Hostapd/wpa_s uses 'crc32' name for IEEE802.11 CRC-32 routine. This name
is too generic. Buildroot autobuilder detected configurations that failed
to build due to the naming conflict with zlib-ng.
Add wpa_supplicant part of the upstream patch that renames 'crc32'
function to a less generic 'ieee80211_crc32' name.
Fixes: http://autobuild.buildroot.net/results/ac19975f0bf77f4a8ca574c374092ba81cd5a332/
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 27e66d77c1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Hostapd uses 'crc32' name for IEEE802.11 CRC-32 routine. This name is
too generic. Buildroot autobuilder detected configurations that failed
to build due to the naming conflict with zlib-ng.
Add hostapd part of the upstream patch that renames 'crc32' function
to a less generic 'ieee80211_crc32' name.
Fixes: http://autobuild.buildroot.net/results/9901df820d3afa4cde78e8ad6d62cb8ce7e69fdb/
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7d920f9d40)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fixed a security problem in msmtpd: mail addresses starting with '-' could be
interpreted as options of the pipe command.
https://github.com/marlam/msmtp-mirror/blob/msmtp-1.8.22/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9a294be424)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
host-pkgconf is not a dependency since bump to version 1.0.3 in commit
fbad745139 and
843124cd9a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 11ff62234a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a patch for CVE-2022-31676 (local privilege escalation
vulnerability).
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b123e8887d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since 6f5f6bc dbus is selected when iwd is selected.
It is only a runtime dependency, so drop the build
dependency.
Signed-off-by: Daniel Lang <d.lang@abatec.at>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5b3b2d80f4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The musl Makefile installs the dynamic loader as a symlink to libc.so
with the following rule:
$(DESTDIR)$(LDSO_PATHNAME): $(DESTDIR)$(libdir)/libc.so
$(INSTALL) -D -l $(libdir)/libc.so $@ || true
While it works, the drawback is that ld-musl-<arch>.so ends up being a
symlink to /lib/libc.so. While it works on the target, it means we
have a broken symlink in $(STAGING_DIR) and $(TARGET_DIR) as
/lib/libc.so doesn't make sense on the build machine. This generally
doesn't cause any problem *except* when we tell Qemu to use
$(STAGING_DIR) as the library directory when running target programs
through the Qemu user emulation mode. This is for example node inside
the NodeJS build. Due to this broken symlink, Qemu can't find libc.so
that is pointed to be the dynamic loader symlink causing this build
error:
qemu-arm: Could not open '/lib/ld-musl-armhf.so.1': No such file or directory
Since this is not really a bug in the musl build system, we address
this issue by overriding the symlink to be a relative path. The
dynamic loader is always installed in /lib, and libc.so is also always
installed in /lib because we pass libdir=/lib when configuring
musl. So we can simply have a ld-musl* -> libc.so symbolic link. We
use ld-musl* as a wildcard so that we don't need to have extra logic
to determine the exact name of the dynamic loader symlink, and simply
override the one that exists.
Fixes:
http://autobuild.buildroot.net/results/9ff23f2e3c97e9af410617de3e7376f9d45a7d63/https://bugs.busybox.net/show_bug.cgi?id=15061
Note that, for external toolchain, we already have a generic fixup that
makes symlinks relative [0]. So in the external toolchain, even if the
symlink is broken, it gets fixed when we import the toolchain into
STAGING_DIR.
[0] https://lore.kernel.org/buildroot/20221026205312.3f729eb8@windsurf/
Cc: hello.skyclo@gmail.com
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr:
- add summary of Thomas' explanations for external toolchains
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7935e427bc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Force cmake packages to use the "Unix Makefiles" generator
in case CMAKE_GENERATOR is set in the host environment. This
patch further isolates the buildroot build environment from
the host.
Signed-off-by: Woodrow Douglass <wdouglass@carnegierobotics.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit a5d8582e37)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use official license files available since version 2.0.13 and
b4d36f6a34
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 702a60a296)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since glibc 2.33 (upstream commit
7a55dd3fb6d2c307a002a16776be84310b9c8989), headers >= 5.4.0 are needed
to build glibc for RISC-V 32-bit. Indeed
sysdeps/unix/sysv/linux/riscv/configure.ac contains:
if test $libc_cv_riscv_int_abi = ilp32; then
arch_minimum_kernel=5.4.0
fi
In order to take into account this dependency, we add the appropriate
logic in package/glibc/Config.in and
toolchain/toolchain-buildroot/Config.in.
This change means that if headers < 5.4.0 are selected, then no C
library at all will be available for RISC-V 32-bit, as glibc is the
only C library supporting RISC-V 32-bit currently. However, thanks to
the recent addition of BR2_TOOLCHAIN_BUILDROOT_NONE, the
choice...endchoice for the C library selection will not be empty,
allowing the user to see the Config.in comment explaining why glibc
can't be selected.
Therefore, technically this commit does prevent from creating a
configuration with RISC-V 32-bit and headers < 5.4.0, but it will have
BR2_TOOLCHAIN_BUILDROOT_NONE=y, which is catched by
package/Makefile.in, which aborts the build early on pointing out that
the configuration is invalid.
Fixes:
http://autobuild.buildroot.net/results/5ca49b2732f68eccb5276e7112f7f496dcc514ee/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2b3f0153bb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In the internal toolchain backend, we have a choice..endchoice block
to allow the user to select the C library, between glibc, uClibc and
musl.
However, there are situations were no C library at all is
supported. In this case, the choice does not appear, and does not
allow to see the Config.in comments that are within the
choice..endchoice block and that may explain why no C library is
available.
For example, on RISC-V 32-bit, the only C library supported is glibc,
and the minimum kernel header version required by glibc on this
architecture is 5.4.0. In a future commit, we are going to add this
dependency on glibc (to fix build issues on configurations that have
headers < 5.4.0). But since glibc is the only supported C library on
RISC-V 32-bit, it means that the choice..endchoice for the C library
contains no entry, preventing from seeing the Config.in comment.
To address this issue, this commit adds a "dummy"
BR2_TOOLCHAIN_BUILDROOT_NONE option that shows up in the
choice..endchoice only when no C library is available. Thanks to this,
the choice..endchoice is never empty, and the Config.in comments can
be seen.
If the user keeps BR2_TOOLCHAIN_BUILDROOT_NONE selected, then the
build will anyway abort early because package/Makefile.in has a check
to verify that a C library is selected, and aborts the build if not.
Some could say that the problem should be resolved by instead
preventing the selection of headers < 5.4.0 on RISC-V 32-bit, but that
is difficult to do as the user can choose a custom header version, or
simply specific that (s)he wants to use the headers of the kernel
being built. In those situations, it's difficult to prevent selecting
headers < 5.4.0.
Prevent random configurations from triggering a build failure in our
autobuilders, by excluding that symbol from accepted configuration.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: update genrandconfig]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e1550ef755)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The build of NodeJS fails on mipsel due to an issue in the V8 code:
../../deps/v8/src/compiler/backend/mips/code-generator-mips.cc:4106:48: error: call of overloaded 'Operand(int64_t)' is ambiguous
4106 | Operand(static_cast<int64_t>(0)));
There is apparently a lack of maintenance of the MIPS port of V8, as
is discussed in the Github issue at
https://github.com/nodejs/node/issues/26179.
Until this get improved/fixed, our best option is to drop support for
MIPS in our NodeJS package.
Fixes:
http://autobuild.buildroot.net/results/0e6ee80c77bcb77afe18410e8d9da93b738cb0a4/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 69d311687a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since bump of lz4 to version
1.9.4 in commit 1f54af8c4f:
compress.c: In function 'lz4_compress_init':
compress.c:36:42: error: 'LZ4_STREAMSIZE_U64' undeclared (first use in this function); did you mean 'LZ4_STREAMSIZE'?
36 | #define LZ4_STREAMSIZE (LZ4_STREAMSIZE_U64 * sizeof(long long))
| ^~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/ca8b6646322a4cb911fad5fb9cb38046743609bf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c999e540dd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Security and bug fix release with several feature additions.
https://zsh.sourceforge.io/releases.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 21531fa31a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In the case that the WOLFSSL_CALLBACKS macro is set when building
wolfSSL, there is a potential heap over read of 5 bytes when handling
TLS 1.3 client connections. This heap over read is limited to wolfSSL
builds explicitly setting the macro WOLFSSL_CALLBACKS, the feature does
not get turned on by any other build options. The macro
WOLFSSL_CALLBACKS is intended for debug use only, but if having it
enabled in production, users are recommended to disable
WOLFSSL_CALLBACKS. Users enabling WOLFSSL_CALLBACKS are recommended to
update their version of wolfSSL. CVE 2022-42905
https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 18b5d6205d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following static build failure raised since bump to version
1.9.4 in commit 1f54af8c4f:
compiling dynamic library 1.9.4
/home/giuliobenetti/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/m68k-buildroot-uclinux-uclibc/bin/ld.real: /home/giuliobenetti/autobuild/run/instance-0/output-1/host/m68k-buildroot-uclinux-uclibc/sysroot/usr/lib/crt1.o: in function `_start':
(.text+0x1c): undefined reference to `main'
Fixes:
- http://autobuild.buildroot.org/results/9187852fb7a869bf5595275d47929632659a4407
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 85c20ffa95)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
LZ4 v1.9.4 is a maintenance release, featuring a substantial amount
(~350 commits) of minor fixes and improvements, making it a recommended
upgrade. The stable portion of liblz4 API is unmodified, making this
release a drop-in replacement for existing features.
- Drop patch (already in version)
- Update hash of lib/LICENSE (update in year with
87a80acbe7)
https://github.com/lz4/lz4/releases/tag/v1.9.4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1f54af8c4f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Version 7.85.0 fixes CVE-2022-35252: When curl retrieves and parses
cookies from an HTTP(S) server, it accepts cookies using control codes
(byte values below 32). When cookies that contain such control codes are
later sent back to an HTTP(S) server, it might make the server return a
400 response. Effectively allowing a "sister site" to deny service to
siblings.
Drop upstream patches and autoreconf.
Cc: Matt Weber <matthew.weber@collins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 400b63432e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0
and older releases. This issue may allow an attacker to cause a denial
of service or have other unspecified impact via control over malloc.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 810c0eecf1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Set ac_cv_prog_A2X to disable build of documentation and avoid the
following build failure without a working a2x raised since at least bump
to version 1.1.1 in commit ad21d84a58:
a2x -v -f manpage doc/man/usbguard.1.adoc -D ./$(dirname doc/man/usbguard.1.roff)
a2x -v -f manpage doc/man/usbguard-dbus.8.adoc -D ./$(dirname doc/man/usbguard-dbus.8.roff)
/nvmedata/autobuild/instance-5/output-1/host/bin/python3: Error while finding module specification for 'asciidoc.a2x' (ModuleNotFoundError: No module named 'asciidoc')
Fixes:
- http://autobuild.buildroot.org/results/e41950f3cd4bd83d9b067af498757cb9d2f207ef
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cff78c34fb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop patch (already in version) and so autoreconf
https://gitlab.com/gnutls/libtasn1/-/blob/v4.19.0/NEWS
Fixes the following security issue:
- CVE-2021-46848: GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one
array size check that affects asn1_encode_simple_der.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 308678e528)
[Peter: mark as security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The libbpf build system currently uses the output of "uname -m" to
determine if the library should be installed in "lib" or
"lib64". However, uname -m returns the architecture of the build
machine, which often has nothing to do with the target CPU
architecture.
A patch has been submitted and accepted upstream to address this
issue, by using the $(CC) -dumpmachine output instead. This ensures
libbpf is installed in either "lib" or "lib64" depending on the
bitness of the target CPU architecture.
Signed-off-by: Tobias Waldekranz <tobias@waldekranz.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c86b69a16d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since Buildroot commit 3145adfb69 ("package/libbpf: needs headers >=
4.13"), libbpf depends on Linux headers >= 4.13. This requirement
renders the explicit list of supported architectures, previously added
in f693354c30 overly restrictive, as the syscall number for bpf(2)
has been defined since Linux 3.18.
Commit f693354c30 ("package/libbpf: add
BR2_PACKAGE_LIBBPF_ARCH_SUPPORTS") was introduced to fix a build issue
where a toolchain using very old kernel headers (3.13) failed to build
libbpf for ARM, but these architecture dependencies are no longer
needed due to the bump on the kernel headers version requirement.
Signed-off-by: Tobias Waldekranz <tobias@waldekranz.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 51ecbe500f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
s390x doesn't support CONFIG_WIRELESS in Linux so let's disable this
package for this architecture.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Kris Bahnsen <kris@embeddedTS.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9c2dec7a2b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
s390x doesn't support CONFIG_WIRELESS in Linux so let's disable this
package for this architecture.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1e18cc291b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
s390x doesn't support CONFIG_WIRELESS in Linux so let's disable this
package for this architecture.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 895692594f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
s390x doesn't support CONFIG_WIRELESS in Linux so let's disable this
package for this architecture.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5835a64d36)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
s390x doesn't support CONFIG_WIRELESS in Linux so let's disable this
package for this architecture.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bff3a80402)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
s390x doesn't support CONFIG_WIRELESS in Linux so let's disable this
package for this architecture.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 33400378d0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
s390x doesn't support CONFIG_WIRELESS in Linux so let's disable this
package for this architecture.
Fixes:
http://autobuild.buildroot.net/results/693053491ba61edcff0f75a4f30c13958e7e12ce/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 682224d6f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Expat 2.5.0 has been released earlier today. Most importantly, this
release fixes CVE-2022-43680: a heap use-after-free vulnerability after
overeager destruction of a shared DTD in function
XML_ExternalEntityParserCreate in out-of-memory situations, with
expected impact of denial of service or potentially arbitrary code
execution.
https://blog.hartwork.org/posts/expat-2-5-0-releasedhttps://github.com/libexpat/libexpat/blob/R_2_5_0/expat/Changes
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 26ec7c4d02)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
go1.18.7 (released 2022-10-04) includes security fixes to the archive/tar,
net/http/httputil, and regexp packages, as well as bug fixes to the
compiler, the linker, and the go/types package.
go1.18.8 (released 2022-11-01) includes security fixes to the os/exec and
syscall packages, as well as bug fixes to the runtime.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2022-38784: Poppler prior to and including 22.08.0 contains an
integer overflow in the JBIG2 decoder
(JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a
specially crafted PDF file or JBIG2 image could lead to a crash or the
execution of arbitrary code. This is similar to the vulnerability
described by CVE-2022-38171 in Xpdf.
- Drop patch (already in version)
https://gitlab.freedesktop.org/poppler/poppler/-/blob/poppler-22.10.0/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bd35c0f363)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
