- Nov 14, 2020
-
-
Bartosz Bilas authored
Since there is not necessary to have support of systemd within the host variant let's disable it unconditionally to solve the following errors: /usr/bin/install -c -m 644 data/rauc.service '/usr/lib/systemd/system' /usr/bin/install: cannot create regular file '/usr/lib/systemd/system/rauc.service': Permission denied /usr/bin/install -c -m 644 data/de.pengutronix.rauc.conf 'no' make[4]: *** [Makefile:1700: install-nodist_systemdunitDATA] Error 1 make[4]: *** Waiting for unfinished jobs.... Signed-off-by:
Bartosz Bilas <b.bilas@grinn-global.com> Signed-off-by:
Peter Korsgaard <peter@korsgaard.com>
-
Thomas Petazzoni authored
While testing Buildroot on a Cortex-A5 that doesn't provide NEON, we found out that a system generated with the ARM toolchain from Arm didn't boot. It turns out that this ARM toolchain is built with: --with-arch=armv7-a --with-fpu=neon --with-float=hard --with-mode=thumb So, it uses NEON as its FPU, which means it can only work on CPU cores that have NEON support. This commit adds the appropriate dependency to the toolchain-external-arm-arm package, and adjusts the Config.in help text accordingly. While at it, it also drops the part of the Config.in help text that says the code is tuned for Cortex-A9, as it is not the case: it was the case for the Linaro toolchain (built with --with-tune=cortex-a9), but not for the ARM toolchain, for which no specific --with-tune is passed. Signed-off-by:
Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: Alexandre Belloni <alexandre.belloni@bootlin.com> Cc: Romain Naour <romain.naour@gmail.com> Signed-off-by:
-
Fabrice Fontaine authored
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. Signed-off-by:
Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by:
-
Fabrice Fontaine authored
Fixes: - http://autobuild.buildroot.org/results/5c17226f12eba104d907693ec37fc101cc6d447f Signed-off-by:
-
Fabrice Fontaine authored
Fixes: - http://autobuild.buildroot.org/results/4655626f1827245648a566a7223f247a130714c5 Signed-off-by:
-
Romain Naour authored
The commit [1] should fix a circular dependency by using util-linux-libs instead of util-linux if BR2_PACKAGE_UTIL_LINUX_LIBS is set. But util-linux is still in CRYPTSETUP_DEPENDENCIES. Remove it to really break the circular dependency. [1] e3c86f5c Signed-off-by:
Romain Naour <romain.naour@gmail.com> Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com> Cc: Yann E. MORIN <yann.morin.1998@free.fr> Reviewed-by:
Yann E. MORIN <yann.morin.1998@free.fr>
-
- Nov 13, 2020
-
-
Julien Olivain authored
The commit 05fea6e4 "infra/pkg-kconfig: do not rely on package's .config as a timestamp" broke the kernel version check of this linux-backports package (it was no longer executed). Since linux-4.19, the kernel's build system internally touches its .config file, so it can no longer be used as a stamp file. The stamp file defined in KCONFIG_STAMP_DOTCONFIG variable of pkg-kconfig infra need to be used instead. This commit fixes the kernel version check. Signed-off-by:
Julien Olivain <ju.o@free.fr> Reviewed-by:
Petr Vorel <petr.vorel@gmail.com> Tested-by:
-
Romain Naour authored
The commit [1] enabled riscv32 and riscv64 for uClibc-ng internal toolchain backend but only riscv64 is curently supported by uClibc-ng. The initial patch [2] from Mark Corbin is only about riscv64. Remove riscv32 from uClibc-ng supported architecture list. Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/830981656 [1] 209a0824 [2] bd9810e1 Signed-off-by:
-
Fabrice Fontaine authored
Fix build of suricata 6.0.0 with mips32r6 app-layer-ftp.o: In function `FTPCheckMemcap': app-layer-ftp.c:(.text+0x284): undefined reference to `__atomic_load_8' app-layer-ftp.c:(.text+0x2d8): undefined reference to `__atomic_fetch_add_8' Fixes: - http://autobuild.buildroot.org/results/f574005204905250702df32b61c85d427ab4feda Signed-off-by:
-
Bartosz Bilas authored
Add -p argument that ignore that specified directory already exists. Fixes: mkdir: cannot create directory ‘/home/bartekk/buildroot-2020.11-rc1/output/target/usr/lib/systemd/system/rauc.service.d’: File exists Signed-off-by:
-
Peter Korsgaard authored
Fixes the following security issues: - math/big: panic during recursive division of very large numbers A number of math/big.Int methods (Div, Exp, DivMod, Quo, Rem, QuoRem, Mod, ModInverse, ModSqrt, Jacobi, and GCD) can panic when provided crafted large inputs. For the panic to happen, the divisor or modulo argument must be larger than 3168 bits (on 32-bit architectures) or 6336 bits (on 64-bit architectures). Multiple math/big.Rat methods are similarly affected. crypto/rsa.VerifyPSS, crypto/rsa.VerifyPKCS1v15, and crypto/dsa.Verify may panic when provided crafted public keys and signatures. crypto/ecdsa and crypto/elliptic operations may only be affected if custom CurveParams with unusually large field sizes (several times larger than the largest supported curve, P-521) are in use. Using crypto/x509.Verify on a crafted X.509 certificate chain can lead to a panic, even if the certificates don’t chain to a trusted root. The chain can be delivered via a crypto/tls connection to a client, or to a server that accepts and verifies client certificates. net/http clients can be made to crash by an HTTPS server, while net/http servers that accept client certificates will recover the panic and are unaffected. Moreover, an application might crash invoking crypto/x509.(*CertificateRequest).CheckSignature on an X.509 certificate request or during a golang.org/x/crypto/otr conversation. Parsing a golang.org/x/crypto/openpgp Entity or verifying a signature may crash. Finally, a golang.org/x/crypto/ssh client can panic due to a malformed host key, while a server could panic if either PublicKeyCallback accepts a malformed public key, or if IsUserAuthority accepts a certificate with a malformed public key. Thanks to the Go Ethereum team and the OSS-Fuzz project for reporting this. Thanks to Rémy Oudompheng and Robert Griesemer for their help developing and validating the fix. This issue is CVE-2020-28362 and Go issue golang.org/issue/42552. - cmd/go: arbitrary code execution at build time through cgo The go command may execute arbitrary code at build time when cgo is in use. This may occur when running go get on a malicious package, or any other command that builds untrusted code. This can be caused by malicious gcc flags specified via a #cgo directive, or by a malicious symbol name in a linked object file. Thanks to Imre Rad and to Chris Brown and Tempus Ex respectively for reporting these issues. These issues are CVE-2020-28367 and CVE-2020-28366, and Go issues golang.org/issue/42556 and golang.org/issue/42559 respectively. Signed-off-by: -
Peter Korsgaard authored
Fixes a build issue with linux 5.4.76+. For details, see the announcement: https://lists.zx2c4.com/pipermail/wireguard/2020-November/005997.html Signed-off-by:
-
Peter Korsgaard authored
Including the fix for CVE-2020-8694: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html Signed-off-by:
-
Bernd Kuhls authored
Release notes: https://blog.torproject.org/node/1952 Fixes TROVE-2020-005. Signed-off-by:
Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by:
-
- Nov 12, 2020
-
-
Romain Naour authored
The rock64 defconfig is currently broken [1][2] since a while due to incompatibility between uboot-2017.09-rockchip-ayufan fork and pylibfdt. Even with the latest uboot-2017.09-rockchip-ayufan fork version [3], it doesn't build. The original submitter tried the uboot upstream rock64-rk3328_defconfig but the board doesn't boot [4]. In order to not release 2020.05 with a broken defconfig, let's remove it. It can be re-added later once the uboot issue has been resolved. [1] 2020.05-rc2: https://gitlab.com/buildroot.org/buildroot/-/jobs/563613273 [2] 2020.02: https://gitlab.com/buildroot.org/buildroot/-/jobs/548596102 [3] https://github.com/ayufan-rock64/linux-u-boot/releases/tag/2017.09-rockchip-ayufan-1065-g95f6152134 [4] http://lists.busybox.net/pipermail/buildroot/2020-May/282164.html Signed-off-by:
-
Romain Naour authored
This version fix the runtime issue with python 3.9 since _Py_ForgetReference() was removed from the limited C API [1]. $ python sample_python_crossbar.py /usr/bin/python3.9: symbol '_Py_ForgetReference': can't resolve symbol python-lmbd 0.99 contain a refactoring removing _Py_ForgetReference() from the code. Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/830981961 https://gitlab.com/buildroot.org/buildroot/-/jobs/830981979 [1] https://docs.python.org/3/whatsnew/3.9.html#id3 [2] https://github.com/jnwatson/py-lmdb/commit/22a3724bdcda62853e8a250094f512eb20abe01f Signed-off-by:
-
Romain Naour authored
Since commit [1] in cpython, an exception is raised when an encryption method is not available. This eception is handled only if errno is set to EINVAL by crypt() but uClibc-ng doesn't set errno in crypt() [2]. Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/830981961 https://gitlab.com/buildroot.org/buildroot/-/jobs/830981979 [1] https://github.com/python/cpython/commit/0d3fe8ae4961bf551e7d5e42559e2ede1a08fd7c [2] https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/tree/libcrypt/crypt.c?h=v1.0.36#n29 Signed-off-by:
-
Peter Seiderer authored
Fixes: - https://bugs.busybox.net/show_bug.cgi?id=13306 .../wpewebkit-2.30.2/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp:242:30: error: ‘class WebCore::Settings’ has no member named ‘setGenericCueAPIEnabled’; did you mean ‘setBeaconAPIEnabled’? page->settings().setGenericCueAPIEnabled(enabled); ^~~~~~~~~~~~~~~~~~~~~~~ setBeaconAPIEnabled Signed-off-by:
Peter Seiderer <ps.report@gmx.net> Signed-off-by:
-
Julien Olivain authored
Upstream backports package does not define the LEX/YACC Makefile variables, contrary to the Kernel which is defining those in [1]. The default "lex" and "yacc" are then used. On some systems, "yacc" is Berkeley Yacc. Kconfig parser files are using non-Posix Bison constructs. Attempting to generate the parser with byacc fails with error: yacc: e - line 97 of "zconf.y", syntax error %destructor { ^ This patch defines the LEX and YACC Makefile variable to use flex and bison, to fix this issue. The host-bison and host-flex dependencies are added only if the host does not have them, following the same logic of the Kernel. [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=73a4f6dbe70a1b93c11e2d1d6ca68f3522daf434 Signed-off-by: -
Klaus Heinrich Kiwi authored
Pick the below patch from upstream, in order to fix 'settimeofday: Invalid argument' introduced by using glibc v2.31+. (busybox hasn't tagged a new version since). See https://bugs.busybox.net/show_bug.cgi?id=12756 for more info. Signed-off-by:
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Signed-off-by:
-
Peter Korsgaard authored
Fixes the following security issues: - AST-2020-001: Remote crash in res_pjsip_session Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. - AST-2020-002: Outbound INVITE loop on challenge with different nonce If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur. For details, see the announcement: https://www.asterisk.org/asterisk-news/asterisk-13-37-1-16-14-1-17-8-1-18-0-1-and-16-8-cert5-now-available-security/ Signed-off-by:
-
Stefan Agner authored
Avoid setting executable bits for apparmor.service. This gets rid of a corresponding warning during installation: Configuration file ../target/usr/lib/systemd/system/apparmor.service is marked executable. Please remove executable permission bits. Proceeding anyway. Signed-off-by:
Stefan Agner <stefan@agner.ch> Signed-off-by:
-
Fabrice Fontaine authored
Signed-off-by:
-
Fabrice Fontaine authored
Use fbset.c as the license file and, while at it, also update indentation in hash file (two spaces) Signed-off-by:
-
Fabrice Fontaine authored
Use README as the license file until upstream provides one: https://github.com/nroach44/bandwidthd/issues/2 While at it, also update indentation in hash file (two spaces) Signed-off-by:
-
Fabrice Fontaine authored
Use argp.h as the license file and, while at it, update indentation in hash file Signed-off-by:
-
Peter Korsgaard authored
Fixes CVE-2020-27347: The function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output. For details, see: https://www.openwall.com/lists/oss-security/2020/11/05/3 Signed-off-by:
-
- Nov 11, 2020
-
-
Heiko Thiery authored
9c13e02c already fixed the static linking issue for host-libcap on some distros (e.g. on Fedora32 and openSUSE). This regression was introduced by 8d38eb05. An upstream patch [1] is added to address this problem [2]. Fixes: Bug 13296 [1] https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=9b1c003748d4df78416d50fce139f0875224440b [2] https://bugzilla.kernel.org/show_bug.cgi?id=210135 Cc: Peter Seiderer <ps.report@gmx.net> Cc: Dr I J Ormshaw <ian_ormshaw@waters.com> Signed-off-by:
Heiko Thiery <heiko.thiery@gmail.com> Tested-by:
Ian Ormshaw <ian_ormshaw@waters.com> Tested-by:
-
Julien Olivain authored
Initial Atheros ath10k QCA9377 support was introduced in Kernel v4.4 [1]. More recently, in v5.7 [2], the SDIO support was also added. This patch adds a new option to install firmware files for this device. [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a226b519d43a2a6b37267fea051aacb4a79c9614 [2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=6e51b0e4913ca2c93059f73ca477ca30ea95b6a0 Signed-off-by:
-
Thomas Petazzoni authored
Signed-off-by:
-
Thomas Petazzoni authored
Now that pkg-stats is not just a maintainer-oriented tool, but a tool generally useful to users, introduce a make target to run pkg-stats. Of course, it is run with the newly introduced -c option, which produces a pkg-stats output for just the selection of packages of the currently defined configuration. Signed-off-by:
-
Thomas Petazzoni authored
Now that pkg-stats is able to generate its output based on the list of packages enabled in the current configuration, cve-checker doesn't serve any purpose. Signed-off-by:
-
Thomas Petazzoni authored
pkg-stats was initially a Buildroot maintenance oriented tool: it was designed to examine all Buildroot packages and provide statistics/details about them. However, it turns out that a number of details provided by pkg-stats, especially CVEs, are relevant also for Buildroot users, who would like to check regularly if their specific Buildroot configuration is affected by CVEs or not, and possibly check if all packages have license information, license files, etc. The cve-checker script was recently introduced to provide an output relatively similar to pkg-stats, but focused on CVEs only. But in fact, its main difference is on the set of packages that we consider: pkg-stats considers all packages, while cve-checker uses "make show-info" to only consider packages enabled in the current configuration. So, this commit introduces a -c option to pkg-stats, to tell pkg-stats to generate its output based on the list of configured packages. -c is mutually exclusive with the -p option (explicit list of packages) and -n option (a number of packages, picked randomly). Signed-off-by:
-
Thomas Petazzoni authored
Currently, pkg-stats expects being executed from Buildroot's top-level source directory. As we are going to extend pkg-stats to cover only the packages available in the current configuration, it makes sense to be able to run it from the output directory, which can be anywhere compared to Buildroot's top-level directory. This commit adjusts pkg-stats to this, by inferring all Buildroot paths based on the location of the pkg-stats script itself. Signed-off-by:
-
Romain Naour authored
"loader_dr3_helper.c uses xcb_xfixes_create_region() that requires dep_xcb_xfixes to link. This is dependent on with_platform_x11 and with_dri3. But the source meson file does not set this up dependent on with_dri3." i686-buildroot-linux-gnu/bin/ld: src/loader/libloader_dri3_helper.a(loader_dri3_helper.c.o): in function `loader_dri3_swap_buffers_msc': loader_dri3_helper.c:(.text.loader_dri3_swap_buffers_msc+0x33e): undefined reference to `xcb_xfixes_create_region' Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/830981830 Signed-off-by:
-
Fabrice Fontaine authored
This will fix a static build failure with dnsmasq on latest libnetfilter_conntrack Fixes: - http://autobuild.buildroot.org/results/3fdc2cba20162eb86eaa5c49a056fb40fb18a392 Signed-off-by:
Baruch Siach <baruch@tkos.co.il> [Peter: adjust upstream status as pointed out by Baruch] Signed-off-by:
-
Romain Naour authored
The commit [1] moved systemd-journal-gatewayd into systemd-journal-remote option. Update to BR2_PACKAGE_SYSTEMD_JOURNAL_REMOTE in the testsuite when BR2_PACKAGE_SYSTEMD_JOURNAL_GATEWAY is used. Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/830981805 https://gitlab.com/buildroot.org/buildroot/-/jobs/830981811 [1] e46fe9a6 Signed-off-by:
-
Fabrice Fontaine authored
slirp depends on libglib2, don't update xen as it already depends on it Fixes: - http://autobuild.buildroot.org/results/0b9cff1bc650876a6fff6102b2cb31dcdf4c5e8f Signed-off-by:
-
Fabrice Fontaine authored
Other "official" tarballs don't ship .tarball-version resulting in a build failure: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/24 Fixes: - http://autobuild.buildroot.org/results/0b9cff1bc650876a6fff6102b2cb31dcdf4c5e8f Signed-off-by:
-
Alexander Egorenkov authored
Linking of libekmfweb fails when zkey-ekmfweb.so build is enabled. Fixes: - http://autobuild.buildroot.net/results/d41bca3be35d1a48f962be03920f2b81c3e9bb9f Signed-off-by:
Alexander Egorenkov <egorenar@linux.ibm.com> Signed-off-by:
-
