Peter Korsgaard [Tue, 1 Sep 2020 20:38:36 +0000 (22:38 +0200)]
Update for 2020.08
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Tue, 1 Sep 2020 07:19:03 +0000 (09:19 +0200)]
support/runttime-tests: fix openssh test
When it was applied, commit
243d500f8d3 (support/testing: add openssh
runtime test) was amended to not provide a NIC to the emulated machine,
as the test did not require access to the outer world: it only uses the
lo interface. Also, there was a discrepancy between the NIC name in the
Buildroot configuration, and the drivers available in our default kernel
image, making the boot hang for a while whaiting for a NIC that would
never come.
However, that tweak was tested locally with a qmeu version more recent
than the one available in our buidroot/base Docker image. As a
consequence, that test fails to run in gitlab-ci.
Revert to using the old way of specifying no network: it works on
gitlab-ci, and qemu versions in standard distros still support it.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Peter Korsgaard [Tue, 1 Sep 2020 19:06:20 +0000 (21:06 +0200)]
package/gobject-introspection: disable for riscv32
Fixes:
http://autobuild.buildroot.net/results/e32/
e323f43952b3863cedfdae765b3fb10ec6b8d889/
http://autobuild.buildroot.net/results/53e/
53e7b82baa9edb342cd110717d6b8ac82d5d933c/
And many more.
qemu-user 5.0.0 for riscv32 segfaults when running the g-i qemu wrapper, so
disable gobject-introspection. There are no autobuilder failures for next,
so it looks to be fixed in qemu 5.1.0.
As python-gobject and gst1-python select gobject-introspection, add a
BR2_PACKAGE_GOBJECT_INTROSPECTION_ARCH_SUPPORTS symbol they can depend on
rather than having to propagate the dependencies.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Tue, 1 Sep 2020 18:15:03 +0000 (20:15 +0200)]
package/mbedtls: security bump to version 2.16.8
Fix a "Local side channel attack on classical CBC decryption in (D)TLS"
a.k.a. CVE-2020-16150:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1
as well as a "Local side channel attack on RSA and static
Diffie-Hellman" (no CVE):
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2
Also change MBEDTLS_SITE and retrieve hash provided by upstream
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Tue, 1 Sep 2020 14:22:22 +0000 (16:22 +0200)]
package/python-django: security bump to version 3.0.10
Fixes the following security issues:
CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+
On Python 3.7+, FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to
intermediate-level directories created in the process of uploading files and
to intermediate-level collected static directories when using the
collectstatic management command.
You should review and manually fix permissions on existing
intermediate-level directories.
CVE-2020-24584: Permission escalation in intermediate-level directories of
the file system cache on Python 3.7+
On Python 3.7+, the intermediate-level directories of the file system cache
had the system’s standard umask rather than 0o077 (no group or others
permissions).
https://docs.djangoproject.com/en/dev/releases/3.0.10/
In addition, 3.0.8..10 contains a number of bugfixes.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 31 Aug 2020 20:15:39 +0000 (22:15 +0200)]
package/ibm-sw-tpm2: fix build with gcc 10
Fixes:
- http://autobuild.buildroot.org/results/
8533d202fb29bf2a1677de37fc71f1a0fbd54722
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 31 Aug 2020 19:22:15 +0000 (21:22 +0200)]
package/graphite2: fix static install
Don't install an incorrect libtool file when building a static library
to fix the following build failure with harfbuzz:
arm-linux-g++.br_real: error: /home/buildroot/autobuild/run/instance-3/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libgraphite2.so: No such file or directory
make[5]: *** [main] Error 1
Fixes:
- http://autobuild.buildroot.org/results/
9ebe1d11e80755d59190ef2aae82bbba5cc45e44
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 1 Sep 2020 06:47:56 +0000 (08:47 +0200)]
package/dhcp: fix build with gcc 10
Fixes:
- http://autobuild.buildroot.org/results/
82df44b20ba4ecfb8cf7d077247b3262647a572d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 31 Aug 2020 20:07:27 +0000 (22:07 +0200)]
package/trousers: fix build with gcc 10
Fixes:
- http://autobuild.buildroot.org/results/
701e82a8f63e8b78c2db12bdeff9086d6e121b36
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 31 Aug 2020 19:57:44 +0000 (21:57 +0200)]
package/pixz: fix build with gcc 10
Fixes:
- http://autobuild.buildroot.org/results/
0c61743d4a022215317e57e35a00f0fa3d16ad62
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Lukasz Tekieli [Thu, 23 Jul 2020 17:19:17 +0000 (19:19 +0200)]
package/busybox: fix avahi-autoipd error message
When using a combination of udhcpc and avahi-autoipd in case of receiving IP
from a DHCP server, the following message can be seen:
"Failed to kill daemon: No such file or directory".
Add a check for a running avahi-autoipd to fix this issue.
Signed-off-by: Lukasz Tekieli <tekieli.lukasz@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 31 Aug 2020 14:00:35 +0000 (16:00 +0200)]
package/avahi: disable introspection
Fixes:
http://autobuild.buildroot.net/results/
b9bf7cea8be9231552a10e8ea828bf24394402ba/
Building with introspection (together with D-Bus) support currently fails.
Fixing it is not trivial, so explicitly disable introspection for now.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tested-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 30 Aug 2020 21:40:42 +0000 (23:40 +0200)]
package/rtty: fix build with mbedtls but without zlib
zlib is not mandatory with mbedtls, only optional, however as mbedtls
does not provide a pkg-config file, we assume that if zlib is
available, we must link with it to avoid a build failure when linking
statically with a zlib-enabled mbedtls.
This change was pushed upstream with
https://github.com/zhaojh329/rtty/commit/
7b8efe11dbafce97971dc130bf6cc1756f34ce07
and is in buildroot since the bump to version 7.1.4 with commit
0c80245ddbe78c8e443f98b9bbccac56331cdb26.
However, this change will raise a build failure if ZLIB_LIBRARIES is
used when zlib is not found. This patch is fixing this build failure.
However, it should be noted that the compression support in mbedtls is
only enabled if BR2_PACKAGE_MBEDTLS_COMPRESSION=y. So we can have a
situation where mbedtls is enabled, zlib is enabled, but mbedtls is not
using zlib and as a result, since version 7.1.4, rttyt will needlessly
link with zlib in such a situation.
The only sane way to fix this is to use pkg-config, but as mbedtls
apparently doesn't provide any .pc file, we leave it as it is.
Fixes:
- http://autobuild.buildroot.org/results/
a0ebffe58bbf14cab74b7d2111d4d88a9c725273
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sun, 30 Aug 2020 19:07:25 +0000 (21:07 +0200)]
package/am33x-cm3: fix build with gcc 10
Fixes:
- http://autobuild.buildroot.org/results/
a991e6efa012df518ff1bb35017ad2c96c8feedc
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 31 Aug 2020 06:58:41 +0000 (08:58 +0200)]
package/docker-cli: fix version info since move to 19.03.x
Upstream changed the variables used when outputting version / git commit
info in docker version since:
commit
04b5f44230162de40741acaa0f94c7af6f2fa1d5
Author: Ian Campbell <ijc@docker.com>
Date: Tue Jan 8 15:03:51 2019 +0000
Move versioning variables to a separate package.
This helps to avoid circular includes, by separating the pure data out from the
actual functionality in the cli subpackage, allowing other code which is
imported to access the data.
Signed-off-by: Ian Campbell <ijc@docker.com>
Upstream-commit:
20c19830a95455e8562551aad52c715ad0807cc6
Component: cli
Which is included in docker-cli 19.3.x - So adjust the _CLI_LDFLAGS to match
to get proper docker version output:
Client:
Version: 19.03.11
API version: 1.40
Go version: go1.13.14
Git commit: 19.03.11
vs:
Client:
Version: unknown-version
API version: 1.40
Go version: go1.13.14
Git commit: unknown-commit
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Julien Grossholtz [Mon, 31 Aug 2020 07:25:11 +0000 (09:25 +0200)]
package/paho-mqtt-c: bump to version 1.3.5
This is a paho-mqtt-c maintainace release. It fixes some memory leaks as
well as a potential deadlock:
https://github.com/eclipse/paho.mqtt.c/milestone/8?closed=1
Signed-off-by: Julien Grossholtz <julien.grossholtz@openest.io>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Iulian Onofrei [Sun, 30 Aug 2020 21:26:37 +0000 (00:26 +0300)]
package/libeXosip2: fix typos in help text
Signed-off-by: Iulian Onofrei <iulian.onofrei@yahoo.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Iulian Onofrei [Sun, 30 Aug 2020 21:26:38 +0000 (00:26 +0300)]
package/nvidia-driver: fix typos in comments
Signed-off-by: Iulian Onofrei <iulian.onofrei@yahoo.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bernd Kuhls [Sat, 29 Aug 2020 19:32:07 +0000 (21:32 +0200)]
package/stress-ng: add upstream patch to fix build failure for getresuid32
Fixes:
http://autobuild.buildroot.net/results/f13/
f13d85dfec371c38229bca988cd4bffa4cb97ae5/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Sun, 30 Aug 2020 11:58:13 +0000 (13:58 +0200)]
package/imagemagick: (security) bump to version 7.0.10-28
- Fix CVE-2019-17547: In ImageMagick before 7.0.8-62, TraceBezier in
MagickCore/draw.c has a use-after-free.
- Fix CVE-2019-18853: ImageMagick before 7.0.9-0 allows remote attackers
to cause a denial of service because XML_PARSE_HUGE is not properly
restricted in coders/svg.c, related to SVG and libxml2.
- Update hash of LICENSE file (update in year with
https://github.com/ImageMagick/ImageMagick/commit/
f775a5cf27a95c42bb6d19b50f4869db265fdaa9)
- Update indentation in hash file (two spaces)
- Switch to github helper - it has always been an autogenerated archive.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: use github helper]
Yann E. MORIN [Sat, 29 Aug 2020 20:42:52 +0000 (22:42 +0200)]
package/pkg-kconfig: quote HOSTCC_NOCCACHE
HOSTCC may contain spaces, so needs to be quoted.
Most of the places where it is already quoted use double-quotes, so we
use that.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Sun, 30 Aug 2020 08:08:56 +0000 (10:08 +0200)]
package/menu-cache: fix build with gcc 10
Fixes:
- http://autobuild.buildroot.org/results/
a97825f3c3e6245f8d1c2eb0cdb079f5dd6f1b47
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fabrice Fontaine [Sat, 29 Aug 2020 17:25:41 +0000 (19:25 +0200)]
package/graphite2: security bump to version 1.3.14
- Switch site to github, here is an extract of
https://sourceforge.net/projects/silgraphite:
"This project has been deprecated. Graphite2, a new version of the
Graphite engine, is available at: https://github.com/silnrsi/graphite
with its own bug tracker."
- graphite2 can be built statically since version 1.3.11 and
https://github.com/silnrsi/graphite/commit/
2f143c04da5caa43ddf4dba437b2f2bc26bf4238
- Update indentation in hash file (two spaces)
Extract from ChangeLog:
1.3.14
. Bug fixes
. Allow features to be hidden (for aliases)
. Move to python3
. Rename doc files from .txt to .asc
1.3.13
. Resolve minor spacing issue in rtl non-overlap kerning
. python3 for graphite.py
. Better fuzzing
. Better building on windows
1.3.12
. Graphite no longer does dumb rendering for fonts with no smarts
. Segment caching code removed. Anything attempting to use the segment cache gets given a regular face instead
. Add libfuzzer support
. Builds now require C++11
. Improvements to Windows 64 bit builds
. Support different versions of python including 32 bit and python 3
. Various minor bug fixes
1.3.11
. Fixes due to security review
. Minor collision avoidance fixes
. Fix LZ4 decompressor against high compression
The fixes due to security review are a little bit vague, a quick search
on github seems to indicate that those issues could be related to
segcache which has been removed since version 1.3.12:
https://github.com/silnrsi/graphite/search?q=security&type=Issues
https://github.com/silnrsi/graphite/commit/
b0f77e4a9dc50a888f74e904000a2486b2fc5527
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Yann E. MORIN [Sat, 29 Aug 2020 20:37:20 +0000 (22:37 +0200)]
package/uclibc: use HOSTCC_NOCCACHE as kconfig HOSTCC
uclibc is part of the toolchain, and as such does not have a dependency
on it. As a consequence, it does not have a dependency on host-ccache,
when this is needed.
Usually, host-ccache is built before uclibc, as part of the dependency
of gcc-initial, host-binutils, and a few other host packages that are
built before uclibc.
However, during top-level parallel builds, this ordering is only ever
guaranteed at the beginning of the configure step, and not before.
But for kconfig-packages, the moment we apply the configuration to
prepare the .config file is a pseudo step that happens somewhere in
limbo between the patch step and the configure step. As such, the
build ordering that is otherwise guaranteed by the _DEPENDENCIES is not
applicable yet.
And so, with top-level parallel builds with ccache enabled, there is
nothing that guarantees host-ccache to be built and installed by the
time we are trying to generate uclibc's .config file, which can be quite
early in the build process, and thus the build fails:
/home/raphael/github/ftcommunity-TXT/buildroot-rootfs/output/per-package/uclibc/host/bin/ccache /usr/bin/gcc /home/raphael/github/ftcommunity-TXT/buildroot-rootfs/output/build/uclibc-1.0.34/extra/config/conf.c -c -o ../../extra/config/conf.o -Os -I/usr/include/ncursesw -DCURSES_LOC="<curses.h>" -DNCURSES_WIDECHAR=1 -DLOCALE -DKBUILD_NO_NLS -DCONFIG_='""' -I/usr/include/ncursesw -DCURSES_LOC="<curses.h>" -DNCURSES_WIDECHAR=1 -DLOCALE -DKBUILD_NO_NLS -DCONFIG_='""'
/bin/sh: 1: /home/raphael/github/ftcommunity-TXT/buildroot-rootfs/output/per-package/uclibc/host/bin/ccache: not found
make[2]: *** [Makefile:64: ../../extra/config/conf.o] Error 127
make[1]: *** [Makefile.in:475: extra/config/conf] Error 2
make[1]: Leaving directory '/home/raphael/github/ftcommunity-TXT/buildroot-rootfs/output/build/uclibc-1.0.34'
make: *** [package/uclibc/uclibc.mk:458: /home/raphael/github/ftcommunity-TXT/buildroot-rootfs/output/build/uclibc-1.0.34/.stamp_dotconfig] Error 2
make: *** Waiting for unfinished jobs....
The root cause is that uclibc sets;
UCLIBC_KCONFIG_OPTS = $(UCLIBC_MAKE_FLAGS) [...]
with:
UCLIBC_MAKE_FLAGS = [...] HOSTCC="$(HOSTCC)"
And then the kconfig-package infra calls to the configurators,
menuconfig, xconfig et al, but also olddefconfig et al.. with:
[...] $($(1)_MAKE) [...] $(PKG_KCONFIG_COMMON_OPTS) $($(1)_KCONFIG_OPTS) [...]
with (note a latent bug in there, will be fixed in another patch):
PKG_KCONFIG_COMMON_OPTS = HOSTCC=$(HOSTCC_NOCCACHE)
So, a HOSTCC as set by a package will always win onver the one set by
the infra, which is exactly what we want.
But in this case, uclibc sets HOSTCC so that it can build its host tools
needed during the build, and in doing so uses the ccache-enabled host c
compiler. Which might not yet be available for the kconfig-package infra
to generate the .config file.
We had a similar (non-)issue for the linux package, which was fixed in
commit
71a31b2357 (linux: use HOSTCC_NOCCACHE as kconfig HOSTCC).
But here, uclibc does not have the toolchain in its dependencies (as said
earlier, uclibc *is* part of the toolchain).
Since the host compiler is only used to build very few files to generate
the simple executable needed to generate the .config file, doing without
the ccache-enabled host compiler will be amply enough.
So, we override HOSTCC in UCLIBC_KCONFIG_OPTS, to use the non-cached
host compiler.
Note that, in a first approximation, one would be tempted to change the
ordering in the kconfig-package infra:
$($(1)_KCONFIG_OPTS) $(PKG_KCONFIG_COMMON_OPTS)
so that the non-cached HOSTCC always wins over the cached one. But this
would be incorrect, in cases where the package really needs to override
HOSTCC; indeed we want the package-provided values to always win over
the default ones providing by the infra.
Reported-by: Raphael Jacob <r.jacob2002@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Acked-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Korsgaard [Sat, 29 Aug 2020 19:55:08 +0000 (21:55 +0200)]
docs/website: update for 2020.02.5
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sat, 29 Aug 2020 19:31:44 +0000 (21:31 +0200)]
Update for 2020.02.5
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit
6ec5f4eb7121a2dd8cf08c4ea805aa3c9a586b84)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sat, 29 Aug 2020 18:38:56 +0000 (20:38 +0200)]
CHANGES: fix typos in 2020.08-rcX notes
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sat, 29 Aug 2020 18:37:24 +0000 (20:37 +0200)]
docs/website: update for 2020.05.2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sat, 29 Aug 2020 18:02:01 +0000 (20:02 +0200)]
Update for 2020.05.2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit
1549e0b60751eab41e2d51899981d43d602275af)
[Peter: drop Makefile changes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 29 Aug 2020 17:42:19 +0000 (19:42 +0200)]
package/domoticz: drop SYNC4 from comment
Commit
8f5a9f597e35e6bc89dc938edbe753004d0201d1 forgot to drop SYNC4
from comment
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Titouan Christophe [Sat, 29 Aug 2020 13:06:10 +0000 (15:06 +0200)]
package/mosquitto: security bump to v1.6.12
Mosquitto 1.6.11 is a bugfix release, read the whole announcement on
http://mosquitto.org/blog/2020/08/version-1-6-11-released/
Mosquitto 1.6.12 is a security and bugfix release, read
http://mosquitto.org/blog/2020/08/version-1-6-12-released/
>From the 1.6.11 changelog of the client library:
mosquitto_loop_start() now sets a thread name on Linux, FreeBSD, NetBSD,
and OpenBSD. Closes #1777.
This is done with pthread_setname_np; so mosquitto now requires
BR2_TOOLCHAIN_HAS_THREADS_NPTL when built with threading support.
2 reverse dependencies use the threaded API, but they already
depend on BR2_TOOLCHAIN_HAS_THREADS_NPTL:
* domoticz [1] (we add a comment for mosquitto)
* shairport-sync [2]
[1] https://github.com/domoticz/domoticz/blob/2020.1/main/mosquitto_helper.cpp#L344
[2] https://github.com/mikebrady/shairport-sync/blob/3.3.6/mqtt.c#L227-L229
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Titouan Christophe [Sat, 29 Aug 2020 13:03:39 +0000 (15:03 +0200)]
package/{collectd, domoticz}: fix outdated dependencies for mosquitto
In
4fc62e1eb6b3adbfc3d3eb7f841275ae8cd1b424, we removed arch/toolchain
dependencies from the mosquitto library (MMU, !STATIC, SYNC4), and moved
them to the mosquitto broker only.
All the packages modified here only need the mosquitto library, so they
shouldn't have those depends anymore; but this was never done before.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
[Peter: leave mmu/!static dependency for domoticz as it uses fork()/looks
for libmosquitto.so]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 29 Aug 2020 16:37:39 +0000 (18:37 +0200)]
package/wolfssl: fix build with big endian
Fixes:
- http://autobuild.buildroot.org/results/
21098180d386890025ed5cdd243bf5a9b444c5cf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 29 Aug 2020 15:48:45 +0000 (17:48 +0200)]
package/haproxy: bump to version 2.2.2
Drop patch (already in version)
http://www.haproxy.org/download/2.2/src/CHANGELOG
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 29 Aug 2020 15:46:45 +0000 (17:46 +0200)]
package/libressl: bump to version 3.1.4
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.1.4-relnotes.txt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 29 Aug 2020 13:03:00 +0000 (15:03 +0200)]
package/zbar: fix NLS build with musl
Fixes:
- http://autobuild.buildroot.org/results/
b93ce5430bf22ddda94ee30882a883348617f5b1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 29 Aug 2020 13:59:41 +0000 (15:59 +0200)]
package/systemd: disable audit for host package
Disable audit for host package to avoid getting the following error if
it is found on host:
[84/662] Generating audit_type-list.txt with a meson_exe.py custom command
In file included from <command-line>:32:
./../src/basic/missing_audit.h:7:10: fatal error: libaudit.h: No such file or directory
7 | #include <libaudit.h>
| ^~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/
67782c225c08387c1bbcbea9eee3ca12bc6577cd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 29 Aug 2020 13:59:40 +0000 (15:59 +0200)]
package/systemd: disable cryptsetup for host package
Build with cryptsetup and without libblkid will fail on:
../src/shared/dissect-image.c:1336:34: error: 'N_DEVICE_NODE_LIST_ATTEMPTS' undeclared (first use in this function)
1336 | for (unsigned i = 0; i < N_DEVICE_NODE_LIST_ATTEMPTS; i++) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
This bug has been reported upstream:
https://github.com/systemd/systemd/pull/16901
and is not an issue for the target variant as libblkid is select by
BR2_PACKAGE_UTIL_LINUX_MOUNT
As cryptsetup does not seem needed for host-systemd, just disable it
Fixes:
- http://autobuild.buildroot.org/results/
67782c225c08387c1bbcbea9eee3ca12bc6577cd
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Sat, 29 Aug 2020 12:56:38 +0000 (14:56 +0200)]
Makefile: use $(Q) instead of @ to silence target-finalize commands
As
18f6c26118 just did to silence the file lists commands, switch to
using $(Q) instead of a plain @, to silence the commands.
Using $(Q) will allow to debug the commands with V=1.
We keep @ for the calls to MESSAGE, though.
The commands that are not currently silenced are left as-is, and they
can be converted to being silent in a followup patch, if need be,
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Paul Cercueil [Tue, 23 Jun 2020 11:38:59 +0000 (13:38 +0200)]
linux: run depmod only if modules directory exists
If the modules directory that corresponds to the version of the kernel
being built has been deleted, don't try to run depmod, which will
obviously fail.
This can happen for instance when the modules are stripped from the main
root filesystem, and placed into a separate filesystem image, so that
the root filesystem and the kernel can be updated separately.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Korsgaard [Sat, 29 Aug 2020 13:09:11 +0000 (15:09 +0200)]
fs/cpio/init: unbreak ttyname_r() on glibc after dropping /dev/console exec
Commit
98a6f1fc02e41 (fs/cpio: make initramfs init script survive 'console='
kernel argument) dropped the explicit /dev/console execs for fd 0,1,2, as
they fail when booted with console= and aren't really needed as the kernel
will setup fd 0,1,2 from /dev/console before executing the initramfs anyway.
Not doing this unfortunately confuses glibc's ttyname_r(3) implementation
(used by E.G. busybox/coreutils 'tty'), causing it to fail with ENOENT as
it does a fstat on fd 0 and tries to match up st_ino / st_dev against the
entries in /dev (since glibc 2.26):
commit
15e9a4f378c8607c2ae1aa465436af4321db0e23
Author: Christian Brauner <christian.brauner@canonical.com>
Date: Fri Jan 27 15:59:59 2017 +0100
linux ttyname and ttyname_r: do not return wrong results
If a link (say /proc/self/fd/0) pointing to a device, say /dev/pts/2, in a
parent mount namespace is passed to ttyname, and a /dev/pts/2 exists (in a
different devpts) in the current namespace, then it returns /dev/pts/2.
But /dev/pts/2 is NOT the current tty, it is a different file and device.
Detect this case and return ENODEV. Userspace can choose to take this as a hint
that the fd points to a tty device but to act on the fd rather than the link.
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
The reason it fails is that we manually mount devtmpfs on /dev in /init, so
the /dev/console used by the kernel (in rootfs) is not the same file as
/dev/console at runtime (in devtmpfs).
Notice: Once logged in, tty does work correctly. Presumably login reopens
stdin/stdout/stderr.
To fix this, re-add the exec of /dev/console for fd 0,1,2, but only do so if
possible. Because of the above mentioned shell behaviour (specified by
POSIX [0]), perform this check in a subshell.
[0] https://pubs.opengroup.org/onlinepubs/
9699919799/utilities/V3_chap02.html#tag_18_20_01
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sat, 29 Aug 2020 11:02:55 +0000 (13:02 +0200)]
package/lxc: bump to version 4.0.4
- Bug fix release: https://linuxcontainers.org/fr/lxc/news
- Drop patch (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 29 Aug 2020 11:24:08 +0000 (13:24 +0200)]
package/postgresql: security bump to version 12.4
- Fix CVE-2020-14349: It was found that PostgreSQL versions before 12.4,
before 11.9 and before 10.14 did not properly sanitize the search_path
during logical replication. An authenticated attacker could use this
flaw in an attack similar to CVE-2018-1058, in order to execute
arbitrary SQL command in the context of the user used for replication.
- Fix CVE-2020-14350: It was found that some PostgreSQL extensions did
not use search_path safely in their installation script. An attacker
with sufficient privileges could use this flaw to trick an
administrator into executing a specially crafted script, during the
installation or update of such extension. This affects PostgreSQL
versions before 12.4, before 11.9, before 10.14, before 9.6.19, and
before 9.5.23.
https://www.postgresql.org/docs/12/release-12-4.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 29 Aug 2020 12:30:00 +0000 (14:30 +0200)]
package/mongodb: security bump to version 4.2.9
SERVER-47733 SymmetricEncryptorWindows shouldn’t pad when update is
called
https://docs.mongodb.com/manual/release-notes/4.2-changelog/#id1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Sat, 29 Aug 2020 12:20:54 +0000 (14:20 +0200)]
Makefile: hide commands that build the package file lists at end of build
Since commit
0e2be4db8ab01d479177a3a187c22525752195ae
("package/pkg-generic: make file list logic parallel build
compatible"), the commands executed at the every end of the build
to assemble the list of files installed by the different packages
are visible in the make output. They are quite noisy, and clutter
the output.
The other commands in target-finalize are also hidden using "@",
so we should also do the same for those commands. But that hurts
debuggability, so we use $(Q) (the existing '@'s can be changed
in a followup patch).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: use '$(Q)', not '@']
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Korsgaard [Sat, 29 Aug 2020 09:51:19 +0000 (11:51 +0200)]
package/squid: security bump to version 4.13
Fixes the following security issues:
CVE-2020-15810: HTTP(S) Request Smuggling
Due to incorrect data validation Squid is vulnerable to HTTP Request
Smuggling attacks against HTTP and HTTPS traffic. This leads to cache
poisoning.
https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m
CVE-2020-15811: HTTP(S) Request Splitting
Due to incorrect data validation Squid is vulnerable to HTTP Request
Splitting attacks against HTTP and HTTPS traffic. This leads to cache
poisoning.
https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv
CVE-2020-24606: Denial of Service processing Cache Digest Response
Due to Improper Input Validation Squid is vulnerable to a Denial of Service
attack against the machine operating Squid.
https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sat, 29 Aug 2020 07:56:21 +0000 (09:56 +0200)]
package/wolfssl: security bump to version 4.5.0
wolfSSL version 4.5.0 contains 6 vulnerability fixes: 2 fixes for TLS 1.3,
2 side channel attack mitigations, 1 fix for a potential private key leak
in a specific use case, 1 fix for DTLS including those 3 CVEs:
- Fix CVE-2020-12457: An issue was discovered in wolfSSL before 4.5.0.
It mishandles the change_cipher_spec (CCS) message processing logic
for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a
crafted way involving more than one in a row, the server becomes stuck
in the ProcessReply() loop, i.e., a denial of service.
- Fix CVE-2020-15309: An issue was discovered in wolfSSL before 4.5.0,
when single precision is not employed. Local attackers can conduct a
cache-timing attack against public key operations. These attackers may
already have obtained sensitive information if the affected system has
been used for private key operations (e.g., signing with a private
key).
- Fix CVE-2020-24585: An issue was discovered in the DTLS handshake
implementation in wolfSSL before 4.5.0. Clear DTLS application_data
messages in epoch 0 do not produce an out-of-order error. Instead,
these messages are returned to the application.
Also update hash of LICENSING as well as WOLF_LICENSE due to later
verbage update with
https://github.com/wolfSSL/wolfssl/commit/
970391319beb023680eccd0e447e76834dbb4808
https://www.wolfssl.com/docs/security-vulnerabilities/
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sat, 29 Aug 2020 07:51:24 +0000 (09:51 +0200)]
package/wireshark: security bump to version 3.2.6
Fix CVE-2020-17498: In Wireshark 3.2.0 to 3.2.5, the Kafka protocol
dissector could crash. This was addressed in
epan/dissectors/packet-kafka.c by avoiding a double free during LZ4
decompression.
https://www.wireshark.org/security/wnpa-sec-2020-10.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Fri, 28 Aug 2020 22:07:20 +0000 (00:07 +0200)]
package/chocolate-doom: fix build with gcc 10
Fixes:
- http://autobuild.buildroot.org/results/
02828f2d9956d1e3727774b5045790aa3611428d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Wed, 26 Aug 2020 21:31:34 +0000 (23:31 +0200)]
package/bluez-tools: fix build with gcc 10
Fixes:
- http://autobuild.buildroot.org/results/
2641cea0483c5f6b65ece8016d546ee9bea0d7d1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Fri, 28 Aug 2020 21:10:20 +0000 (23:10 +0200)]
Update for 2020.08-rc3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 28 Aug 2020 20:08:59 +0000 (22:08 +0200)]
package/glibc: security bump for additional post-2.31.x fixes
Fixes the following security issue:
CVE-2016-10228: An infinite loop has been fixed in the iconv program when
invoked with the -c option and when processing invalid multi-byte input
sequences. Reported by Jan Engelhardt.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Tue, 18 Aug 2020 21:54:12 +0000 (23:54 +0200)]
package/openal: needs gcc >= 4.9
openal uses std::max_align_t since version 1.20.0 and
https://github.com/kcat/openal-soft/commit/
585b0cf3bed7d1c5720633eb7e5358a9fca865f6
As a result, it is affected by
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=56019
and the build with gcc <= 4.8 will fail on:
/home/buildroot/autobuild/instance-2/output-1/build/openal-1.20.1/common/almalloc.cpp: In function 'void* al_malloc(size_t, size_t)':
/home/buildroot/autobuild/instance-2/output-1/build/openal-1.20.1/common/almalloc.cpp:20:45: error: 'max_align_t' is not a member of 'std'
alignment = std::max(alignment, alignof(std::max_align_t));
^
Fixes:
- http://autobuild.buildroot.org/results/
589c7853ce334c7502f7cd4cdbcaaf3c6840f43b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Adam Duskett [Fri, 28 Aug 2020 17:08:44 +0000 (10:08 -0700)]
package/mender: Fix incorrectly named service file
Many of the mender CLI commands use systemctl commands to get information about
the daemon, such as the PID (IE: systemctl show -p MainPID mender-client).
As seen above, these commands expect the service file to be named
"mender-client" instead of "mender."
As such, in the current state, running a forced update check in the CLI will
result in the following error:
failed to force updateCheck: could not find the PID of the mender daemon.
Changing the name of mender.service to mender-client.service fixes the issue.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Fri, 28 Aug 2020 19:01:01 +0000 (21:01 +0200)]
{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 7}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Wed, 26 Aug 2020 11:37:59 +0000 (13:37 +0200)]
linux: workaround make-4.1 bug
On Ubuntu 18.04, make-4.1 emits spurious, incorrect "entering/leaving"
messages, which end up in the LINUX_VERSION_PROBED variable:
printf 'probed linux version: "%s"\n' "$(LINUX_VERSION_PROBED)"
probed linux version: "make[1]: Entering directory '/home/buildroot'
4.19.78-linux4sam-6.2
make[1]: Leaving directory '/home/buildroot/output/build/linux-linux4sam_6.2'"
First, the messages are displayed even though we do explicitly pass
--no-print-directory -s.
Second, the entering and leaving messages are not about the same
directory!
This *only* occurs in the following conditions:
- the user has the correct 0022 umask,
- top-level parallel is used (with or without PPD),
- initial -C is specified as well.
$ umask 0022
$ make -j16 -C $(pwd)
[...]
depmod: ERROR: Bad version passed make[1]:
[...]
(yes, 'make[1]:' is the string depmod is trying, and fails, to parse as
a version string).
If any of the three conditions above is removed, the problem no longer
occurs. Here's a table of the MAKEFLAGS:
| 0002 | 0022 |
----+-------+------------------------------------------------+--------------------------+
| no-j | --no-print-directory -- | |
noC | +------------------------------------------------+--------------------------+
| -j16 | -j --jobserver-fds=3,4 --no-print-directory -- | -j --jobserver-fds=3,4 |
----+-------+------------------------------------------------+--------------------------+
| no-j | --no-print-directory -- | w |
-C | +------------------------------------------------+--------------------------+
| -j16 | -j --jobserver-fds=3,4 --no-print-directory -- | w -j --jobserver-fds=3,4 |
----+-------+------------------------------------------------+--------------------------+
0002: umask == 0002
0022: umask == 0022
no-j: no -j flag
-j16: -j16 flag
noC: no -C flag
-C : -C /path/of/buildroot/
Only the bottom-right-most case fails...
This behaviour goes against what is documented:
https://www.gnu.org/software/make/manual/make.html#g_t_002dw-Option
5.7.4 The ‘--print-directory’ Option
[...]
you do not need to specify this option because ‘make’ does it for
you: ‘-w’ is turned on automatically when you use the ‘-C’ option,
and in sub-makes. make will not automatically turn on ‘-w’ if you
also use ‘-s’, which says to be silent, or if you use
‘--no-print-directory’ to explicitly disable it.
So this exactly describes our situation; yet 'w' is added to MAKEFLAGS.
Getting rid of the 'w' flag makes the build succeed again, so that's
what we do here (bleark, icky)...
Furthermore, the documented way to override MAKEFLAGS is to do so as a
make parameter:
https://www.gnu.org/software/make/manual/make.html#Options_002fRecursion
5.7.3 Communicating Options to a Sub-make
[...]
If you do not want to pass the other flags down, you must change the
value of MAKEFLAGS, like this:
subsystem:
cd subdir && $(MAKE) MAKEFLAGS=
However, doing so does not fix the issue. So we resort to pass the
modified MAKEFLAGS via the environment (bleark, icky)...
Fixes: #13141
Reported-by: Laurent <laurent@neko-labs.eu>
Reported-by: Asaf Kahlon <asafka7@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 24 Aug 2020 10:25:16 +0000 (12:25 +0200)]
package/trousers: add upstream security fix
Fixes the following security issues:
CVE-2020-24332
If the tcsd daemon is started with root privileges,
the creation of the system.data file is prone to symlink attacks
CVE-2020-24330
If the tcsd daemon is started with root privileges,
it fails to drop the root gid after it is no longer needed
CVE-2020-24331
If the tcsd daemon is started with root privileges,
the tss user has read and write access to the /etc/tcsd.conf file
For details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/05/20/3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls [Fri, 28 Aug 2020 06:23:09 +0000 (08:23 +0200)]
package/x11r7/xlib_libX11: security bump version to 1.6.12
Fixes CVE-2020-14363:
https://lists.x.org/archives/xorg-announce/2020-August/003056.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bernd Kuhls [Fri, 28 Aug 2020 06:18:58 +0000 (08:18 +0200)]
package/x11r7/xserver_xorg-server: security bump version to 1.20.9
Fixes CVE-2020-14345, CVE-2020-14346, CVE-2020-14361 & CVE-2020-1436:
https://lists.x.org/archives/xorg-announce/2020-August/003058.html
Removed patch 0002, not needed anymore due to upstream commit
https://cgit.freedesktop.org/xorg/xserver/commit/configure.ac?h=server-1.20-branch&id=
c601c8faf54ff9e3bcbc653421828d71042deef7
Build-tested with wayland:
checking for a useful monotonic clock ......
checking whether CLOCK_MONOTONIC is declared... yes
guessing yes
Removed patch 0007, included in upstream release.
Rebased and renumbered remaining patches.
Reformatted license hashes.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Thu, 27 Aug 2020 21:10:03 +0000 (23:10 +0200)]
package/shadowsocks-libev: security bump to version 3.3.4
- Fix CVE-2019-5163: An exploitable denial-of-service vulnerability
exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When
utilizing a Stream Cipher and a local_address, arbitrary UDP packets
can cause a FATAL error code path and exit. An attacker can send
arbitrary UDP packets to trigger this vulnerability.
- Fix CVE-2019-5164: An exploitable code execution vulnerability exists
in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted
network packets sent to ss-manager can cause an arbitrary binary to
run, resulting in code execution and privilege escalation. An attacker
can send network packets to trigger this vulnerability.
Also update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Thu, 27 Aug 2020 21:20:44 +0000 (23:20 +0200)]
package/openjpeg: add CVE-2020-15389 entry
Commit
b006cc373f96ec86c027779e113c8f70bc40d1c3 forgot to add
the OPENJPEG_IGNORE_CVES entry
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Thu, 27 Aug 2020 17:21:40 +0000 (19:21 +0200)]
package/python-matplotlib: simplify version checks
Hopefully, this should fix the following error on one of the
autobuilders:
png: no [The C/C++ header for libpng (png.h) could not
be found. You may need to install the development
package.]
Fixes:
- http://autobuild.buildroot.org/results/
afddcc44b2fb7983244f24542bfae921869e4ab8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Thu, 27 Aug 2020 16:27:46 +0000 (18:27 +0200)]
package/dillo: fix build with gcc 10
Fixes:
- http://autobuild.buildroot.org/results/
9c777af97fe50143c6a68f0170fc86c87d8ead3f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Thu, 27 Aug 2020 16:27:45 +0000 (18:27 +0200)]
package/dillo: renumber patches
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Gwenhael Goavec-Merou [Thu, 27 Aug 2020 15:49:03 +0000 (17:49 +0200)]
package/gnuradio: backport patch to fix INTERFACE_INCLUDE_DIRECTORIES
gnuradio-runtimeTargets.cmake and gnuradio-pmtTargets.cmake are filled
using CMAKE_INSTALL_PREFIX for INSTALL_INTERFACE.
Since CMAKE_INSTALL_PREFIX, in buildroot, is set to /usr, these files contains
path to host system.
With BR2_COMPILER_PARANOID_UNSAFE_PATH package using gnuradio fails with:
arm-linux-gnueabihf-g++: ERROR: unsafe header/library path used in cross-compilation: '-isystem' '/usr/include'
By simply providing 'include', produced .cmake contains:
INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include"
instead of
INTERFACE_INCLUDE_DIRECTORIES "/usr/include"
[Upstream status: https://github.com/gnuradio/gnuradio/pull/3737]
Fix (many) gr-osmosdr build failure:
- http://autobuild.buildroot.net/results/
66b76c07f15bb3e6db697c47796ae3dd15ecf4b9/
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Heiko Thiery [Thu, 27 Aug 2020 11:37:55 +0000 (13:37 +0200)]
DEVELOPERS: add myself as contact for linuxptp+ipmitool
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Thu, 27 Aug 2020 20:40:12 +0000 (22:40 +0200)]
package/openjpeg: fix CVE-2020-15389
Fix CVE-2020-15389: jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a
use-after-free that can be triggered if there is a mix of valid and
invalid files in a directory operated on by the decompressor. Triggering
a double-free may also be possible. This is related to calling
opj_image_destroy twice.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Thu, 27 Aug 2020 17:26:44 +0000 (19:26 +0200)]
package/json-c: security bump to version 0.15
Fix CVE-2020-12762: json-c through 0.14 has an integer overflow and
out-of-bounds write via a large JSON file, as demonstrated by
printbuf_memappend.
Also update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Thu, 27 Aug 2020 15:47:07 +0000 (17:47 +0200)]
support/scripts/pkg-stats: drop erroneous "break" in CVE.affects()
Commit
7d2779ecbb142b62f8913d30352b11058f922b2a
("support/script/pkg-stats: handle exception when version comparison
fails") erroneousy introduced a "break" within a try/expect block.
This break has the unfortunate consequence that every CVE that was
using the <= operator was skipped, and according to the current
CVE statistics, made us miss 74 CVEs out of 141 CVEs.
Here is for reference the complete list of CVEs we missed:
- gnupg
CVE-2006-3082
CVE-2019-13050
- jhead
CVE-2020-6624
CVE-2020-6625
- patch
CVE-2018-6952
CVE-2019-20633
- json-c
CVE-2020-12762
- git
CVE-2018-
1000110
CVE-2018-
1000182
CVE-2019-
1003010
CVE-2020-2136
- iperf2
CVE-2016-4303
- libtorrent
CVE-2009-1760
CVE-2016-5301
- lua
CVE-2020-15888
CVE-2020-15889
CVE-2020-15945
CVE-2020-24342
- openvpn
CVE-2020-7224
- smack
CVE-2016-10027
- bashtop
CVE-2019-18276
- links
CVE-2008-3319
- argus
CVE-2011-3332
- libraw
CVE-2020-15503
- netcat
CVE-2008-5727
CVE-2008-5728
CVE-2008-5729
CVE-2008-5730
CVE-2008-5742
CVE-2015-2214
- subversion
CVE-2017-
1000085
CVE-2018-
1000111
CVE-2020-2111
- python
CVE-2013-1753
CVE-2015-5652
CVE-2017-17522
CVE-2017-18207
CVE-2019-20907
CVE-2019-9674
- cereal
CVE-2020-11104
CVE-2020-11105
- opencv
CVE-2017-
1000450
CVE-2017-12597
CVE-2017-12598
CVE-2017-12599
CVE-2017-12600
CVE-2017-12601
CVE-2017-12602
CVE-2017-12603
CVE-2017-12604
CVE-2017-12605
CVE-2017-12606
CVE-2017-12862
CVE-2017-12863
CVE-2017-12864
CVE-2019-15939
- docker
CVE-2015-1843
CVE-2015-3627
CVE-2015-3630
CVE-2015-3631
CVE-2016-3697
CVE-2017-14992
CVE-2019-16884
- trousers
CVE-2020-24330
CVE-2020-24331
CVE-2020-24332
- libcroco
CVE-2020-12825
- libpupnp
CVE-2020-13848
- openjpeg
CVE-2020-15389
- flex
CVE-2015-1773
- libesmtp
CVE-2019-19977
- ed
CVE-2015-2987
- libmad
CVE-2018-7263
- grub
CVE-2020-15705
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sam Voss [Thu, 27 Aug 2020 00:44:24 +0000 (19:44 -0500)]
package/ripgrep: fix build directories
RIPGREP_CARGO_MODE was no longer defined after
832c076f26 and caused
issues during the install step as the build directory was malformed.
This patch maintains the release/dev profile distinction, while also
assigning appropriate build folders.
Fixes:
- http://autobuild.buildroot.net/results/
a4cd7ecc6d983aa6f15d3be1e21529f17e04b825/
- http://autobuild.buildroot.net/results/
2bab8ffa590d4c4eabffe94ed27311c7f6607c98/
Signed-off-by: Sam Voss <sam.voss@gmail.com>
CC: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Wed, 26 Aug 2020 21:17:55 +0000 (23:17 +0200)]
package/libroxml: fix build with gcc 10
Fixes:
- http://autobuild.buildroot.org/results/
b6ac3664d61ad826515b57c4d057b6f001b5167d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Tue, 25 Aug 2020 21:01:42 +0000 (23:01 +0200)]
package/assimp: also build with -mxgot on mips64(el)
Since the bump of assimp to 5.0.1, we have build failures on mips64el,
due to relocations being truncated. The issue seems to be quite
similar to the one on m68k coldfire, as both m68k and MIPS have this
-mxgot gcc option to switch to using a GOT that has no size limit (but
causes less efficient code to be produced).
Here as well, the overall relevance of assimp on mips64(el) platforms
being probably very limited, the incentive to search for a better
solution is pretty limited.
Fixes:
http://autobuild.buildroot.net/results/
7df487d5117b2ee440a07dbff9cae1b181566748/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thomas Petazzoni [Tue, 25 Aug 2020 21:01:41 +0000 (23:01 +0200)]
package/assimp: workaround m68k build issues
On m68k coldfire, we already pass -mxgot, but since the bump to assimp
5.0.1, this is no longer sufficient, and we have failures such as:
/tmp/ccqmJLil.s: Assembler messages:
/tmp/ccqmJLil.s:307948: Error: value -43420 out of range
/tmp/ccqmJLil.s:307985: Error: value -38606 out of range
/tmp/ccqmJLil.s:308010: Error: value -38626 out of range
/tmp/ccqmJLil.s:308056: Error: value -33280 out of range
Since these issues only arise when building with -O2, let's disable
the optimization for this package on m68k. The very relative relevance
of assimp on m68k coldfire makes the research of a better solution not
really useful (for the record, assimp is a "library to import various
well-known 3D model formats in a uniform manner").
Fixes:
http://autobuild.buildroot.net/results/
a7d4fb2653b0f1be4d036ee46a44e72da0ed4376/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Yann Sionneau [Tue, 1 Oct 2019 12:33:30 +0000 (14:33 +0200)]
package/patchelf: keep RPATH entries even without DT_NEEDED libraries
Our patch
0003-Add-option-to-make-the-rpath-relative-under-a-specif.patch adds
an option --make-rpath-relative, which we use to tweak RPATH of target
binaries.
However, one of the effect of this option is that it drops RPATH
entries if the corresponding directory does not contain a library that
is referenced by a DT_NEEDED entry of the binary.
This unfortunately isn't correct, as RPATH entries are not only used
by the dynamic linker to resolve the location of libraries listed
through DT_NEEDED entries: RPATH entries are also used by dlopen()
when resolving the location of libraries that are loaded at runtime.
Therefore, the removal of RPATH entries that don't correspond to
directories containing libraries referenced by DT_NEEDED entries break
legitimate uses of RPATH for dlopen()ed libraries.
This issue was even pointed out during the review of the upstream pull
request:
https://github.com/NixOS/patchelf/pull/118#discussion_r329660138
This fixes tst-origin uClibc-ng unit test:
https://github.com/wbx-github/uclibc-ng-test/blob/master/test/dlopen/Makefile.in#L25
https://github.com/wbx-github/uclibc-ng-test/blob/master/test/dlopen/tst-origin.c#L15
Without this patch:
$ gcc -o toto toto.c -Wl,-rpath,/tmp/test/bar
$ readelf -d toto | grep PATH
0x000000000000000f (RPATH) Library rpath: [/tmp/test/bar]
$ ./output/host/bin/patchelf --debug --make-rpath-relative /tmp/
toto
patching ELF file `toto'
Kernel page size is 4096 bytes
removing directory '/tmp/test/bar' from RPATH because it does not contain needed libs
new rpath is `'
$ readelf -d toto | grep PATH
0x000000000000001d (RUNPATH) Library runpath: []
With the patch applied:
$ gcc -o toto toto.c -Wl,-rpath,/tmp/test/bar
$ readelf -d toto | grep PATH
0x000000000000000f (RPATH) Library rpath: [/tmp/test/bar]
$ ./output/host/bin/patchelf --debug --make-rpath-relative /tmp/ toto
patching ELF file `toto'
Kernel page size is 4096 bytes
keeping relative path of /tmp/test/bar
new rpath is `test/bar'
$ readelf -d toto | grep PATH
0x000000000000001d (RUNPATH) Library runpath: [test/bar]
Signed-off-by: Yann Sionneau <ysionneau@kalray.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 23 Aug 2020 11:15:14 +0000 (13:15 +0200)]
support/config-fragments/autobuild: test Bootlin x86-64 toolchain
As we recently stopped testing the x86-64 Sourcery toolchain, it means
we no longer have any x86-64 glibc based toolchain in our
autobuilders. Since this is a pretty common configuration, it makes
sense to test it, which this commit does by adding a config fragment
to use the x86-64 glibc bleeding edge Bootlin toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thomas Petazzoni [Sun, 23 Aug 2020 11:15:13 +0000 (13:15 +0200)]
toolchain/toolchain-external/toolchain-external-codesourcery-amd64: remove package
This toolchain uses an old gcc 6.2.0 compiler (not even the latest gcc
from the 6.x series), which fails to build the recent Boost
package. Since newer versions of this toolchain are no longer made
publicly available from Mentor Graphics, our only option is to drop
the toolchain.
Fixes:
http://autobuild.buildroot.net/results/
10edaed22c15b9d0f7de187085aeebc96e5ebe6c/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Thomas Petazzoni [Sun, 23 Aug 2020 11:15:12 +0000 (13:15 +0200)]
support/config-fragments/autobuild: stop testing Sourcery AMD64 toolchain
This toolchain uses an old gcc 6.2.0, and newer versions of the
toolchain are no longer publicly available. This old gcc 6.2.0 causes
build issues of Boost, which are unfixable without updating the
toolchain. As we're about to drop support for this toolchain entirely,
we must stop testing it in our autobuilder infrastructure.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sun, 23 Aug 2020 09:37:37 +0000 (11:37 +0200)]
package/davfs2: bump to version 1.6.0
This bump is needed to fix a build failure with gcc 10:
https://savannah.nongnu.org/support/?func=detailitem&item_id=110186#options
Here is an extract of the bug report:
"It is not a bug to have variables with the same name in different source
files. The bug was the missing keyword "static".
But there was a different bug that was not tolerated by GCC 10. It was
same strange data type conversions in dav_coda.c. The resolution was to
drop coda altogether because there is still fuse which is better suited
anyway.
The new release 1.6.0 should fix all these problems. Please tell me if
there are still problems with GCC 10."
Also update indentation in hash file (two spaces)
Fixes:
- http://autobuild.buildroot.org/results/
42beafade6fd31927c8db14bc52110c0fc5b17c2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Mon, 24 Aug 2020 10:46:15 +0000 (12:46 +0200)]
package/hostapd: add upstream 2020-1 security patches
Fixes the following security vulnerabilities:
CVE-2020-12695: The Open Connectivity Foundation UPnP specification before
2020-04-17 does not forbid the acceptance of a subscription request with a
delivery URL on a different network segment than the fully qualified
event-subscription URL, aka the CallStranger issue.
For details, see the advisory:
https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni [Sun, 23 Aug 2020 21:18:15 +0000 (23:18 +0200)]
package/ibm-sw-tpm2: re-fix build with uClibc-ng and older glibcs
In commit
26e37cef1627faa1f5ab8935482e2b2bc3465c33, we started using
__WORDSIZE to get the size of longs on the given architecture, in
order to support all CPU architectures.
Unfortunately, __WORDSIZE is not enabled in musl, so in
19bd08900448aa45b506320ad2ab912f789e6e5e, we switched to using
LONG_BIT instead of __WORDSIZE.
However, LONG_BIT is not readily available on glibc, you need
_XOPEN_SOURCE to be defined, which was done in
a34e7f88f67b77066f73894dc8e42bca3c076fa6.
However, in
a34e7f88f67b77066f73894dc8e42bca3c076fa6, _XOPEN_SOURCE
was just defined, with no specific value. This caused the build to
break again on uClibc-ng and older glibcs, because clock_gettime() and
CLOCK_MONOTONIC were no longer defined. In both uClibc-ng and glibc,
CLOCK_MONOTONIC is only defined if __USE_POSIX199309 is defined. It
turns out that simply defining _XOPEN_SOURCE with no value does not
lead to __USE_POSIX199309 being defined in uClibc-ng and old glibcs,
while it is defined in newer glibcs.
The difference comes from the following snippet of code, which is
present in recent enough glibc's <feature.h> but not uClibc-ng's or
older glibc's <feature.h>:
/* If none of the ANSI/POSIX macros are defined, or if _DEFAULT_SOURCE
is defined, use POSIX.1-2008 (or another version depending on
_XOPEN_SOURCE). */
So the fact that we are defining _DEFAULT_SOURCE makes it assume that
we're using POSIX 2008.09, which obviously includes POSIX 1993.09.
Due to the lack of this code snippet, uClibc-ng <features.h> only
enables:
!defined _POSIX_SOURCE && !defined _POSIX_C_SOURCE)
but not:
So we need an _XOPEN_SOURCE level of at least 500 for POSIX 1993.09
definitions to be available.
This is confirmed by the feature_test_macros man page, which states:
_XOPEN_SOURCE < 500
_POSIX_C_SOURCE is defined with the value 2.
500 <= _XOPEN_SOURCE < 600
_POSIX_C_SOURCE is defined with the value 199506L.
When this is fixed, another issue arises with older glibc toolchains
(such as Sourcery ARM), where fd_set is no longer defined. Inded, with
POSIX-1.2001 being enabled, we need to include <sys/select.h> to
access the fd_set definition and friends (see man fd_set for details).
This commit was tested with two glibc toolchains (recent and old), one
uClibc-ng toolchain and one musl toolchain.
Fixes:
http://autobuild.buildroot.net/results/
e20f9474fc0217036faa6561df33fa983466ddfe/
(uClibc-ng)
http://autobuild.buildroot.net/results/
b5d944389fc96ef2c5e0608fe4ac34149e5f9739/
(glibc)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: Vincent Fazio <vfazio@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Heiko Thiery [Mon, 24 Aug 2020 12:41:47 +0000 (14:41 +0200)]
package/netopeer2: add patch to solve issue with empty group name
When building on a host that has no name specified for the used group in
/etc/group the script in install step will fail due to missing group name.
CMake Error at CMakeLists.txt:80 (message):
Learning server module group failed: id: cannot find name for group ID 8000
The patch was taken from upstream and modified manually because of merge
conflicts.
Fixes:
http://autobuild.buildroot.net/results/
f197ca1def9dc1292e1e784757f2da9d95484431/
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine [Mon, 24 Aug 2020 18:24:38 +0000 (20:24 +0200)]
package/ipmitool: fix build with gcc 10
Fixes:
- http://autobuild.buildroot.org/results/
b6231d601d6051c97d3c2a0ed3065df03648c40d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yann E. MORIN [Mon, 24 Aug 2020 17:16:25 +0000 (19:16 +0200)]
legacy: drop options that are now forcibly enabled
As Thomas said:
> In this sort of situation, we generally don't add any legacy
> handling. Indeed, since the feature is now mandatory... the
> default behavior will always be OK.
> People who could be annoyed are people who had this feature
> disabled... which is now always enabled. But the legacy handling
> will anyway not help those people.
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Korsgaard [Mon, 24 Aug 2020 14:58:59 +0000 (16:58 +0200)]
docs/website/news.html: correct left/right ordering of 2020.08-rc2 entry
And drop the confusing class="timeline" tag from the 2020.08-rc1 entry.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Mon, 24 Aug 2020 14:19:07 +0000 (16:19 +0200)]
Update for 2020.08-rc2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Mon, 24 Aug 2020 11:40:28 +0000 (13:40 +0200)]
package/openfpgaloader: drop ftdipp
ftdipp is not needed since version 0.1 and
https://github.com/trabucayre/openFPGALoader/commit/
3df577b70638c37885eef3a27b8931261b259e47
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Mon, 24 Aug 2020 11:40:27 +0000 (13:40 +0200)]
package/openfpgaloader: drop udev from comment
Commit
5714f3f81fdd85640d627f9b43490c52419650ea forgot to remove udev
from comment
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Korsgaard [Sun, 23 Aug 2020 20:47:10 +0000 (22:47 +0200)]
{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 7}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine [Sat, 22 Aug 2020 18:22:37 +0000 (20:22 +0200)]
package/ripgrep: fix debug build
There is no --debug mode for cargo resulting in the following build
failure since the addition of this package with commit
4b0d1ef6ac00c5170a3fb9d15d06b3d3172e0c97:
error: Unknown flag: '--debug'
Fixes:
- http://autobuild.buildroot.org/results/
58e74bb056ec65680ecebaa559aa14bdebbf5c85
- http://autobuild.buildroot.org/results/
28c6364a89a6044d5a036614f7a6e59815efb770
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: keep the default 'dev' mode when in debug]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Gwenhael Goavec-Merou [Mon, 24 Aug 2020 08:38:38 +0000 (10:38 +0200)]
package/openfpgaloader: bump to current master
- argp is no more used;
- UDEV dependency is now optional
Fix:
- http://autobuild.buildroot.org/results/
f3f3cc216ae42bb8a8925b0df7c1a3cc79b027d7
/home/buildroot/autobuild/instance-1/output-1/build/openfpgaloader-
849e5751e06d4d00f323205d5f02ee01f9f59a61/src/spiFlash.cpp:
In member function 'void SPIFlash::jtag_write_read(uint8_t, uint8_t*, uint8_t*, uint16_t)':
/home/buildroot/autobuild/instance-1/output-1/build/openfpgaloader-
849e5751e06d4d00f323205d5f02ee01f9f59a61/src/spiFlash.cpp:92:43:
error: variable-sized object 'jtx' may not be initialized
uint8_t jtx[xfer_len] = {reverseByte(cmd)};
^
and
src/gowin.cpp:73:11: error: 'runtime_error' is not a member of 'std'
throw std::runtime_error("both write-flash and write-sram can't be set");
^
src/gowin.cpp:81:10: error: 'runtime_error' is not a member of 'std'
throw std::runtime_error("incompatible file format");
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
[yann.morin.1998@free.fr:
- don't add a sub-option for udev; directly rely on udev being avail
- fix conflict after
1ca0077d9141
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Mon, 24 Aug 2020 07:09:01 +0000 (09:09 +0200)]
docs/manual/adding-packages-cargo.txt: drop debug profile
There is no debug profile on cargo. The available profiles are: dev
(enabled by default), release, test and bench.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Peter Korsgaard [Sun, 23 Aug 2020 20:32:36 +0000 (22:32 +0200)]
package/xen: add upstream security fix for XSA-327
Fixes the following security issue:
CVE-2020-15564: Missing alignment check in VCPUOP_register_vcpu_info
For further details, see the advisory:
https://xenbits.xenproject.org/xsa/advisory-327.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yann E. MORIN [Fri, 21 Aug 2020 16:35:31 +0000 (18:35 +0200)]
support/tests: add runtime test for python-rpi-gpio
Modeled after similar python packages.
However, this one is picky, and throws an exception when it
detects that it is not running on a Raspberry Pi. So we just
catch that exception and check this is what we expect.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Christian Stewart <christian@paral.in>
Cc: Michael Fischer <mf@go-sys.de>
Cc: Asaf Kahlon <asafka7@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Cc: Ian Haylock <haylocki@yahoo.co.uk>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yann E. MORIN [Fri, 21 Aug 2020 16:35:30 +0000 (18:35 +0200)]
package/python-rpi-gpio: fix gcc-10 compatibility patch
Although the patch makes the package build OK, it fails at runtime
when the module is imported, because of missing symbols:
ImportError: /usr/lib/python3.8/site-packages/RPi/_GPIO.cpython-38-aarch64-linux-gnu.so: undefined symbol: high
Fix that by making sure the symbols are declared once, but only once.
Fixes: #13166
Reported-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Michael Fischer <mf@go-sys.de>
Cc: Asaf Kahlon <asafka7@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Cc: Ian Haylock <haylocki@yahoo.co.uk>
Tested-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Yann E. MORIN [Sun, 23 Aug 2020 17:33:52 +0000 (19:33 +0200)]
package/qt5: needs host gcc >= 5.0 for full C++11
Building qmake requires full C++11, which boils down to gcc >= 5.0,
which is what upstream advertises as a requirement anyway:
https://doc.qt.io/qt-5.15/supported-platforms.html
Distribution | Architecture | Compiler
Generic Linux | x86 and x86_64 | GCC (5 or later), ICC 18.x
Fixes:
http://autobuild.buildroot.org/results/c3e/
c3ee971a72f268e72b69a647e8fd00a8cee7dc91/
http://autobuild.buildroot.org/results/89c/
89c9a88b4e1195e952528574263201d4fbc27570/
[...]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Seiderer <ps.report@gmx.net>
Cc: Julien Corjon <corjon.j@ecagroup.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Peter Korsgaard [Sun, 23 Aug 2020 10:00:27 +0000 (12:00 +0200)]
package/tpm2-abrmd: bump to version 2.3.3
Bugfix release with a single fix:
Fixed:
- Fixed handle resource leak exhausting TPM resources.
https://github.com/tpm2-software/tpm2-abrmd/releases/tag/2.3.3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Titouan Christophe [Wed, 19 Aug 2020 12:56:40 +0000 (14:56 +0200)]
package/libcurl: security bump to 7.72.0
This new version fixes, amongst many other things, CVE-2020-8231
(https://curl.haxx.se/docs/CVE-2020-8231.html). See the full changelog
on https://curl.haxx.se/changes.html#7_72_0 .
Also drop the 4 patches, that have all been released upstream.
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Yann E. MORIN [Sun, 23 Aug 2020 19:51:27 +0000 (21:51 +0200)]
package/openfpgaloader: C++ dependency is not inherited
openfpgaloader is written in C++, so the dependency on C++ is not
inherited from libftdipp1.
Drop the confusing comment.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sun, 23 Aug 2020 15:02:31 +0000 (17:02 +0200)]
package/php: drop BR2_PACKAGE_PHP_EXT_HASH
hash extension can't be disabled since version 7.4.0 and
https://github.com/php/php-src/commit/
bf344425812b0f6156d0a8a54ed7bc38054f7636
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fabrice Fontaine [Sun, 23 Aug 2020 14:55:43 +0000 (16:55 +0200)]
package/php: drop --with-libxml-dir
--with-libxml-dir has been dropped since version 7.4.0 and
https://github.com/php/php-src/commit/
29d1b7fd521af288e9f04d784f59a2d15b494a30
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>