- Sep 01, 2020
-
-
Peter Korsgaard authored
Signed-off-by:Peter Korsgaard <peter@korsgaard.com>
-
Yann E. MORIN authored
When it was applied, commit 243d500f (support/testing: add openssh runtime test) was amended to not provide a NIC to the emulated machine, as the test did not require access to the outer world: it only uses the lo interface. Also, there was a discrepancy between the NIC name in the Buildroot configuration, and the drivers available in our default kernel image, making the boot hang for a while whaiting for a NIC that would never come. However, that tweak was tested locally with a qmeu version more recent than the one available in our buidroot/base Docker image. As a consequence, that test fails to run in gitlab-ci. Revert to using the old way of specifying no network: it works on gitlab-ci, and qemu versions in standard distros still support it. Signed-off-by:
Yann E. MORIN <yann.morin.1998@free.fr> Cc: Romain Naour <romain.naour@gmail.com> Signed-off-by:
Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
-
Peter Korsgaard authored
Fixes: http://autobuild.buildroot.net/results/e32/e323f43952b3863cedfdae765b3fb10ec6b8d889/ http://autobuild.buildroot.net/results/53e/53e7b82baa9edb342cd110717d6b8ac82d5d933c/ And many more. qemu-user 5.0.0 for riscv32 segfaults when running the g-i qemu wrapper, so disable gobject-introspection. There are no autobuilder failures for next, so it looks to be fixed in qemu 5.1.0. As python-gobject and gst1-python select gobject-introspection, add a BR2_PACKAGE_GOBJECT_INTROSPECTION_ARCH_SUPPORTS symbol they can depend on rather than having to propagate the dependencies. Signed-off-by:
-
Fabrice Fontaine authored
Fix a "Local side channel attack on classical CBC decryption in (D)TLS" a.k.a. CVE-2020-16150: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1 as well as a "Local side channel attack on RSA and static Diffie-Hellman" (no CVE): https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2 Also change MBEDTLS_SITE and retrieve hash provided by upstream https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8 Signed-off-by:
Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by:
-
Peter Korsgaard authored
Fixes the following security issues: CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+ On Python 3.7+, FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files and to intermediate-level collected static directories when using the collectstatic management command. You should review and manually fix permissions on existing intermediate-level directories. CVE-2020-24584: Permission escalation in intermediate-level directories of the file system cache on Python 3.7+ On Python 3.7+, the intermediate-level directories of the file system cache had the system’s standard umask rather than 0o077 (no group or others permissions). https://docs.djangoproject.com/en/dev/releases/3.0.10/ In addition, 3.0.8..10 contains a number of bugfixes. Signed-off-by:
-
Fabrice Fontaine authored
Fixes: - http://autobuild.buildroot.org/results/8533d202fb29bf2a1677de37fc71f1a0fbd54722 Signed-off-by:
-
Fabrice Fontaine authored
Don't install an incorrect libtool file when building a static library to fix the following build failure with harfbuzz: arm-linux-g++.br_real: error: /home/buildroot/autobuild/run/instance-3/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libgraphite2.so: No such file or directory make[5]: *** [main] Error 1 Fixes: - http://autobuild.buildroot.org/results/9ebe1d11e80755d59190ef2aae82bbba5cc45e44 Signed-off-by:
-
Fabrice Fontaine authored
Fixes: - http://autobuild.buildroot.org/results/82df44b20ba4ecfb8cf7d077247b3262647a572d Signed-off-by:
-
- Aug 31, 2020
-
-
Fabrice Fontaine authored
Fixes: - http://autobuild.buildroot.org/results/701e82a8f63e8b78c2db12bdeff9086d6e121b36 Signed-off-by:
-
Fabrice Fontaine authored
Fixes: - http://autobuild.buildroot.org/results/0c61743d4a022215317e57e35a00f0fa3d16ad62 Signed-off-by:
-
Lukasz Tekieli authored
When using a combination of udhcpc and avahi-autoipd in case of receiving IP from a DHCP server, the following message can be seen: "Failed to kill daemon: No such file or directory". Add a check for a running avahi-autoipd to fix this issue. Signed-off-by:
Lukasz Tekieli <tekieli.lukasz@gmail.com> Signed-off-by:
-
Peter Korsgaard authored
Fixes: http://autobuild.buildroot.net/results/b9bf7cea8be9231552a10e8ea828bf24394402ba/ Building with introspection (together with D-Bus) support currently fails. Fixing it is not trivial, so explicitly disable introspection for now. Signed-off-by:
Adam Duskett <aduskett@gmail.com> Signed-off-by:
-
Fabrice Fontaine authored
zlib is not mandatory with mbedtls, only optional, however as mbedtls does not provide a pkg-config file, we assume that if zlib is available, we must link with it to avoid a build failure when linking statically with a zlib-enabled mbedtls. This change was pushed upstream with https://github.com/zhaojh329/rtty/commit/7b8efe11dbafce97971dc130bf6cc1756f34ce07 and is in buildroot since the bump to version 7.1.4 with commit 0c80245d. However, this change will raise a build failure if ZLIB_LIBRARIES is used when zlib is not found. This patch is fixing this build failure. However, it should be noted that the compression support in mbedtls is only enabled if BR2_PACKAGE_MBEDTLS_COMPRESSION=y. So we can have a situation where mbedtls is enabled, zlib is enabled, but mbedtls is not using zlib and as a result, since version 7.1.4, rttyt will needlessly link with zlib in such a situation. The only sane way to fix this is to use pkg-config, but as mbedtls apparently doesn't provide any .pc file, we leave it as it is. Fixes: - http://autobuild.buildroot.org/results/a0ebffe58bbf14cab74b7d2111d4d88a9c725273 Signed-off-by:
-
Fabrice Fontaine authored
Fixes: - http://autobuild.buildroot.org/results/a991e6efa012df518ff1bb35017ad2c96c8feedc Signed-off-by:
-
Peter Korsgaard authored
Upstream changed the variables used when outputting version / git commit info in docker version since: commit 04b5f44230162de40741acaa0f94c7af6f2fa1d5 Author: Ian Campbell <ijc@docker.com> Date: Tue Jan 8 15:03:51 2019 +0000 Move versioning variables to a separate package. This helps to avoid circular includes, by separating the pure data out from the actual functionality in the cli subpackage, allowing other code which is imported to access the data. Signed-off-by:Ian Campbell <ijc@docker.com> Upstream-commit: 20c19830a95455e8562551aad52c715ad0807cc6 Component: cli Which is included in docker-cli 19.3.x - So adjust the _CLI_LDFLAGS to match to get proper docker version output: Client: Version: 19.03.11 API version: 1.40 Go version: go1.13.14 Git commit: 19.03.11 vs: Client: Version: unknown-version API version: 1.40 Go version: go1.13.14 Git commit: unknown-commit Signed-off-by:
-
Julien Grossholtz authored
This is a paho-mqtt-c maintainace release. It fixes some memory leaks as well as a potential deadlock: https://github.com/eclipse/paho.mqtt.c/milestone/8?closed=1 Signed-off-by:
Julien Grossholtz <julien.grossholtz@openest.io> Signed-off-by:
-
Iulian Onofrei authored
Signed-off-by:
Iulian Onofrei <iulian.onofrei@yahoo.com> Signed-off-by:
-
Iulian Onofrei authored
Signed-off-by:
-
- Aug 30, 2020
-
-
Bernd Kuhls authored
Fixes: http://autobuild.buildroot.net/results/f13/f13d85dfec371c38229bca988cd4bffa4cb97ae5/ Signed-off-by:
Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by:
-
Fabrice Fontaine authored
- Fix CVE-2019-17547: In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free. - Fix CVE-2019-18853: ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2. - Update hash of LICENSE file (update in year with https://github.com/ImageMagick/ImageMagick/commit/f775a5cf27a95c42bb6d19b50f4869db265fdaa9 ) - Update indentation in hash file (two spaces) - Switch to github helper - it has always been an autogenerated archive. Signed-off-by:
-
Yann E. MORIN authored
HOSTCC may contain spaces, so needs to be quoted. Most of the places where it is already quoted use double-quotes, so we use that. Signed-off-by:
-
Fabrice Fontaine authored
Fixes: - http://autobuild.buildroot.org/results/a97825f3c3e6245f8d1c2eb0cdb079f5dd6f1b47 Signed-off-by:
-
Fabrice Fontaine authored
- Switch site to github, here is an extract of https://sourceforge.net/projects/silgraphite: "This project has been deprecated. Graphite2, a new version of the Graphite engine, is available at: https://github.com/silnrsi/graphite with its own bug tracker." - graphite2 can be built statically since version 1.3.11 and https://github.com/silnrsi/graphite/commit/2f143c04da5caa43ddf4dba437b2f2bc26bf4238 - Update indentation in hash file (two spaces) Extract from ChangeLog: 1.3.14 . Bug fixes . Allow features to be hidden (for aliases) . Move to python3 . Rename doc files from .txt to .asc 1.3.13 . Resolve minor spacing issue in rtl non-overlap kerning . python3 for graphite.py . Better fuzzing . Better building on windows 1.3.12 . Graphite no longer does dumb rendering for fonts with no smarts . Segment caching code removed. Anything attempting to use the segment cache gets given a regular face instead . Add libfuzzer support . Builds now require C++11 . Improvements to Windows 64 bit builds . Support different versions of python including 32 bit and python 3 . Various minor bug fixes 1.3.11 . Fixes due to security review . Minor collision avoidance fixes . Fix LZ4 decompressor against high compression The fixes due to security review are a little bit vague, a quick search on github seems to indicate that those issues could be related to segcache which has been removed since version 1.3.12: https://github.com/silnrsi/graphite/search?q=security&type=Issues https://github.com/silnrsi/graphite/commit/b0f77e4a9dc50a888f74e904000a2486b2fc5527 Signed-off-by:
-
- Aug 29, 2020
-
-
Yann E. MORIN authored
uclibc is part of the toolchain, and as such does not have a dependency on it. As a consequence, it does not have a dependency on host-ccache, when this is needed. Usually, host-ccache is built before uclibc, as part of the dependency of gcc-initial, host-binutils, and a few other host packages that are built before uclibc. However, during top-level parallel builds, this ordering is only ever guaranteed at the beginning of the configure step, and not before. But for kconfig-packages, the moment we apply the configuration to prepare the .config file is a pseudo step that happens somewhere in limbo between the patch step and the configure step. As such, the build ordering that is otherwise guaranteed by the _DEPENDENCIES is not applicable yet. And so, with top-level parallel builds with ccache enabled, there is nothing that guarantees host-ccache to be built and installed by the time we are trying to generate uclibc's .config file, which can be quite early in the build process, and thus the build fails: /home/raphael/github/ftcommunity-TXT/buildroot-rootfs/output/per-package/uclibc/host/bin/ccache /usr/bin/gcc /home/raphael/github/ftcommunity-TXT/buildroot-rootfs/output/build/uclibc-1.0.34/extra/config/conf.c -c -o ../../extra/config/conf.o -Os -I/usr/include/ncursesw -DCURSES_LOC="<curses.h>" -DNCURSES_WIDECHAR=1 -DLOCALE -DKBUILD_NO_NLS -DCONFIG_='""' -I/usr/include/ncursesw -DCURSES_LOC="<curses.h>" -DNCURSES_WIDECHAR=1 -DLOCALE -DKBUILD_NO_NLS -DCONFIG_='""' /bin/sh: 1: /home/raphael/github/ftcommunity-TXT/buildroot-rootfs/output/per-package/uclibc/host/bin/ccache: not found make[2]: *** [Makefile:64: ../../extra/config/conf.o] Error 127 make[1]: *** [Makefile.in:475: extra/config/conf] Error 2 make[1]: Leaving directory '/home/raphael/github/ftcommunity-TXT/buildroot-rootfs/output/build/uclibc-1.0.34' make: *** [package/uclibc/uclibc.mk:458: /home/raphael/github/ftcommunity-TXT/buildroot-rootfs/output/build/uclibc-1.0.34/.stamp_dotconfig] Error 2 make: *** Waiting for unfinished jobs.... The root cause is that uclibc sets; UCLIBC_KCONFIG_OPTS = $(UCLIBC_MAKE_FLAGS) [...] with: UCLIBC_MAKE_FLAGS = [...] HOSTCC="$(HOSTCC)" And then the kconfig-package infra calls to the configurators, menuconfig, xconfig et al, but also olddefconfig et al.. with: [...] $($(1)_MAKE) [...] $(PKG_KCONFIG_COMMON_OPTS) $($(1)_KCONFIG_OPTS) [...] with (note a latent bug in there, will be fixed in another patch): PKG_KCONFIG_COMMON_OPTS = HOSTCC=$(HOSTCC_NOCCACHE) So, a HOSTCC as set by a package will always win onver the one set by the infra, which is exactly what we want. But in this case, uclibc sets HOSTCC so that it can build its host tools needed during the build, and in doing so uses the ccache-enabled host c compiler. Which might not yet be available for the kconfig-package infra to generate the .config file. We had a similar (non-)issue for the linux package, which was fixed in commit 71a31b23 (linux: use HOSTCC_NOCCACHE as kconfig HOSTCC). But here, uclibc does not have the toolchain in its dependencies (as said earlier, uclibc *is* part of the toolchain). Since the host compiler is only used to build very few files to generate the simple executable needed to generate the .config file, doing without the ccache-enabled host compiler will be amply enough. So, we override HOSTCC in UCLIBC_KCONFIG_OPTS, to use the non-cached host compiler. Note that, in a first approximation, one would be tempted to change the ordering in the kconfig-package infra: $($(1)_KCONFIG_OPTS) $(PKG_KCONFIG_COMMON_OPTS) so that the non-cached HOSTCC always wins over the cached one. But this would be incorrect, in cases where the package really needs to override HOSTCC; indeed we want the package-provided values to always win over the default ones providing by the infra. Reported-by:Raphael Jacob <r.jacob2002@gmail.com> Signed-off-by:
Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by:
-
Peter Korsgaard authored
Signed-off-by: -
Peter Korsgaard authored
Signed-off-by:
-
Peter Korsgaard authored
Signed-off-by: -
Peter Korsgaard authored
Signed-off-by: -
Peter Korsgaard authored
Signed-off-by:
-
Fabrice Fontaine authored
Commit 8f5a9f59 forgot to drop SYNC4 from comment Signed-off-by:
-
Titouan Christophe authored
Mosquitto 1.6.11 is a bugfix release, read the whole announcement on http://mosquitto.org/blog/2020/08/version-1-6-11-released/ Mosquitto 1.6.12 is a security and bugfix release, read http://mosquitto.org/blog/2020/08/version-1-6-12-released/ >From the 1.6.11 changelog of the client library: mosquitto_loop_start() now sets a thread name on Linux, FreeBSD, NetBSD, and OpenBSD. Closes #1777. This is done with pthread_setname_np; so mosquitto now requires BR2_TOOLCHAIN_HAS_THREADS_NPTL when built with threading support. 2 reverse dependencies use the threaded API, but they already depend on BR2_TOOLCHAIN_HAS_THREADS_NPTL: * domoticz [1] (we add a comment for mosquitto) * shairport-sync [2] [1] https://github.com/domoticz/domoticz/blob/2020.1/main/mosquitto_helper.cpp#L344 [2] https://github.com/mikebrady/shairport-sync/blob/3.3.6/mqtt.c#L227-L229 Signed-off-by:
Titouan Christophe <titouan.christophe@railnova.eu> Signed-off-by:
-
Titouan Christophe authored
In 4fc62e1e, we removed arch/toolchain dependencies from the mosquitto library (MMU, !STATIC, SYNC4), and moved them to the mosquitto broker only. All the packages modified here only need the mosquitto library, so they shouldn't have those depends anymore; but this was never done before. Signed-off-by:
-
Fabrice Fontaine authored
Fixes: - http://autobuild.buildroot.org/results/21098180d386890025ed5cdd243bf5a9b444c5cf Signed-off-by:
-
Fabrice Fontaine authored
Drop patch (already in version) http://www.haproxy.org/download/2.2/src/CHANGELOG Signed-off-by:
-
Fabrice Fontaine authored
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.1.4-relnotes.txt Signed-off-by:
-
Fabrice Fontaine authored
Fixes: - http://autobuild.buildroot.org/results/b93ce5430bf22ddda94ee30882a883348617f5b1 Signed-off-by:
-
Fabrice Fontaine authored
Disable audit for host package to avoid getting the following error if it is found on host: [84/662] Generating audit_type-list.txt with a meson_exe.py custom command In file included from <command-line>:32: ./../src/basic/missing_audit.h:7:10: fatal error: libaudit.h: No such file or directory 7 | #include <libaudit.h> | ^~~~~~~~~~~~ Fixes: - http://autobuild.buildroot.org/results/67782c225c08387c1bbcbea9eee3ca12bc6577cd Signed-off-by: -
Fabrice Fontaine authored
Build with cryptsetup and without libblkid will fail on: ../src/shared/dissect-image.c:1336:34: error: 'N_DEVICE_NODE_LIST_ATTEMPTS' undeclared (first use in this function) 1336 | for (unsigned i = 0; i < N_DEVICE_NODE_LIST_ATTEMPTS; i++) { | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ This bug has been reported upstream: https://github.com/systemd/systemd/pull/16901 and is not an issue for the target variant as libblkid is select by BR2_PACKAGE_UTIL_LINUX_MOUNT As cryptsetup does not seem needed for host-systemd, just disable it Fixes: - http://autobuild.buildroot.org/results/67782c225c08387c1bbcbea9eee3ca12bc6577cd Signed-off-by: -
Yann E. MORIN authored
As 18f6c261 just did to silence the file lists commands, switch to using $(Q) instead of a plain @, to silence the commands. Using $(Q) will allow to debug the commands with V=1. We keep @ for the calls to MESSAGE, though. The commands that are not currently silenced are left as-is, and they can be converted to being silent in a followup patch, if need be, Signed-off-by:
-
Paul Cercueil authored
If the modules directory that corresponds to the version of the kernel being built has been deleted, don't try to run depmod, which will obviously fail. This can happen for instance when the modules are stripped from the main root filesystem, and placed into a separate filesystem image, so that the root filesystem and the kernel can be updated separately. Signed-off-by:
Paul Cercueil <paul@crapouillou.net> Signed-off-by:
-
