There are two legitimate cases to prefer ifdef over ifeq in package
recipes: command-line overrides are allowed for busybox and uclibc
configs.
Except for that, all package in tree already use ifeq, so warn the
developer adding/changing a package to use ifeq instead of ifdef, in
order to keep consistence across packages.
file.mk:2: use ifeq ($(SYMBOL),y) instead of ifdef SYMBOL
file.mk:5: use ifneq ($(SYMBOL),y) instead of ifndef SYMBOL
The difference between ifeq and ifdef is that ifdef doesn't expand
recursively.
Add comments to busybox and uclibc packages to avoid a warning in such
special cases.
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 29c9b44355)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The same comment already exists for UCLIBC_CONFIG_FILE.
Both variables can be override from command-line, as described in the
manual, at section 'Environment variables'.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 01c0fb3862)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit upstream 1c5a0bb32583fd294022e68e66b541bf6ff71a67
"✨ Update CMake to modern approach" removed all feature
toogles, so starting from release v1.11 any flag passed in BUILD_DEFINES
was completely ignored during the build.
Version 1.11.4 was in use in buildroot since February 2021.
Commit upstream 0f1e75a902ef1751dd63a67fe223b5e8daf4c7f1
"Re-introduced the custom build defines" added PUGIXML_BUILD_DEFINES to
release v1.12, but BUILD_DEFINES is still completely ignored during the
build.
Version 1.12.1 is in use in buildroot since March 2022.
So switch the config options to use PUGIXML_BUILD_DEFINES instead of
BUILD_DEFINES.
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Theo Debrouwere <t.debrouwere@televic.com>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cc3a4a7b1d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The ifdef construct intended to avoid passing -DBUILD_DEFINES="" was
never needed, because even upstream version v1.9 used in 2019 when the
configuration options were added, can handle an empty string for
BUILD_DEFINES.
In fact an empty string is the default for v1.9 if it is not passed
during configure.
Also, the host variant already sets BUILD_DEFINES unconditionally.
So remove the unneeded conditional.
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Theo Debrouwere <t.debrouwere@televic.com>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 01cb02cfae)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Using current conditional code, added in 2014:
ifndef ($(BR2_ENABLE_LOCALE),y)
LIVE555_CFLAGS += -DLOCALE_NOT_USED
endif
the define LOCALE_NOT_USED is always passed on CFLAGS, because there is
no symbol with following names defined:
"(y,y)" -> not defined when BR2_ENABLE_LOCALE=y
"(,y)" -> not defined when BR2_ENABLE_LOCALE is not set
So fix the typo, switching ifndef to ifneq.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 04a4b86a98)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The conditional code using ifdef was added in 2018 and works as
expected.
But there is no reason to use ifdef instead of ifeq.
For consistence, switch to use ifeq like almost all packages already do.
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Erico Nunes <nunes.erico@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e6ae825319)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Following the example of test-pkg config described in commit
"12c7a05da1 utils/test-pkg: add gitlab-ci support" to test a defconfig
fragment that contains a disabled option is currently possible, but
it do requires one to change the git config core.commentChart so the
lines starting with "#" are not discarded by git when creating/editing
the commit message.
For instance, without the indentation the 3rd line below would be
excluded from the commit message when the editor is closed:
test-pkg config:
SOME_OPTION=y
# OTHER_OPTION is not set
SOME_VARIABLE="some value"
Requiring to change git configs is not very nice.
So make the developer's life easier by changing the sed expression to
remove indentation with spaces from a defconfig fragment found on a
commit message.
For instance these lines become valid and generate a defconfig fragment
without the indentation of one space to be tested in GitLab CI:
test-pkg config:
SOME_OPTION=y
# OTHER_OPTION is not set
SOME_VARIABLE="some value"
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0ad3ae14c5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit e6195c5304 (Makefile: fix use of many br2-external trees) fixed
a slowdown with many br2-external trees. In doing so, it changed the
type of the %_defconfig rule: the stem is no longer present in the
prerequisites, so it changes from a pattern rule to an implicit pattern
rule [0].
It is not unusual to name the build directory after the defconfig that
is being built, so we may end up with a build directory named
meh_defconfig. Before e6195c5304, the pattern rule would not match
[1], but now it does, which causes somewhat-cryptic build failures:
Makefile:1015: *** "Can't find /some/path/meh_defconfig". Stop.
The issue is that we have this set of rules and assignments (elided and
reordered for legibility):
all: world
world: target-post-image
target-post-image: staging-finalize
staging-finalize: $(STAGING_DIR_SYMLINK)
$(STAGING_DIR_SYMLINK): | $(BASE_DIR)
BASE_DIR := $(CANONICAL_O)
CANONICAL_O := $(shell mkdir -p $(O) >/dev/null 2>&1)$(realpath $(O))
So, there is a rule that (eventually) has a dependency on $(O), but we
have no rule that provides it explicitly, so the %_defconfig rule kicks
in, with the stem as "/some/path/meh". When the loop searches all the
".../configs/" directories for a file named ".../configs/%_defconfig",
it actually looks for a file named ".../configs//some/path/meh_defconfig"
and that indeed never matches anything.
The solution is to provide an actual rule for $(BASE_DIR), so that the
implicit rule does not kick in.
[0] Terminology and behaviour in make is hard, so the terms we used here
may be wrong or incorrectly used, and/or the explanations for the
behaviour be wrong or incomplete... Still, the reasoning stands, and
the root cause is the removal of the stem in the RHS of the rule
(adding one back does fix the issue).
[1] not sure how the prerequisite was solved before e6195c5304,
though...
Fixes: e6195c5304
Reported-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Nevo Hed <nhed+buildroot@starry.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Tested-by: Sebastian Weyer <sebastian.weyer@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5bd2cafc32)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- The netopeer server forks to background by default, no need for '-b'
- The path to the daemon is /usr/sbin, not /usr/bin
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Acked-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6ddc29708d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Package postgresql suffers from gcc bug 43744 other than 85180, so let's
work around disabling compiler optimization for this gcc bug too.
Fixes:
http://autobuild.buildroot.net/results/cf272cdc5be2faf4070de3d235ec7a0f7190867a
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3def0679e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This adjusts the code added in commit
c90bd74ebb ("boot/barebox: pass required
environment variables for reproducible build") to explicitly set the
timezone when calculating KBUILD_BUILD_TIMESTAMP, like is already done
in linux/linux.mk.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 11e75ecbf0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit c90bd74ebb ("boot/barebox: pass
required environment variables for reproducible build") caused the
build to generate a spurious error message due to the $(shell
... date -d @$(SOURCE_DATE_EPOCH)) command being executed even when
BR2_REPRODUCIBLE was disabled.
This is due to the fact that variable references must be done using $$
within macros. This commit fixes that for the two variables that we
are referencing in the code added in commit
c90bd74ebb.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 75c313816e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Warn the developer in the case the same config is declared more than
once in the same Config.in file.
But take into account the conditional code that lets the config be
visible and warn only when it is declared more than once in the same
conditions.
For instance, do not warn for:
if BR2_PACKAGE_BUSYBOX
config BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
endif
if !BR2_PACKAGE_BUSYBOX # kconfig doesn't support else
config BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
endif
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4bbda72743)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently using this minimal .config:
BR2_PACKAGE_MEDIAART_BACKEND_GDK_PIXBUF=y
triggers:
*** Legacy options removed in 2018.05 ***
[ ] libmediaart none backend option renamed (NEW)
[*] libmediaart gdk-pixbuf backend option renamed
[*] libmediaart qt backend option renamed
Commit "8553b39887 libmediaart: rename options to have proper prefix",
part of the 2018.05 release had a copy&paste error.
As stated in the beginning of the file:
The oldest symbols will be removed again after about two years.
But while we carry these legacy symbols, let's fix the typo.
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 316e149611)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
deamon -> daemon
At same time, in Config.in.legacy fix other typos in the same help text:
spae -> space
monolitic -> monolithic
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6a9feaabbc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
seperate is a common misspelling of separate
Fix all the typos in the tree that are not related to patch files.
CHANGES
seperate -> separate, in the list of changes
Config.in.legacy
seperate -> separate, in option name and help texts
package/leafnode2/leafnode2.mk
seperate -> separate, in a comment
system/Config.in
seperated -> separated, in a help text
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4092d2a354)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The yajl repository has both a branch and a tag names 2.1.0. Because of
this, when we use the usual github URL [1], github doesn't return a
tarball but rather an ASCII string:
the given path has multiple possibilities: #<Git::Ref:0x00007f193bebe4d8>, #<Git::Ref:0x00007f193bebd858>
This obviously (and fortunately) leads to a hash check failure.
To make sure we get the tag and not the branch, we should use a URL that
explicitly asks for refs/tags/2.1.0 [2]. We can't change VERSION to
include refs/tags, because that also affects the _SOURCE default, the
contents of the tarball, the CPE ID and the release-monitoring access.
Therefore, add the refs/tags/ prefix to the github helper call.
[1] https://github.com/lloyd/yajl/archive/2.1.0/yajl-2.1.0.tar.gz
[1] https://github.com/lloyd/yajl/archive/refs/tags/2.1.0/yajl-2.1.0.tar.gz
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 5be76a39d3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Barebox makes use of the same variables as the linux kernel does for
handling reproducible build -- KBUILD_BUILD_HOST,
KBUILD_BUILD_TIMESTAMP, KBUILD_BUILD_USER. This patch sets the proper
variables based on linux/linux.mk, and passes them to the make
invocation when building, to ensure a reproducible build is possible
when BR2_REPRODUCIBLE is enabled.
Signed-off-by: Casey Reeves <casey@xogium.me>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c90bd74ebb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Set MOREFLAGS instead of overriding CFLAGS to avoid the following build
failure raised since commit 94b66fb49c:
/home/autobuild/autobuild/instance-6/output-1/host/lib/gcc/x86_64-buildroot-linux-uclibc/11.3.0/../../../../x86_64-buildroot-linux-uclibc/bin/ld: /tmp/ccabb8cF.o: relocation R_X86_64_32S against `.rodata' can not be used when making a shared object; recompile with -fPIC
Fixes:
- http://autobuild.buildroot.org/results/953133575d8c13266f1450fa545e70e4a518508d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bfef88762d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
utf8proc is an optional dependency since version 2.3 and
6c94774b70
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 1f618aa388)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2023-23456: A heap-based buffer overflow issue was discovered in
UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to
cause a denial of service (abort) via a crafted file.
Fix CVE-2023-23457: A Segmentation fault was found in UPX in
PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a
crafted input file allows invalid memory address access that could lead
to a denial of service.
https://github.com/upx/upx/blob/v4.0.2/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 02befac8f9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop patch (already in version)
- cmake must be used since
c7d8b6fed1
- ucl and zlib are directly included in upx since
61e1366122https://github.com/upx/upx/blob/v4.0.1/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1567516d89)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable pcre to avoid the following build failure if pcre-config is
found on host raised since bump to version 2.9.7 in commit
42e34cf10f:
/home/thomas/autobuild/instance-0/output-1/per-package/modsecurity2/host/bin/../lib/gcc/mips64el-buildroot-linux-gnu/11.3.0/../../../../mips64el-buildroot-linux-gnu/bin/ld: cannot find -lpcre: No such file or directory
Fixes:
- http://autobuild.buildroot.org/results/f4864f8cc1d07e357f6e5f8302c19ae94e9cf3af
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 06af305874)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2023-24021: Incorrect handling of '\0' bytes in file uploads
in ModSecurity before 2.9.7 may allow for Web Application Firewall
bypasses and buffer overflows on the Web Application Firewall when
executing rules that read the FILES_TMP_CONTENT collection.
- host-pkgconf is mandatory and used to find libxml2 since
baa38ddbaf
- pcre2 is supported since:
8fc0b519b7https://github.com/SpiderLabs/ModSecurity/blob/v2.9.7/CHANGES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 42e34cf10f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A null pointer dereference issue was discovered in functions op_get_data
and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows
attackers to cause denial of service or other unspecified impacts.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ae65870e65)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas reported that m68k fails to build when enabling BR2_PACKAGE_GDB.
It fails when building gdb for the target with the following error:
elf2flt: ERROR: text=0x3c826 overlaps data=0x256e0 ?
It turns out that the gdb binary has another problematic input section
(.gcc_except_table), which causes elf2flt to try to append to the .text
output section, after it has already moved on with appending sections
to the .data output section.
elf2flt cannot append to a previous output section once it has moved on
to another output section.
Update the existing elf2flt patch to also add an exception for
.gcc_except_table.
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f6f15e85b3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: André Zwing <nerv@dawncrow.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6c8cda8c94)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes:
https://github.com/signalwire/freeswitch/releases/tag/v1.10.8
Removed two patches which are included in upstream release,
renumbered remaining patch.
Removed libs/apr-util/LICENSE due to upstream removal of bundled
apr-util package.
Added fix to disable pcap detection, otherwise /usr/bin/pcap-config
can be picked-up which breaks building freeswitch.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1b8230ab64)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with libressl raised since bump to
version 3.5.2 in commit 8b216927db:
crypto/hash/hmac_ossl.c: In function 'srtp_hmac_alloc':
crypto/hash/hmac_ossl.c:88:55: error: invalid application of 'sizeof' to incomplete type 'HMAC_CTX' {aka 'struct hmac_ctx_st'}
88 | pointer = (uint8_t *)srtp_crypto_alloc(sizeof(HMAC_CTX) +
| ^~~~~~~~
crypto/hash/hmac_ossl.c:97:9: warning: implicit declaration of function 'HMAC_CTX_init'; did you mean 'HMAC_CTX_new'? [-Wimplicit-function-declaration]
97 | HMAC_CTX_init(new_hmac_ctx);
| ^~~~~~~~~~~~~
| HMAC_CTX_new
crypto/hash/hmac_ossl.c: In function 'srtp_hmac_dealloc':
crypto/hash/hmac_ossl.c:130:5: warning: implicit declaration of function 'HMAC_CTX_cleanup' [-Wimplicit-function-declaration]
130 | HMAC_CTX_cleanup(hmac_ctx);
| ^~~~~~~~~~~~~~~~
crypto/hash/hmac_ossl.c:133:40: error: invalid application of 'sizeof' to incomplete type 'HMAC_CTX' {aka 'struct hmac_ctx_st'}
133 | octet_string_set_to_zero(a, sizeof(HMAC_CTX) + sizeof(srtp_auth_t));
| ^~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/e696ead9ffffa5bb80928d75607bfbb9b263d3c6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e4a762bf7f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Switch to github helper due to lack of upstream-provided tarball.
Needed for upcoming bump of freeswitch to version 1.10.9.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 8bb962724e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Needed for upcoming bump of freeswitch to version 1.10.9.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6e09e7987b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disables tests to avoid the following build failure with
BR2_SHARED_STATIC_LIBS:
[ 42%] Linking C executable teststring
../libks.so.1: undefined reference to `dlsym'
Fixes:
- http://autobuild.buildroot.org/results/e61a683928795402375165adf686687f3305e0c2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 267e39413e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The -e switch makes the script terminate on error from
start-stop-daemon, rendering unreachable the code that checks the exit
status.
There is no need in the -e switch in the first place either, as the
script takes care of errors handling.
Signed-off-by: Sergey Organov <sorganov@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 28ca1da234)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4.9.x / 6.0.x is now EOL.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit def789059a)
[Peter: drop 6.1.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Low. Stack overflow in ares_set_sortlist() which is used during c-ares
initialization and typically provided by an administrator and not an end
user.
https://c-ares.org/changelog.html#1_19_0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 121a9d3649)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerability:
CVE-2022-4743: A potential memory leak issue was discovered in SDL2 in
GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability
allows an attacker to cause a denial of service attack.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes build error not yet found by autobuilders
-- System type: Linux
CMake Error at cmake/scripts/linux/ArchSetup.cmake:42 (message):
Unknown CPU: riscv32
using this defconfig:
BR2_riscv=y
BR2_RISCV_32=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV=y
BR2_PACKAGE_KODI=y
BR2_PACKAGE_MESA3D=y
BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_SWRAST=y
BR2_PACKAGE_MESA3D_OPENGL_EGL=y
BR2_PACKAGE_MESA3D_OPENGL_ES=y
BR2_PACKAGE_PYTHON3=y
BR2_PACKAGE_PYTHON3_PY_ONLY=y
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 39886a434a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes build error not yet found by autobuilders
-- System type: Linux
CMake Error at cmake/scripts/linux/ArchSetup.cmake:42 (message):
Unknown CPU: or1k
with this defconfig:
BR2_or1k=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_OPENRISC_UCLIBC_STABLE=y
BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV=y
BR2_PACKAGE_KODI=y
BR2_PACKAGE_MESA3D=y
BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_SWRAST=y
BR2_PACKAGE_MESA3D_OPENGL_EGL=y
BR2_PACKAGE_MESA3D_OPENGL_ES=y
BR2_PACKAGE_PYTHON3=y
BR2_PACKAGE_PYTHON3_PY_ONLY=y
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 86fac589fb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable neon support when not available.
Fixes build error not yet found by autobuilders
/tmp/cc8LvPwi.s: Assembler messages:
/tmp/cc8LvPwi.s:28: Error: selected processor does not support `vldmia r1,{ q4-q7 }' in ARM mode
/tmp/cc8LvPwi.s:29: Error: selected processor does not support `vldmia r0,{ q8-q11 }' in ARM mode
/tmp/cc8LvPwi.s:30: Error: selected processor does not support `vmul.f32 q0,q8,d8[0]' in ARM mode
/tmp/cc8LvPwi.s:31: Error: selected processor does not support `vmul.f32 q1,q8,d10[0]' in ARM mode
/tmp/cc8LvPwi.s:32: Error: selected processor does not support `vmul.f32 q2,q8,d12[0]' in ARM mode
/tmp/cc8LvPwi.s:33: Error: selected processor does not support `vmul.f32 q3,q8,d14[0]' in ARM mode
/tmp/cc8LvPwi.s:34: Error: selected processor does not support `vmla.f32 q0,q9,d8[1]' in ARM mode
/tmp/cc8LvPwi.s:35: Error: selected processor does not support `vmla.f32 q1,q9,d10[1]' in ARM mode
/tmp/cc8LvPwi.s:36: Error: selected processor does not support `vmla.f32 q2,q9,d12[1]' in ARM mode
/tmp/cc8LvPwi.s:37: Error: selected processor does not support `vmla.f32 q3,q9,d14[1]' in ARM mode
/tmp/cc8LvPwi.s:38: Error: selected processor does not support `vmla.f32 q0,q10,d9[0]' in ARM mode
/tmp/cc8LvPwi.s:39: Error: selected processor does not support `vmla.f32 q1,q10,d11[0]' in ARM mode
/tmp/cc8LvPwi.s:40: Error: selected processor does not support `vmla.f32 q2,q10,d13[0]' in ARM mode
/tmp/cc8LvPwi.s:41: Error: selected processor does not support `vmla.f32 q3,q10,d15[0]' in ARM mode
/tmp/cc8LvPwi.s:42: Error: selected processor does not support `vmla.f32 q0,q11,d9[1]' in ARM mode
/tmp/cc8LvPwi.s:43: Error: selected processor does not support `vmla.f32 q1,q11,d11[1]' in ARM mode
/tmp/cc8LvPwi.s:44: Error: selected processor does not support `vmla.f32 q2,q11,d13[1]' in ARM mode
/tmp/cc8LvPwi.s:45: Error: selected processor does not support `vmla.f32 q3,q11,d15[1]' in ARM mode
/tmp/cc8LvPwi.s:46: Error: selected processor does not support `vstmia r0,{ q0-q3 }' in ARM mode
with this defconfig:
BR2_arm=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN_ARMV5_EABI_UCLIBC_STABLE=y
BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV=y
BR2_PACKAGE_KODI=y
BR2_PACKAGE_MESA3D=y
BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_SWRAST=y
BR2_PACKAGE_MESA3D_OPENGL_EGL=y
BR2_PACKAGE_MESA3D_OPENGL_ES=y
BR2_PACKAGE_PYTHON3=y
BR2_PACKAGE_PYTHON3_PY_ONLY=y
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2952832a40)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may
allow local users to infer whether any file exists, even within a
protected directory tree, because "Failed to open" often indicates that
a file does not exist, whereas "does not refer to a network namespace
path" often indicates that a file exists. NOTE: this is different from
CVE-2018-6556 because the CVE-2018-6556 fix design was based on the
premise that "we will report back to the user that the open() failed but
the user has no way of knowing why it failed"; however, in many
realistic cases, there are no plausible reasons for failing except that
the file does not exist.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2022-40899: An issue discovered in Python Charmers Future 0.18.2
and earlier allows remote attackers to cause a denial of service via
crafted Set-Cookie header from malicious web server.
https://github.com/PythonCharmers/python-future/releases/tag/v0.18.3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 51eb81ddcf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2023-22742: when compiled with BR2_PACKAGE_LIBSSH2,
libgit2 fails to verify SSH keys by default.
https://github.com/libgit2/libgit2/blob/v1.5.1/docs/changelog.md
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cc47da516c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It includes an option to build a command line program that can be used
to replace git in simple cases.
The upcoming sha256 repository support made them steal the sha256 code
from RFC6234, hence the license change.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7c8e34f4d2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libgit2 is currently a library without any reverse dependencies so the
missing atomic symbols do not cause build failures yet.
libgit2 uses the atomics intrinsics on gcc >= 4.7 and the sync
intrinsics on previous gcc versions. Since gcc 4.9 is the new
minimum, ignore the sync intrinsics requirements.
The next version of libgit2 will also build a binary, which will
expose the problem.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e992a3e771)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
git added restrictions on config files to fix CVE 2022-24765. libgit2
adopted these changes for compatibility reasons, even if the vuln is
not exploitable in libgit2.
https://github.com/libgit2/libgit2/releases/tag/v1.4.3
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 01ee7f84fb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Licence changes mostly concern vendored dependencies (that buildroot does
not use) and a new bundled PRNG used to reimplement mkstemp() - added
CC0 license for that.
Some buildsystem options also changed:
- THREADSAFE is now USE_THREADS
- BUILD_CLAR is now BUILD_TESTS, which the cmake infra already give.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit ba8c268e00)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
