host-python-pillow dependency was needed to build the STMicroelecronics
version during its rc versions but is is not needed anymore in the release.
It is then useless to keep this dependency.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
gcc 11.3.0 contains a backported patch [1] that introduce
a regression for old powerpc cpus like the powerpc 7400 (G4).
The glibc crash the init process due to a wrong asm machine
directive (.machine).
Run /sbin/init as init process
init[1]: segfault (11) at 7369693e nip 6f6e08 lr 6f6a68 code 1 in libc.so.6[690000+18f000]
init[1]: code: 280a000c 41c1ffe0 811edb80 554a103a 7d48502e 7d4a4214 7d4903a6 4e800420
init[1]: code: 2c08007a 4bffffbc 89290000 5529103a <7d2a482e> 2c090000 41c2ff78 7fe4fb78
Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
Backport two patches from the gcc-11 stable branch (the upcoming gcc
11.4.0).
[1] https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=3cb53c10831be59d967d9dce8e7980fee4703500
Fixes:
https://gitlab.com/kubu93/buildroot/-/jobs/2976071284
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Joel Stanley <joel@jms.id.au>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following security vulnerabilities:
- [Low] Fault injection attack on RAM via Rowhammer leads to ECDSA key
disclosure. Users doing operations with private ECC keys such as
server side TLS connections and creating ECC signatures, who also
have hardware that could be targeted with a sophisticated Rowhammer
attack should update the version of wolfSSL and compile using the
macro WOLFSSL_CHECK_SIG_FAULTS.
- [Low] In wolfSSL version 5.3.0 if compiled with
--enable-session-ticket and the client has non-empty session cache,
with TLS 1.2 there is the possibility oàf a man in the middle passing
a large session ticket to the client and causing a crash due to an
invalid free. There is also the potential for a malicious TLS 1.3
server to crash a client in a similar manner except in TLS 1.3 it is
not susceptible to a man in the middle attack. Users on the client
side with –enable-session-ticket compiled in and using wolfSSL
version 5.3.0 should update their version of wolfSSL.
- [Low] If using wolfSSL_clear to reset a WOLFSSL object (vs the normal
wolfSSL_free/wolfSSL_new) it can result in runtime issues. This
exists with builds using the wolfSSL compatibility layer
(--enable-opnesslextra) and only when the application is making use
of wolfSSL_clear instead of SSL_free/SSL_new. In the case of a TLS
1.3 resumption, after continuing to use the WOLFSSH object after
having called wolfSSL_clear, an application could crash. It is
suggested that users calling wolfSSL_clear update the version of
wolfSSL used.
- Potential DoS attack on DTLS 1.2. In the case of receiving a
malicious plaintext handshake message at epoch 0 the connection will
enter an error state reporting a duplicate message. This affects both
server and client side. Users that have DTLS enabled and in use
should update their version of wolfSSL to mitigate the potential for
a DoS attack.
https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following build failure with gcc 4.8 raised since commit
8b42bbf30a:
/home/buildroot/autobuild/run/instance-1/output-1/build/sconeserver-8d1935919a2013358993a8e9dfa992cbde56e503/http/AuthRealmDB.cpp: In member function 'virtual std::string http::AuthRealmDB::lookup_hash(const string&)':
/home/buildroot/autobuild/run/instance-1/output-1/build/sconeserver-8d1935919a2013358993a8e9dfa992cbde56e503/http/AuthRealmDB.cpp:93:3: error: 'unique_ptr' is not a member of 'std'
std::unique_ptr<scx::DbQuery> query(m_db->object()->new_query(
^
Fixes:
- http://autobuild.buildroot.org/results/198c23f1de5cc90efe2d3b4ce053939457e003f7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Linux kernel commit 00facc760903 ("perf jevents: Switch build to use
jevents.py") switched to auto-generation of arch-specific PMU events
using python script. Now custom PMU events for different platforms of
the selected target architecture are not embedded into perf binary if
an appropriate host python interpreter is not present. In practice it
means that perf is successfully built, but 'perf list pmu' will show
no custom events on a target platform even if those events are supported
and properly defined in tools/perf/pmu-events/arch/<target arch>
directory in the kernel source tree.
Since building host-python3 is not instantaneous, add a config option,
like we have in the kernel for a bunch of host packages, to id=ndicate
that host-python3 is required, and only add the dependency in that case.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[yann.morin.1998@free.fr:
- add BR2_PACKAGE_LINUX_TOOLS_PERF_NEEDS_HOST_PYTHON3
- extend commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
From the README:
dhcpcd-9 defaults the run directory to `/var/run/dhcpcd` instead of
`/var/run` and the prefix of dhcpcd has been removed from the files.
Make it so.
Signed-off-by: Konstantin Menyaev <KAMenyaev@sberdevices.ru>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The hash of README.md has changed because the link to the zstd license
has been added:
- ``
+ `- zstd (Dual BSD\GPLv2 Licenses) is from https://github.com/facebook/zstd`
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- gh-92888: Fix memoryview use after free when accessing the backing buffer
in certain cases.
- gh-87389: http.server: Fix an open redirection vulnerability in the HTTP
server when an URI path starts with //.
Release notes:
https://docs.python.org/release/3.10.6/whatsnew/changelog.html#python-3-10-6-final
Signed-off-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
[Peter: Mark as security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6c872197f4)
[Peter: drop Makefile/Vagrantfile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This tests valdates that we can publish a message and read it back.
Signed-off-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
Tested-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[yann.morin.1998@free.fr:
- don't manually start mosquitto, there's a startup script for that
- don't pass custom timeout
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following error on calling mqtt.publish():
File "/usr/lib/python3.10/site-packages/paho/mqtt/publish.py", line 222, in single
multiple([msg], hostname, port, client_id, keepalive, will, auth, tls,
File "/usr/lib/python3.10/site-packages/paho/mqtt/publish.py", line 126, in multiple
if not isinstance(msgs, collections.Iterable):
AttributeError: module 'collections' has no attribute 'Iterable'
Backported from https://github.com/eclipse/paho.mqtt.python/pull/497/
This was deprecated in python 3.9 and stopped working in python 3.10
Signed-off-by: Marcus Hoffmann <marcus.hoffmann@othermo.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bf0d8c9659)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is currently no version of gdbserver for or1k. Until this
is implemented we will prevent both the direct and indirect
selection of gdbserver for or1k builds. In practice this means
that 'cross gdb for the host' cannot be selected and that
'full debugger' must be automatically selected for the gdb target
package.
This partially reverts commit 991b7b990a
which claimed that gdbserver for or1k was already supported before
version 8.3. That is not true - the commit that adds gdbserver support
for or1k [1] was only merged for version 12.1, which hasn't been
integrated in Buildroot yet.
Without that support, the build of gdbserver fails with
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-musl/11.2.0/../../../../or1k-buildroot-linux-musl/bin/ld: server.o: in function `main':
server.cc:(.text.startup+0x6dc): undefined reference to `initialize_low()'
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-musl/11.2.0/../../../../or1k-buildroot-linux-musl/bin/ld: remote-utils.o: in function `prepare_resume_reply(char*, ptid_t, target_waitstatus*)':
remote-utils.cc:(.text+0x28a8): undefined reference to `using_threads'
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-musl/11.2.0/../../../../or1k-buildroot-linux-musl/bin/ld: remote-utils.cc:(.text+0x28b0): undefined reference to `using_threads'
Fixes: http://autobuild.buildroot.net/results/b3c/b3c0df53d09d9facaf0c3c2bc4529f9fcf7737ee
[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=4933265c3f71b9134363d0c05f09542d5cc677f4
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Stafford Horne <shorne@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Commit [1] enabled glibc on or1k since it's now supported but it
requires a toolchain with linux-headers >= 5.4.
From [2]:
"Here we define the minumum linux kernel version at 5.4.0, as that is the
long term support version where 32-bit architectures start to support
64-bit time API's. The OpenRISC kernel had some bugs up until version 5.8
which caused issues with glibc fork/clone, they have been backported to
5.4 but not previous versions."
Fixes:
checking installed Linux kernel header files... 3.2.0 or later
checking for kernel header at least 5.4.0... too old!
configure: error: *** The available kernel headers are older than the requested
https://gitlab.com/buildroot.org/toolchains-builder/-/jobs/2875256686
[1] 68d0aede59
[2] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=0c3c62ca7d9ff3bdacdd13e636bc858101e3e288
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
openssl is an optional dependency since version 1.5.13 and
ee1cfe3bf9
which must be handled through pkg-config to avoid static build failure
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
While building host-rust with a musl based toolchain without C++ compiler,
the build fail since libunwind bundled in rust sources needs a C++ compiler.
cargo:warning=i686-buildroot-linux-musl-gcc.br_real: error: [...]/host-rust-1.62.0/src/llvm-project/libunwind/src/Unwind-EHABI.cpp: C++ compiler not installed on this system
Note: the issues can't be reproduced with a glibc based toolchain
without C++ probaly due to extra steps required to support musl libc.
We could add the C++ dependency direclty to host-rustc but it would
requires adding the C++ reverse dependencies to all rust packages.
Instread, we add the C++ dependency to BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS
only when a musl toolchain is used. So we can still install a prebuilt
rust compiler but without the rust standard library (rust-std).
Usually we should not add toolchain dependencies in a _ARCH_SUPPORTS option but
BR2_PACKAGE_HOST_RUSTC_TARGET_TIER... options contains already some
BR2_TOOLCHAIN_USES_GLIBC or BR2_TOOLCHAIN_USES_MUSL.
Fixes:
http://autobuild.buildroot.org/results/636/636fb39c8f1b8c05e4ca451ac506cd63c7166d82
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Reviewed-by: Nicolas Tran <nicolas.tran@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
fixes:
- Fixed comparison of maps in Python.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
To report usable tracebacks, pyc files embed the path of the original py
files, so that users can more easily try and debug the reported issue.
We generate the pyc files by calling the python3-supplied compileall
script, to scan the directory where python modules are installed. Since
this is done on the build machine, we tell compileall.py to strip away
the TARGET_DIR prefix, as that has no meaning at runtime.
However, compileall.py forgets [0] to keep a leading / in the front of
the paths, thus generating non-rooted paths., e.g.:
/path/buildroot.ouput/targt/usr/lib/python3.10/argparse.py
gets embedded as:
usr/lib/python3.10/argparse.py
This is a bit confusing but, as far as we could see, should be mostly be
used for display purposes in tracebacks, and does not seem to impact
actual functionality.
We fix that by instructing compileall.py that the embedded paths should
be rooted to / which generates proper paths in tracebacks.
And alternate solution would be to swith gears, and tell compileall.py
exactly the resulting runtime "base" directory, which replaces the
stripping and prefixing; i.e. it's either:
-s $(TARGET_DIR) -p /
or
-d /usr/lib/python$(PYTHON3_MAJOR_VERSION)
We choose to keep the first solution, because that is semantically what
we really want to do: to strip the leading build-time path, rather than
to force anything.
Note: the python test-suite was executed with both solutions (in a
pyc-only setup), and the results were exactly the same; so in practice,
-d or -s+-p yield the same results.
Many thanks go to Vincent for reporting the issue and suggesting the
solutions.
[0] Not sure whether this is a bug or a feature...
Reported-by: Vincent Fazio <vfazio@xes-inc.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This reverts commit 0be1c3e921.
The actual issue is more complex. The problem purportedly fixed was not
caused by a missing libupsclient (it was present), but by a missing type
definition for time_t (on a musl toolchain).
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Disable libupsclient to avoid the following build failure if
libupsclient is installed on host:
src/nut.c:40:2: error: #error "Unable to determine the UPS connection type."
40 | #error "Unable to determine the UPS connection type."
| ^~~~~
src/nut.c:46:3: error: unknown type name 'collectd_upsconn_t'
46 | collectd_upsconn_t *conn;
| ^~~~~~~~~~~~~~~~~~
libupsclient is an optional dependency of nut plugin since version
5.10.0 and
bc2d94024d
Fixes:
- http://autobuild.buildroot.org/results/22b758097e8fb72c68e41329cbc7abc748d81ca6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This is a bug-fix release, fixing a $edit_headers bug on MacOS, along
with a few other small bugs. It also tightens the $query_command parser
to accept a single tab between fields, and changes $pager to accept a %s
expando.
https://gitlab.com/muttmua/mutt/-/blob/mutt-2-2-7-rel/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The script "utils/check-package" checks that patch email prefix are
not be numbered. See:
https://git.buildroot.org/buildroot/tree/utils/checkpackagelib/lib_patch.py?h=2022.08-rc1#n42
The error message recommends to generate patches to be included in
Buildroot with the command 'git format-patch -N'.
The patch policy section in the Buildroot manual does mention that.
This commit adds a note about that requirement.
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Disable -Werror to avoid the following build failure:
In file included from hash.c:7:
xxhash.h:2667:5: error: #warning is a GCC extension [-Werror]
2667 | # warning "XXH3 is highly inefficient without ARM or Thumb-2."
| ^~~~~~~
xxhash.h:2667:5: error: #warning "XXH3 is highly inefficient without ARM or Thumb-2." [-Werror=cpp]
Fixes:
- http://autobuild.buildroot.org/results/3124bae73c207f1a118e57e41e222ef464ccb297
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add license hashes to the hash file and add the information into the
makefile.
Signed-off-by: Jesse Van Gavere <jesseevg@gmail.com>
[Arnout: use correct file names and hashes]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Fix the following build failure:
In file included from libavcodec/ppc/audiodsp.c:31:
libavcodec/ppc/audiodsp.c: In function 'scalarproduct_int16_altivec':
./libavutil/ppc/util_altivec.h:123:5: error: implicit declaration of function 'vec_vsx_ld'; did you mean 'vec_vslh'? [-Werror=implicit-function-declaration]
123 | vec_vsx_ld(offset, b)
| ^~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/b772d285f978ff9bc3b07872d009633c943f20b1
VSX is indeed an extension to AltiVec, so havinf VSX implies having
AltiVec [0], so we can condition he altivec support on LE ,on VSX being
available.
To be noted, however, is that ffmpeg has a configre switch dedicated to
VSX: --enable-vsx. We do not use it add support for that here, as we are
just fixing the AltiVec support. Adding VSX configure flag is left as an
excercise for a future feature addition.
[0] https://en.wikipedia.org/wiki/AltiVec#VSX_(Vector_Scalar_Extension)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- add comment in .mk
- exend commit log to explain VSX implies AltiVec
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
tools needs C++ since the addition of the package in commit
27ad470d7d resulting in the following
build failure:
no -DHAVE_CONFIG_H -I. -I.. -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -I../include -I../master -Wall -DREV=`if test -s ../revision; then cat ../revision; else hg id -i .. 2>/dev/null || echo "unknown"; fi` -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Ofast -g0 -c -o ethercat-Command.o `test -f 'Command.cpp' || echo './'`Command.cpp
/bin/bash: line 1: no: command not found
Fixes:
- http://autobuild.buildroot.org/results/89d096006839f32a3d03786e69e51ec3c5ea70f6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: move it before package's options]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2022-2652: Depending on the way the format strings in the card
label are crafted it's possible to leak kernel stack memory. There is
also the possibility for DoS due to the v4l2loopback kernel module
crashing when providing the card label on request (reproduce e.g. with
many %s modifiers in a row).
https://github.com/umlaeute/v4l2loopback/blob/v0.12.7/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2021-46784: In Squid 3.x through 3.5.28, 4.x through 4.17, and
5.x before 5.6, due to improper buffer management, a Denial of Service
can occur when processing long Gopher server responses.
https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2021-46828: In libtirpc before 1.3.3rc1, remote attackers could
exhaust the file descriptors of a process that uses libtirpc because
idle TCP connections are mishandled. This can, in turn, lead to an
svc_run infinite loop without accepting new connections.
https://sourceforge.net/projects/libtirpc/files/libtirpc/1.3.3/Release-1.3.3.txt/download
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
