Fixes various networking issues:
- Fix a regression in docker 20.10, causing IPv6 addresses no longer to be
bound by default when mapping ports moby/moby#42205
- Fix implicit IPv6 port-mappings not included in API response. Before
docker 20.10, published ports were accessible through both IPv4 and IPv6
by default, but the API only included information about the IPv4 (0.0.0.0)
mapping moby/moby#42205
- Fix a regression in docker 20.10, causing the docker-proxy to not be
terminated in all cases moby/moby#42205
- Fix iptables forwarding rules not being cleaned up upon container removal
moby/moby#42205
For more details, see the release notes:
https://docs.docker.com/engine/release-notes/#20106
Signed-off-by: Mario Fink <knif.oiram@gmail.com>
Tested-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The imx-uuc package was only selectable on 32-bit arm targets; this
patch allows aarch64 targets such as i.MX8 to select the package
and use the ufb for fastboot support against the mfgtools "uuu".
Also bumping to latest upstream commit before uuc is removed from the
standard build, from
https://github.com/NXPmicro/imx-uuc
Tested on i.MX8QXP.
Signed-off-by: Charles Hardin <ckhardin@gmail.com>
Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop first patch and pass -fPIC to configure to fix the following build
failure on ARC:
ERROR: architecture for "/usr/lib/libdmalloc.so" is "ARCompact", should be "ARCv2"
ERROR: architecture for "/usr/lib/libdmallocth.so" is "ARCompact", should be "ARCv2"
ERROR: architecture for "/usr/lib/libdmallocthcxx.so" is "ARCompact", should be "ARCv2"
ERROR: architecture for "/usr/lib/libdmallocxx.so" is "ARCompact", should be "ARCv2"
This build failure is due to the following configure error:
checking shared library link args... ./configure: line 4467: 10229 Segmentation fault ( ${LD-ld} -shared --whole-archive -soname conftest.so -o conftest.so.t conftest.a ) 2>&5
/home/buildroot/autobuild/run/instance-0/output-1/host/bin/arc-buildroot-linux-gnu-ld -G -o $@.t
This configure error is due to missing -fPIC:
configure:4392: checking shared library link args
configure:4398: /home/buildroot/autobuild/run/instance-0/output-1/host/bin/arc-buildroot-linux-gnu-gcc -c -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g2 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 conftest.c >&5
configure:4404: $? = 0
configure:4408: test -z
|| test ! -s conftest.err
configure:4411: $? = 0
configure:4414: test -s conftest.o
configure:4417: $? = 0
/home/buildroot/autobuild/run/instance-0/output-1/host/bin/arc-buildroot-linux-gnu-ld: conftest.a(conftest.o): relocation R_ARC_32_ME against `__stack_chk_guard' can not be used when making a shared object; recompile with -fPIC
/home/buildroot/autobuild/run/instance-0/output-1/host/bin/arc-buildroot-linux-gnu-ld: BFD (GNU Binutils) 2.33.50.20191002 assertion fail elf32-arc.c:1805
/home/buildroot/autobuild/run/instance-0/output-1/host/bin/arc-buildroot-linux-gnu-ld: unrecognized option '-all'
/home/buildroot/autobuild/run/instance-0/output-1/host/bin/arc-buildroot-linux-gnu-ld: use the --help option for usage information
configure:4475: result: /home/buildroot/autobuild/run/instance-0/output-1/host/bin/arc-buildroot-linux-gnu-ld -G -o $@.t
Fixes:
- http://autobuild.buildroot.org/results/65677d889c27649e1f3ca1f3b6c70df7c89779f6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The poppler package failed to build for me with errors such as this one:
host/aarch64-buildroot-linux-gnu/include/c++/10.3.0/cstdlib:75:15: fatal error: stdlib.h: No such file or directory
75 | #include_next <stdlib.h>
| ^~~~~~~~~~
Changing the CMake option to a link-specific one fixes the issue.
Also change other packages with the same issue: cutelyst, gerbera,
kf5-modemmanager-qt, kodi and wampcc.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issues:
- A malformed incoming IXFR transfer could trigger an assertion failure in
named, causing it to quit abnormally. (CVE-2021-25214)
- named crashed when a DNAME record placed in the ANSWER section during
DNAME chasing turned out to be the final answer to a client query.
(CVE-2021-25215)
- When a server's configuration set the tkey-gssapi-keytab or
tkey-gssapi-credential option, a specially crafted GSS-TSIG query could
cause a buffer overflow in the ISC implementation of SPNEGO (a protocol
enabling negotiation of the security mechanism used for GSSAPI
authentication). This flaw could be exploited to crash named binaries
compiled for 64-bit platforms, and could enable remote code execution when
named was compiled for 32-bit platforms. (CVE-2021-25216)
For more details, see the release notes:
https://downloads.isc.org/isc/bind9/9.11.31/RELEASE-NOTES-bind-9.11.31.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Update the selection of the ahab container image to use based upon
a choice in the Config.in - there are multiple ASIC revisions that
use AHAB and the firmware images need to match. This extends the
support beyond a default image for just the imx8 amd imx8x based
upon the current contents of the imx-seco firmware extraction.
Files from 3.7.4:
mx8dxla0-ahab-container.img
mx8dxla1-ahab-container.img
mx8qmb0-ahab-container.img
mx8qxb0-ahab-container.img
mx8qxc0-ahab-container.img
The original defaults prior to this patch were mx8qmb0 for IMX8
and mx8qxb0 for the IMX8X selections. However, this patch will
change the default selection of the IMX8X from the B0 option to
C0 because the IMX8X C0 HW variant is widespread and the current
release of hardware silicon. Because there are still B0's in
circulation an option is being kept for that as well.
Signed-off-by: Charles Hardin <ckhardin@gmail.com>
[yann.morin.1998@free.fr: 1 minor code style]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Update patch added by commit 183d583fb5 to
use pkg-config instead of linking with zlib to fix the following static
build failure with a bzip2-enabled libmagic:
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arc-buildroot-linux-uclibc/9.3.1/../../../../arc-buildroot-linux-uclibc/bin/ld: /home/buildroot/autobuild/instance-1/output-1/host/arc-buildroot-linux-uclibc/sysroot/usr/lib/libmagic.a(compress.o): in function `uncompressbuf':
compress.c:(.text+0x422): undefined reference to `BZ2_bzDecompressInit'
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arc-buildroot-linux-uclibc/9.3.1/../../../../arc-buildroot-linux-uclibc/bin/ld: compress.c:(.text+0x422): undefined reference to `BZ2_bzDecompressInit'
Fixes:
- http://autobuild.buildroot.org/results/4c511c02e4c63b35ecf77a2658f88e8a0d9dbb4d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Commit 5871e278f8 (package/openjdk{, -bin}: security bump to version
11.0.11_9) forgot to account for the openjdk patch in the versioned
directory.
That patch was a collection of backports from upstream ,that are now all
present in 11.0.11+9, so drop that patch.
Fixes: 5871e278f8
Reported-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The e2scrib tool has various requirements:
- e2scrub and its associated helpers, are bash scripts
- e2scrub_all depends on coreutils' readlink; busybox readlink is
missing some options:
readlink: invalid option -- 'e'
- by design, e2scrub only works on an LVM volume
Add an option to enable e2scrub. This is probably seldom used, so it
does not warrant the usual dance about BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
and selecting the tools; we can just depend on the required tools.
Signed-off-by: Tian Yuanhao <tianyuanhao@aliyun.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr:
- add a kconfig option like for other tools
- move the conditions to that new option
- reword the commit log accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The opensbi package already allows to use Linux as a payload for
OpenSBI, but in some cases, U-Boot as payload is useful. This commit
adds a BR2_TARGET_OPENSBI_UBOOT_PAYLOAD option, modeled after the
existing BR2_TARGET_OPENSBI_LINUX_PAYLOAD.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenSBI contains platform-specific code, so very much like Linux,
U-Boot or other bootloaders, using the upstream version of OpenSBI
will very often not be sufficient.
This commit therefore adds the possibility of specifying a custom
version of OpenSBI, either custom from upstream, custom tarball, or
custom from Git. Support for other version control systems has not
been implemented for now, but could be added later if needed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As recently discussed on the list:
http://lists.busybox.net/pipermail/buildroot/2021-April/308373.html
Packages like mkpimage where the source code is included in the Buildroot
tree, currently doesn't use an extract step (which also skips the patch
step), so they cannot be patched by a patch in BR2_GLOBAL_PATCH_DIR (or the
pkgdir), which is a bit confusing.
As a fix, add a simple extract step that copies the source file to the build
directory, so the patch step gets run as well.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As recently discussed on the list:
http://lists.busybox.net/pipermail/buildroot/2021-April/308373.html
Packages like mkpasswd where the source code is included in the Buildroot
tree, currently doesn't use an extract step (which also skips the patch
step), so they cannot be patched by a patch in BR2_GLOBAL_PATCH_DIR (or the
pkgdir), which is a bit confusing.
As a fix, add a simple extract step that copies the source files to the
build directory, so the patch step gets run as well.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As recently discussed on the list:
http://lists.busybox.net/pipermail/buildroot/2021-April/308373.html
Packages like makedevs where the source code is included in the Buildroot
tree, currently doesn't use an extract step (which also skips the patch
step), so they cannot be patched by a patch in BR2_GLOBAL_PATCH_DIR (or the
pkgdir), which is a bit confusing.
As a fix, add a simple extract step that copies the source file to the build
directory, so the patch step gets run as well.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 32c10f256b
introduced extra space so let's remove that in
order to be consistent with other variables.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
zstd is a new dependency (since 2021.03)
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- python-dateutil and python-pytz are optional since version 0.0.20 and
a54dc97598
- python 2 and python-six dependency have been dropped in version 1.0.0 and
764812d01d
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add mention about nitrogen8mp_defconfig which is meant for our
Nitrogen8MPlus SOM device.
Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 54d3d94b6e broke the 'hg' download
method, in a similar way as it broke the 'git' download method (later fixed
with commit b70ce56651), by introducing extra
output on stdout in a case where the output is redirected.
In the case of 'hg', the 'hg archive' step uses shell redirection rather
than directly letting hg write the output file, since commit
76b51f90c0.
As a result, the extra print added by the _hg function is prepended to the
actual archive, causing an invalid archive.
Fix by using the _plain_hg function instead. The disadvantage is that the
command for 'hg archive' is no longer printed.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
"The LXC 4.0 branch is supported until June 2025. Only bugfixes and
securitiy issues get included into the stable bugfix releases, so it's
always safe and recommended to keep up and run the latest bugfix
release."
https://discuss.linuxcontainers.org/t/lxc-4-0-6-lts-has-been-released/9926
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
