- Sep 09, 2022
-
-
Peter Korsgaard authored
Signed-off-by:
Peter Korsgaard <peter@korsgaard.com> Signed-off-by:
Yann E. MORIN <yann.morin.1998@free.fr>
-
Peter Korsgaard authored
Fixes: (thttpd) http://autobuild.buildroot.net/results/f74/f74cae1d981b284a69d7a4e138faf97e45e44865/ (wipe) http://autobuild.buildroot.net/results/4dc/4dc77752d5851d8a71d234c0b284ca696e633754/ And (possibly, unable to reproduce locally): http://autobuild.buildroot.net/results/658/65882e1f266e818fecef2892c9493d3b8e1e912e/ --runstatedir was added in autoconf 2.69b: http://git.savannah.gnu.org/gitweb/?p=autoconf.git;a=commit;h=a197431414088a417b407b9b20583b2e8f7363bd Some earlier autoconf versions (E.G. 2.13 as used by thttpd/wipe) get confused if --runstatedir is passed, so only do so if it is supported (E.G. present in the script). With this change we can go back to passing --runstatedir instead of runstatedir, so this effectively reverts commit c28b2703 (package/pkg-autotools.mk: fix runtime path). Suggested-by:
Norbert Lange <nolange79@gmail.com> Signed-off-by:
-
Frank Hunleth authored
This release fixes a compiler error when using glibc 2.36. Signed-off-by:
Frank Hunleth <fhunleth@troodon-software.com> Signed-off-by:
-
Lang Daniel authored
The POLKIT_IGNORE_CVES variable was missing a "S", therefore the CVE still showed up in the wrong column. Signed-off-by:
Daniel Lang <d.lang@abatec.at> Signed-off-by:
-
- Sep 08, 2022
-
-
Romain Naour authored
Using a custom Xtensa configuration requires an overlay that provides that configuration; not providing an overlay is like using the default configuration, BR2_xtensa_fsf, so there would be no point in that case in requesting a custom configuraiton. Make providing an overlay mandatory for custom configurations. Fixes: http://autobuild.buildroot.org/results/f0b/f0ba47d2534aeb3cc2921124aa639ae3aa072b9b xtensa-buildroot-linux-uclibc/bin/ld: ldso/ldso/ld-uClibc_so.a(ldso.oS): compiled for a big endian system and target is little endian [1] https://gcc.gnu.org/git/?p=gcc.git;a=blob;f=include/xtensa-config.h;hb=2ee5e4300186a92ad73f1a1a64cb918dc76c8d67#l28 Signed-off-by:Romain Naour <romain.naour@gmail.com> Cc: Max Filippov <jcmvbkbc@gmail.com> [yann.morin.1998@free.fr: - always require an overlay for custom configurations, not just for little endian ones ] Signed-off-by:
-
- Sep 07, 2022
-
-
Christian Stewart authored
go1.18.6 includes security fixes to the net/http package, as well as bug fixes to the compiler, the go command, the pprof command, the runtime, and the crypto/tls, encoding/xml, and net packages. https://github.com/golang/go/issues?q=milestone%3AGo1.18.6+label%3ACherryPickApproved Signed-off-by:
Christian Stewart <christian@paral.in> Signed-off-by:
-
- Sep 06, 2022
-
-
Yann E. MORIN authored
Sub-options of a kconfig symbol are only preperly indented below that sybol, if there is no inter-mixed sylbols or comments. In this vase, the comment about perf being unavailable is in-between the perf symbol and the sub-options, which means the perf options are int indented. Move the comment before the definition of perf, so that the options directly follow the per fsymbol, and so they are properly indented. Signed-off-by: -
Baruch Siach authored
This update fixes build with gcc 11. Update license file hash for unrelated code changes. Tested on Macchiatobin. Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/2931841699 https://gitlab.com/buildroot.org/buildroot/-/jobs/2931841700 Signed-off-by:
Baruch Siach <baruch@tkos.co.il> Signed-off-by:
Arnout Vandecappelle <arnout@mind.be>
-
Gwenhael Goavec-Merou authored
Use the mainline ATF as it supports the Pine64 ROCKPro64 board. Fixes: - https://gitlab.com/buildroot.org/buildroot/-/jobs/2812054016 Signed-off-by:
Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com> Signed-off-by:
-
Fabrice Fontaine authored
Add custom cases to make sure that a random configuration with an empty git or tarball location for mxs-bootlets doesn't fail. It reverts to BR2_TARGET_MXS_BOOTLETS_FREESCALE in that case. Fixes: - http://autobuild.buildroot.org/results/dcbeb73d152c79c18b1fa3bef3b4fa07635d7b36 - http://autobuild.buildroot.org/results/f61cf3fc58db9ded5ec42ebf4a9847584700698d Signed-off-by:
Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by:
-
Arnout Vandecappelle authored
package/gcc/11.3.0/0005-rs6000-Improve-.machine.patch:4: generate your patches with 'git format-patch -N' package/gcc/11.3.0/0006-rs6000-Do-not-use-rs6000_cpu-for-.machine-ppc-and-pp.patch:4: generate your patches with 'git format-patch -N' Signed-off-by: -
Romain Naour authored
It seems that gdb doesn't build for xtensa since a while, indeed commit [1] merged in gdb 9 introduced a few number of build issues on several architectures: [Fix gdb build on macOS] https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=b1c896b365f2dbcd14145a88d103623244cf0fb0 [gdb: Fix gdb build on mips64-linux] https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=2208ee917050bcc901c7faefdee257ffbf8ef2ab [gdb: Fix native build on Linux/Alpha.] https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=7a27b85f6d9b5eea9bd1493f903158fbea4b2231 [Include gdbarch.h in m68k-linux-nat.c] https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=a7cdaa914f4b937544d8f102679bb5129bb1ef08 [gdb: include gdbarch.h in hppa-linux-nat.c] https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=ad75efa628656716982f2674008952bfd2c268af Most of them has been fixed before the gdb 9 release but it seems that xtensa is the last one on this list and still unfixed with gdb 11 (not even noticed by Buildroot autobuilders). [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=0d12e84cfc9bd36b7bbda01a3c8f83f65a832398 Signed-off-by:
-
Michael Nosthoff authored
lots of fixes but most importantly: - don't allow unknown operational/admin states (CVE-2022-29799, CVE-2022-29800) Signed-off-by:
Michael Nosthoff <buildroot@heine.tech> Signed-off-by:
-
Kory Maincent authored
host-python-pillow was needed to build optee-os from STMicroelecronics during its rc versions but is is not needed anymore in the release. It is then useless to keep this support. Signed-off-by:
Kory Maincent <kory.maincent@bootlin.com> Signed-off-by:
-
Kory Maincent authored
host-python-pillow dependency was needed to build the STMicroelecronics version during its rc versions but is is not needed anymore in the release. It is then useless to keep this dependency. Signed-off-by:
-
Romain Naour authored
gcc 11.3.0 contains a backported patch [1] that introduce a regression for old powerpc cpus like the powerpc 7400 (G4). The glibc crash the init process due to a wrong asm machine directive (.machine). Run /sbin/init as init process init[1]: segfault (11) at 7369693e nip 6f6e08 lr 6f6a68 code 1 in libc.so.6[690000+18f000] init[1]: code: 280a000c 41c1ffe0 811edb80 554a103a 7d48502e 7d4a4214 7d4903a6 4e800420 init[1]: code: 2c08007a 4bffffbc 89290000 5529103a <7d2a482e> 2c090000 41c2ff78 7fe4fb78 Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b Backport two patches from the gcc-11 stable branch (the upcoming gcc 11.4.0). [1] https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=3cb53c10831be59d967d9dce8e7980fee4703500 Fixes: https://gitlab.com/kubu93/buildroot/-/jobs/2976071284 Signed-off-by:
Joel Stanley <joel@jms.id.au> Signed-off-by:
-
Fabrice Fontaine authored
Fix the following security vulnerabilities: - [Low] Fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users doing operations with private ECC keys such as server side TLS connections and creating ECC signatures, who also have hardware that could be targeted with a sophisticated Rowhammer attack should update the version of wolfSSL and compile using the macro WOLFSSL_CHECK_SIG_FAULTS. - [Low] In wolfSSL version 5.3.0 if compiled with --enable-session-ticket and the client has non-empty session cache, with TLS 1.2 there is the possibility oàf a man in the middle passing a large session ticket to the client and causing a crash due to an invalid free. There is also the potential for a malicious TLS 1.3 server to crash a client in a similar manner except in TLS 1.3 it is not susceptible to a man in the middle attack. Users on the client side with –enable-session-ticket compiled in and using wolfSSL version 5.3.0 should update their version of wolfSSL. - [Low] If using wolfSSL_clear to reset a WOLFSSL object (vs the normal wolfSSL_free/wolfSSL_new) it can result in runtime issues. This exists with builds using the wolfSSL compatibility layer (--enable-opnesslextra) and only when the application is making use of wolfSSL_clear instead of SSL_free/SSL_new. In the case of a TLS 1.3 resumption, after continuing to use the WOLFSSH object after having called wolfSSL_clear, an application could crash. It is suggested that users calling wolfSSL_clear update the version of wolfSSL used. - Potential DoS attack on DTLS 1.2. In the case of receiving a malicious plaintext handshake message at epoch 0 the connection will enter an error state reporting a duplicate message. This affects both server and client side. Users that have DTLS enabled and in use should update their version of wolfSSL to mitigate the potential for a DoS attack. https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable Signed-off-by:
-
- Sep 05, 2022
-
-
Fabrice Fontaine authored
Fix the following build failure with gcc 4.8 raised since commit 8b42bbf3: /home/buildroot/autobuild/run/instance-1/output-1/build/sconeserver-8d1935919a2013358993a8e9dfa992cbde56e503/http/AuthRealmDB.cpp: In member function 'virtual std::string http::AuthRealmDB::lookup_hash(const string&)': /home/buildroot/autobuild/run/instance-1/output-1/build/sconeserver-8d1935919a2013358993a8e9dfa992cbde56e503/http/AuthRealmDB.cpp:93:3: error: 'unique_ptr' is not a member of 'std' std::unique_ptr<scx::DbQuery> query(m_db->object()->new_query( ^ Fixes: - http://autobuild.buildroot.org/results/198c23f1de5cc90efe2d3b4ce053939457e003f7 Signed-off-by:
-
Sergey Matyukevich authored
Linux kernel commit 00facc760903 ("perf jevents: Switch build to use jevents.py") switched to auto-generation of arch-specific PMU events using python script. Now custom PMU events for different platforms of the selected target architecture are not embedded into perf binary if an appropriate host python interpreter is not present. In practice it means that perf is successfully built, but 'perf list pmu' will show no custom events on a target platform even if those events are supported and properly defined in tools/perf/pmu-events/arch/<target arch> directory in the kernel source tree. Since building host-python3 is not instantaneous, add a config option, like we have in the kernel for a bunch of host packages, to id=ndicate that host-python3 is required, and only add the dependency in that case. Signed-off-by:Sergey Matyukevich <geomatsi@gmail.com> [yann.morin.1998@free.fr: - add BR2_PACKAGE_LINUX_TOOLS_PERF_NEEDS_HOST_PYTHON3 - extend commit log accordingly ] Signed-off-by:
-
Fabrice Fontaine authored
- Improved DNS rebinding attack protection. - Fixed a potential crash in SSDP request parsing. - Drop patch (already in version) https://sourceforge.net/projects/minidlna/files/minidlna/1.3.2 Signed-off-by:
-
Konstantin Menyaev authored
From the README: dhcpcd-9 defaults the run directory to `/var/run/dhcpcd` instead of `/var/run` and the prefix of dhcpcd has been removed from the files. Make it so. Signed-off-by:Konstantin Menyaev <KAMenyaev@sberdevices.ru> Signed-off-by:
-
- Sep 04, 2022
-
-
Peter Korsgaard authored
5.17.x is EOL. Signed-off-by:
-
Dario Binacchi authored
The hash of README.md has changed because the link to the zstd license has been added: - `` + `- zstd (Dual BSD\GPLv2 Licenses) is from https://github.com/facebook/zstd` Signed-off-by:
Dario Binacchi <dario.binacchi@amarulasolutions.com> Signed-off-by:
-
Francois Perrad authored
see https://mosquitto.org/blog/2022/08/version-2-0-15-released/ Signed-off-by:
Francois Perrad <francois.perrad@gadz.org> Signed-off-by:
-
- Sep 03, 2022
-
-
Marcus Hoffmann authored
Fixes the following security issues: - gh-92888: Fix memoryview use after free when accessing the backing buffer in certain cases. - gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. Release notes: https://docs.python.org/release/3.10.6/whatsnew/changelog.html#python-3-10-6-final Signed-off-by:
Marcus Hoffmann <marcus.hoffmann@othermo.de> [Peter: Mark as security bump] Signed-off-by:
-
- Sep 01, 2022
-
-
Peter Korsgaard authored
Signed-off-by:
-
- Aug 31, 2022
-
-
Peter Korsgaard authored
Signed-off-by: -
Peter Korsgaard authored
Signed-off-by:
-
Marcus Hoffmann authored
This tests valdates that we can publish a message and read it back. Signed-off-by:
-
Marcus Hoffmann authored
Fixes the following error on calling mqtt.publish(): File "/usr/lib/python3.10/site-packages/paho/mqtt/publish.py", line 222, in single multiple([msg], hostname, port, client_id, keepalive, will, auth, tls, File "/usr/lib/python3.10/site-packages/paho/mqtt/publish.py", line 126, in multiple if not isinstance(msgs, collections.Iterable): AttributeError: module 'collections' has no attribute 'Iterable' Backported from https://github.com/eclipse/paho.mqtt.python/pull/497/ This was deprecated in python 3.9 and stopped working in python 3.10 Signed-off-by: -
Peter Korsgaard authored
This was naturally 2022.05.1, NOT 2021.05.1. Signed-off-by: -
Peter Korsgaard authored
Signed-off-by: -
Peter Korsgaard authored
Signed-off-by:
-
- Aug 30, 2022
-
-
Marcus Hoffmann authored
See: https://security-tracker.debian.org/tracker/CVE-2022-37434 Signed-off-by:
-
Marcus Hoffmann authored
gnu vendor is not found for zlib in CPE database [1]. zlib is the correct vendor [2]. [1] https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:gnu:zlib [2] https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:zlib:zlib Signed-off-by:
-
Romain Naour authored
There is currently no version of gdbserver for or1k. Until this is implemented we will prevent both the direct and indirect selection of gdbserver for or1k builds. In practice this means that 'cross gdb for the host' cannot be selected and that 'full debugger' must be automatically selected for the gdb target package. This partially reverts commit 991b7b99 which claimed that gdbserver for or1k was already supported before version 8.3. That is not true - the commit that adds gdbserver support for or1k [1] was only merged for version 12.1, which hasn't been integrated in Buildroot yet. Without that support, the build of gdbserver fails with /home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-musl/11.2.0/../../../../or1k-buildroot-linux-musl/bin/ld: server.o: in function `main': server.cc:(.text.startup+0x6dc): undefined reference to `initialize_low()' /home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-musl/11.2.0/../../../../or1k-buildroot-linux-musl/bin/ld: remote-utils.o: in function `prepare_resume_reply(char*, ptid_t, target_waitstatus*)': remote-utils.cc:(.text+0x28a8): undefined reference to `using_threads' /home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/or1k-buildroot-linux-musl/11.2.0/../../../../or1k-buildroot-linux-musl/bin/ld: remote-utils.cc:(.text+0x28b0): undefined reference to `using_threads' Fixes: http://autobuild.buildroot.net/results/b3c/b3c0df53d09d9facaf0c3c2bc4529f9fcf7737ee [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=4933265c3f71b9134363d0c05f09542d5cc677f4 Signed-off-by:
-
Romain Naour authored
Commit [1] enabled glibc on or1k since it's now supported but it requires a toolchain with linux-headers >= 5.4. From [2]: "Here we define the minumum linux kernel version at 5.4.0, as that is the long term support version where 32-bit architectures start to support 64-bit time API's. The OpenRISC kernel had some bugs up until version 5.8 which caused issues with glibc fork/clone, they have been backported to 5.4 but not previous versions." Fixes: checking installed Linux kernel header files... 3.2.0 or later checking for kernel header at least 5.4.0... too old! configure: error: *** The available kernel headers are older than the requested https://gitlab.com/buildroot.org/toolchains-builder/-/jobs/2875256686 [1] 68d0aede [2] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=0c3c62ca7d9ff3bdacdd13e636bc858101e3e288 Signed-off-by:
-
Fabrice Fontaine authored
openssl is an optional dependency since version 1.5.13 and https://github.com/memcached/memcached/commit/ee1cfe3bf9384d1a93545fc942e25bed6437d910 which must be handled through pkg-config to avoid static build failure Signed-off-by:
-
Romain Naour authored
While building host-rust with a musl based toolchain without C++ compiler, the build fail since libunwind bundled in rust sources needs a C++ compiler. cargo:warning=i686-buildroot-linux-musl-gcc.br_real: error: [...]/host-rust-1.62.0/src/llvm-project/libunwind/src/Unwind-EHABI.cpp: C++ compiler not installed on this system Note: the issues can't be reproduced with a glibc based toolchain without C++ probaly due to extra steps required to support musl libc. We could add the C++ dependency direclty to host-rustc but it would requires adding the C++ reverse dependencies to all rust packages. Instread, we add the C++ dependency to BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS only when a musl toolchain is used. So we can still install a prebuilt rust compiler but without the rust standard library (rust-std). Usually we should not add toolchain dependencies in a _ARCH_SUPPORTS option but BR2_PACKAGE_HOST_RUSTC_TARGET_TIER... options contains already some BR2_TOOLCHAIN_USES_GLIBC or BR2_TOOLCHAIN_USES_MUSL. Fixes: http://autobuild.buildroot.org/results/636/636fb39c8f1b8c05e4ca451ac506cd63c7166d82 Signed-off-by:
Romain Naour <romain.naour@smile.fr> Reviewed-by:
Nicolas Tran <nicolas.tran@smile.fr> Signed-off-by:
-
Michael Nosthoff authored
fixes: - Fixed comparison of maps in Python. Signed-off-by:
-
