
added the patch name to IGNORE_CVES instead of the CVE reference. Fix
that.
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- tag prefix changed from 'release-' to 'v'
- C++14 is now required which gcc5 already provides
(tested with bootlin toolchain armv7-eabihf--glibc--stable-2017.05-toolchains-1-1)
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
NLMSGERR_ATTR_MAX has been added in kernel 4.16 with
dc2b9f19e3
resulting in the following build failure since bump to version 2.6.4 in
commit a46ac23465 and
e34437c26b:
dco_linux.c: In function 'ovpn_nl_cb_error':
dco_linux.c:303:27: error: 'NLMSGERR_ATTR_MAX' undeclared (first use in this function); did you mean '__CTRL_ATTR_MAX'?
struct nlattr *tb_msg[NLMSGERR_ATTR_MAX + 1];
^~~~~~~~~~~~~~~~~
__CTRL_ATTR_MAX
Fixes:
- http://autobuild.buildroot.org/results/69b9737913ac0b5cd2c117d526602874da3ee487
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As off 2021-05-17 NVD added 1.19 as the first version that isn't
affected by CVE-2007-4476.
Signed-off-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
CVE-2022-45061 affects python <= 3.7.15, 3.8.0 through 3.8.15,
3.9.0 through 3.9.15, 3.10.0 through 3.10.8
The mentioned patch was removed in c38de813 when bumping to 3.11.1.
Signed-off-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The mentioned patch was removed in 7549e05b when bumping to 70-1.
Signed-off-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
CVE-2021-32749 affects fail2ban <= 0.9.7, 0.10.0 through 0.10.6, and
0.11.0 through 0.11.2.
The mentioned patch was removed in 76853089 when bumping to 1.0.1.
Signed-off-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failures raised since bump to version 1.4.0 in
commit 456a739831:
-- Found PythonInterp: /usr/bin/python3.6 (found suitable version "3.6.9", minimum required is "3.6")
CMake Error at /home/buildroot/autobuild/run/instance-3/output-1/host/sparc64-buildroot-linux-gnu/sysroot/usr/share/cmake/pybind11/FindPythonLibsNew.cmake:147 (message):
Python config failure:
Traceback (most recent call last):
File "<string>", line 6, in <module>
ImportError: cannot import name 'sysconfig'
and
In file included from /home/buildroot/autobuild/instance-1/output-1/host/include/python3.11/Python.h:38,
from /home/buildroot/autobuild/instance-1/output-1/host/sh4-buildroot-linux-gnu/sysroot/usr/include/pybind11/detail/common.h:266,
from /home/buildroot/autobuild/instance-1/output-1/host/sh4-buildroot-linux-gnu/sysroot/usr/include/pybind11/attr.h:13,
from /home/buildroot/autobuild/instance-1/output-1/host/sh4-buildroot-linux-gnu/sysroot/usr/include/pybind11/detail/class.h:12,
from /home/buildroot/autobuild/instance-1/output-1/host/sh4-buildroot-linux-gnu/sysroot/usr/include/pybind11/pybind11.h:13,
from /home/buildroot/autobuild/instance-1/output-1/host/sh4-buildroot-linux-gnu/sysroot/usr/include/pybind11/numpy.h:12,
from /home/buildroot/autobuild/instance-1/output-1/build/zxing-cpp-2.1.0/wrappers/python/zxing.cpp:18:
/home/buildroot/autobuild/instance-1/output-1/host/include/python3.11/pyport.h:601:2: error: #error "LONG_BIT definition appears wrong for platform (bad gcc/glibc config?)."
601 | #error "LONG_BIT definition appears wrong for platform (bad gcc/glibc config?)."
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/665b246a4bb14480152ee59050672a7469148a5b
- http://autobuild.buildroot.org/results/0502b05020de57e4910125c699c4264047187c51
- http://autobuild.buildroot.org/results/c5e7fe83d46c704e05800e3ae62bf476458c7b71
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Enable OpenSSL to build U-boot. Reported by the daily autobuild.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/5083367140
Signed-off-by: Roberto Medina <robertoxmed@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Define static_assert if needed to avoid the following build failure with
uclibc-ng < 1.0.42 raised since bump to version 2.39 in commit
ad276d94a3 and
0ff5740652:
/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabihf/9.3.0/../../../../arm-buildroot-linux-uclibcgnueabihf/bin/ld: ./.libs/libsmartcols.so: undefined reference to `static_assert'
Fixes:
- http://autobuild.buildroot.org/results/c3d38d92557ee9e59b717b85f6307810d5de1487
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure with oprofile raised since bump of
binutils to version 2.40 in commit
35656482d3:
configure: error: bfd library not found
[...]
configure:17928: checking for bfd_openr in -lbfd
configure:17953: /home/buildroot/autobuild/run/instance-1/output-1/host/bin/arm-linux-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g0 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 conftest.c -lbfd -liberty -lpopt -ldl -lintl >&5
/home/buildroot/autobuild/run/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/12.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: warning: libsframe.so.0, needed by /home/buildroot/autobuild/run/instance-1/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libbfd.so, not found (try using -rpath or -rpath-link)
Indeed, in this case, libsframe is not installed even after applying
commit 1b4d921e1d because
BR2_BINUTILS_VERSION_2_40_X is not selected by anyone (binutils package
is selected by oprofile and the toolchain is not generated by buildroot)
To fix this issue, invert the logic: install libsframe by default (i.e.
when binutils is selected or with a buildroot toolchain). libsframe will
not be installed only if binutils < 2.40 is detected.
Fixes:
- http://autobuild.buildroot.org/results/af9a2d52823a332b48e6df14d2708b6a4b3833a4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fix the following build failure with gcc 4.8 raised since bump of snmppp
to version 3.5.0 in commit e011fa0415:
configure: error: Cannot find suitable libsnmp++ library
[...]
configure:9496: checking if libsnmp++ can be linked with flags from pkg-config
configure:9528: /home/buildroot/autobuild/run/instance-1/output-1/host/bin/arm-none-linux-gnueabi-g++ -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g0 -D_FORTIFY_SOURCE=1 -pthread -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -D_XOPEN_SOURCE=XPG6 conftest.cpp -L/home/buildroot/autobuild/run/instance-1/output-1/host/bin/../arm-buildroot-linux-gnueabi/sysroot/usr/lib -lsnmp++ >&5
In file included from /home/buildroot/autobuild/run/instance-1/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/snmp_pp/snmp_pp.h:71:0,
from conftest.cpp:92:
/home/buildroot/autobuild/run/instance-1/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/snmp_pp/uxsnmp.h:628:35: error: 'nullptr' was not declared in this scope
CSNMPMessage *snmp_message = nullptr);
^
Fixes:
- http://autobuild.buildroot.org/results/f272473e7b588f5390b183072935a0217290ee4e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Drop patches (already in version) and so autoreconf
- Update COPYING hash (gpl mailing address updated with
9bd45cc06e6a5997fbd6)
- Fix CVE-2022-43634: This vulnerability allows remote attackers to
execute arbitrary code on affected installations of Netatalk.
Authentication is not required to exploit this vulnerability. The
specific flaw exists within the dsi_writeinit function. The issue
results from the lack of proper validation of the length of
user-supplied data prior to copying it to a fixed-length heap-based
buffer. An attacker can leverage this vulnerability to execute code in
the context of root. Was ZDI-CAN-17646.
- Fix CVE-2022-45188: Netatalk through 3.1.13 has an afp_getappl
heap-based buffer overflow resulting in code execution via a crafted
.appl file. This provides remote root access on some platforms such as
FreeBSD (used for TrueNAS).
- Fix CVE-2023-42464: Validate data type in dalloc_value_for_key()
https://github.com/Netatalk/netatalk/blob/netatalk-3-1-17/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
A vulnerability was found in OpenSC. This security flaw cause a buffer
overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The
attacker can supply a smart card package with malformed ASN1 context.
The cardos_have_verifyrc_package function scans the ASN1 buffer for 2
tags, where remaining length is wrongly caculated due to moved starting
pointer. This leads to possible heap-based buffer oob read. In cases
where ASAN is enabled while compiling this causes a crash. Further info
leak or more damage is possible.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
