Thomas Petazzoni [Fri, 25 Nov 2022 18:02:31 +0000 (19:02 +0100)]
configs/roc_pc_rk3399: remove defconfig
Commit 5370ec74516495a4ac6c0bc9780b8e92a2f1e6b1 was supposed to remove
the roc_pc_rk3399 defconfig. It actually removed everything related to
this defconfig, but not the defconfig itself.
The build failure this commit was supposed to fix is therefore still
happening. We fix it up by finally removing the defconfig.
James Hilliard [Fri, 28 Oct 2022 22:38:44 +0000 (16:38 -0600)]
package/gcc: ensure __register_frame is optimized out for glibc
On some architectures when building with -O0 the __register_frame
symbol fails to get optimized out which can cause linking failures
when building glibc.
To fix this set -O1 for GCC target libs when building with glibc
and BR2_OPTIMIZE_0 on the problematic target architectures.
This was reported both to GCC [1] and glibc [2] upstream. It is not
entirely clear yet where the bug lies exactly. At the moment the
assumption is that it's GCC, so create a symbol
BR2_TOOLCHAIN_HAS_GCC_BUG_107728.
This issue only seems to occur when linking glibc, not with anything
else, so only compile libgcc from host-gcc-initial with -O1.
package/rtl8821au: move upstream and fix missing linux options
This package builds to fail with Linux > 5.15 and abperiasamy's
rtl8812AU_8821AU_linux repository is not maintained since 2 years and
there is now a fork where all pending patches have been upstreamed, so
let's switch to lwfinger's rtl8812au repository that is well
maintained with Linux up to version 5.18 supported. While switching
let's drop all local patches. Also add me as maintainer for this
package in DEVELOPERS file.
package/wilc-driver: fix build failure due to missing Linux options
Enable Linux options depending on the bus has been chosen, so:
1) enable by default common Linux options:
CONFIG_NET
CONFIG_WIRELESS
CONFIG_CFG80211
CONFIG_CRC_ITU_T
CONFIG_CRC7
2) enable for SDIO bus:
CONFIG_MMC
3) enable for SPI bus:
CONFIG_SPI
Peter Korsgaard [Thu, 24 Nov 2022 13:53:34 +0000 (14:53 +0100)]
package/libkrb5: security bump to version 1.20.1
Fixes the following security issue:
CVE-2022-42898: In MIT krb5 releases 1.8 and later, an authenticated
attacker may be able to cause a KDC or kadmind process to crash by reading
beyond the bounds of allocated memory, creating a denial of service. A
privileged attacker may similarly be able to cause a Kerberos or GSS
application service to crash. On 32-bit platforms, an attacker can also
cause insufficient memory to be allocated for the result, potentially
leading to remote code execution in a KDC, kadmind, or GSS or Kerberos
application server process. An attacker with the privileges of a
cross-realm KDC may be able to extract secrets from a KDC process's memory
by having them copied into the PAC of a new ticket.
Bugfix tarballs are located in the same directory as the base version, so
introduce LIBKRB5_VERSION_MAJOR.
Yann E. MORIN [Sat, 5 Nov 2022 16:55:24 +0000 (17:55 +0100)]
package.libopenssl: fix enabling/disabling mdc2
Commit 3dbc86f09897 (openssl: bump version, enable mdc2+camellia+tlsext)
form 2010-06-03, forced the build of mdc2. Commit a83d41867c8d
(package/libopenssl: add option to enable some features) added an option
to explicitly disable mdc2, but forgot to amend the existing enabling
option.
It appears that, like most (all?) openssl config options, mdc2 ends up
enabled unless explicitly disabled.
Additionally, mdc2 depends on DES, so without DES, mdc2 gets disabled.
So, drop the explicit enabling option, and make mdc2 select DES.
Yann E. MORIN [Sat, 5 Nov 2022 16:55:23 +0000 (17:55 +0100)]
package/libopenssl: drop useless option for rc5
Commit a83d41867c8d (package/libopenssl: add option to enable some
features) added an option to enable rc5. However, since commit 1fff94121936 (Fixup non-x86 openssl build), dated 2002-12-30, rc5
has always been forcibly disabled in Buildroot.
Given that it was unconditionally disabled all this time, and no
one complained, it means there is virtually no-one using rc5, so we
can just drop the option.
Michael Nosthoff [Thu, 10 Nov 2022 10:23:12 +0000 (11:23 +0100)]
package/swupdate: add libubootenv as optional dependency
If the swupdate configuration contains CONFIG_UBOOT=y it uses
libubootenv to access the U-Boot environment.
We don't have Buildroot config options for all the different optional
dependencies of swupdate, instead we rely on the user to select the
appropriate packages and simply add the dependency in the .mk file. Do
this for libubootenv as well. swupdate doesn't have anything like
HAVE_LIBUBOOTENV, it just assumes libubootenv is available.
Fixes:
bootloader/uboot.c:23:10: fatal error: libuboot.h: No such file or directory
23 | #include <libuboot.h>
Note that libubootenv is normally built before swupdate (alphabetical
ordering), so the error only occrus with BR2_PER_PACKAGE_DIRECTORIES or
when building swupdate directly.
Note that the autobuilders don't have this error, because they only
build swupdate with a default configuration that doesn't have U-Boot
support.
Fabrice Fontaine [Wed, 23 Nov 2022 22:24:01 +0000 (23:24 +0100)]
package/heimdal: security bump to version 7.7.1
This release fixes the following Security Vulnerabilities:
- CVE-2022-42898 PAC parse integer overflows
- CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and
arcfour
- CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of
array
- CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
- CVE-2021-3671 A null pointer de-reference when handling missing sname
in TGS-REQ
- CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0
on the Common Vulnerability Scoring System (CVSS) v3, as we believe
it should be possible to get an RCE on a KDC, which means that
credentials can be compromised that can be used to impersonate
anyone in a realm or forest of realms.
Heimdal's ASN.1 compiler generates code that allows specially
crafted DER encodings of CHOICEs to invoke the wrong free function
on the decoded structure upon decode error. This is known to impact
the Heimdal KDC, leading to an invalid free() of an address partly
or wholly under the control of the attacker, in turn leading to a
potential remote code execution (RCE) vulnerability.
This error affects the DER codec for all extensible CHOICE types
used in Heimdal, though not all cases will be exploitable. We have
not completed a thorough analysis of all the Heimdal components
affected, thus the Kerberos client, the X.509 library, and other
parts, may be affected as well.
This bug has been in Heimdal's ASN.1 compiler since 2005, but it may
only affect Heimdal 1.6 and up. It was first reported by Douglas
Bagnall, though it had been found independently by the Heimdal
maintainers via fuzzing a few weeks earlier.
While no zero-day exploit is known, such an exploit will likely be
available soon after public disclosure.
- CVE-2019-14870: Validate client attributes in protocol-transition
- CVE-2019-14870: Apply forwardable policy in protocol-transition
- CVE-2019-14870: Always lookup impersonate client in DB
Vincent Stehlé [Wed, 23 Nov 2022 10:20:35 +0000 (11:20 +0100)]
boot/edk2: refine license
The edk2 project is licensed under the BSD-2-Clause license with a patent
grant, as per commit 304bff7223a8 ("edk2: Change License.txt from 2-Clause
BSD to BSD+Patent").
There is a BSD-2-Clause-Patent SPDX license identifier[1] for this case,
therefore refine the edk2 package to use this more specific identifier.
Vincent Stehlé [Wed, 23 Nov 2022 10:20:34 +0000 (11:20 +0100)]
package/edk2-platforms: refine license
The edk2-platforms project is licensed under the BSD-2-Clause license with
a patent grant, as per commit ae604e4ffe8f ("edk2-platforms: Change
License.txt from 2-Clause BSD to BSD+Patent").
There is a BSD-2-Clause-Patent SPDX license identifier[1] for this case,
therefore refine the edk2-platforms package to use this more specific
identifier.
Peter Korsgaard [Tue, 22 Nov 2022 20:18:25 +0000 (21:18 +0100)]
package/python3: add upstream security fix for CVE-2022-45061
Fixes the following security issue:
CVE-2022-45061: An issue was discovered in Python before 3.11.1. An
unnecessary quadratic algorithm exists in one path when processing some
inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably
long name being presented to the decoder could lead to a CPU denial of
service. Hostnames are often supplied by remote servers that could be
controlled by a malicious actor; in such a scenario, they could trigger
excessive CPU consumption on the client attempting to make use of an
attacker-supplied supposed hostname. For example, the attack payload could
be placed in the Location header of an HTTP response with status code 302.
Brandon Maier [Tue, 22 Nov 2022 20:17:01 +0000 (14:17 -0600)]
boot/uboot/uboot.mk: fix zynqmp without pmufw
Commit d07e6b70 (boot/uboot/uboot.mk: add pmufw.elf support) broke
configurations where the UBOOT_ZYNQMP_PMUFW was blank. Previously it
would set the U-Boot CONFIG_PMUFW_INIT_FILE to the blank string, but now
it will set it to ".bin" which causes U-Boot to fail to build.
Marek Metelski [Mon, 7 Nov 2022 09:16:58 +0000 (10:16 +0100)]
package/gitlab-runner: fix inconsistency of systemd and sysv daemons
Copy default $DAEMON_ARGS from systemd service to sysv init script.
Make GITLAB_RUNNER_USER home directory the same as default
--work-directory (-d) flag.
Run sysv daemon process using root user (remove -c option)
This is needed to correctly access config files as specified.
System access can still be limited with gitlab-runner `--user` flag.
Use same $DAEMON_ARGS variable name so it can be overwritten in
/etc/default/gitlab-runner environment file in both cases.
James Hilliard [Mon, 31 Oct 2022 17:49:59 +0000 (11:49 -0600)]
package/iwd: add dbus compile time dependency
In 5b3b2d80f4cf586d360ff696c3dacbd4cb48fdc4 we dropped dbus as a build
dependency, however we still need it when building with systemd so
that the service directory is available via pkg-config.
In addition we can drop --with-dbus-datadir by unconditionally
requiring dbus as the datadir will then be fetched from pkg-config.
Fixes:
checking D-Bus bus services directory... configure: error: D-Bus bus services directory is required
Giulio Benetti [Wed, 16 Nov 2022 00:40:55 +0000 (01:40 +0100)]
package/rtl8189es: bump to latest version to fix build failure with Linux >= 6.0
Drop local patch that has been upstreamed[0] and drop the endianness
handling too since from this commit[1] on it's handled by using Linux
macro __LITTLE_ENDIAN.
Miquel Raynal [Wed, 16 Nov 2022 08:43:13 +0000 (09:43 +0100)]
package/mali-driver: remove Miquèl from the DEVELOPERS list
I am not really maintaining these packages, I don't follow closely
enough nor use them to take the time to make the necessary changes.
Giulio has been much more reactive than me to fix issues and he is
already listed for them anyway.
Giulio Benetti [Wed, 16 Nov 2022 15:22:36 +0000 (16:22 +0100)]
package/rtl8723ds: fix build failure due to endianness and Linux version 6.0
Add local patch pending upstream[0] to override CFLAGS to set endianness
according to BR2_ENDIAN. Let's also bump version to latest to support up to
Linux 6.1.
Bernd Kuhls [Wed, 16 Nov 2022 18:04:52 +0000 (19:04 +0100)]
package/mesa3d: fix uClibc build
Moved the util/compiler.h include to util/macros.h due to upstream
commit which added static_assert() to src/util/macros.h
https://cgit.freedesktop.org/mesa/mesa/commit/src/util/macros.h?h=22.2&id=f1023571e8ce7ccb6ec7bc115240cb76aef3e5e5
Please note that this patch can be removed when buildroot toolchains
are updated to uClibc 1.0.42:
https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?h=v1.0.42&id=03fbd941e943976bb92cb392882c2ff7ec218704
igh-ethercat comes with a small number of patched Linux kernel network
drivers, which aim at replacing the ones available in upstream Linux
kernel. All those drivers are provided only for specific kernel
releases. For example:
Obviously, this doesn't play well with the random configuration
testing done by utils/genrandconfig. This commit avoids this issue by
making sure we never build any of those drivers as part of the
genrandconfig generated configurations.
Thomas Petazzoni [Wed, 16 Nov 2022 21:21:04 +0000 (22:21 +0100)]
package/igh-ethercat: bump to latest Git commit
The current version 1.5.2 dates back from 2013, so it is extremely
old. The latest master branch of igh-ethercat contains numerous fixes,
including fixes to ensure that it builds with recent Linux kernel
releases. Backporting the individual patches fixing those issues on a
9 year old release would be too much effort, so we propose to simply
bump the version to the latest available in the Git master branch.
Giulio Benetti [Thu, 17 Nov 2022 19:45:05 +0000 (20:45 +0100)]
package/libnss: fix build failure with make 4.3.91
Make 4.3.91 doesn't allow to safely override Simple Expanded Variables, so
let's add a patch pending upstream[0] to make those variable Conditional
Expanded.
It unfortunately also introduced a change to chan_iax2, breaking builds
without OpenSSL:
https://github.com/asterisk/asterisk/commit/59a8cdaca2dbb5eeb7382dfbe78c0c1cbed8ce6d
So bump to 16.28.0:
https://www.asterisk.org/asterisk-news/asterisk-16-28-0-now-available/
The libxml2 support now uses pkg-config, so drop the libxml2-config handling:
https://github.com/asterisk/asterisk/commit/bf9dafa7c22302b2f1a12b8216da63102116d9c9
Peter Korsgaard [Sun, 20 Nov 2022 16:26:22 +0000 (17:26 +0100)]
package/systemd: security bump to version v250.8
Fixes the following security issue:
- CVE-2022-3821: An off-by-one Error issue was discovered in Systemd in
format_timespan() function of time-util.c. An attacker could supply
specific values for time and accuracy that leads to buffer overrun in
format_timespan(), leading to a Denial of Service.
https://github.com/systemd/systemd/issues/23928
Drop now upstream 0001-missing-syscall-define-MOVE_MOUNT_T_EMPTY_PATH-if-mi.patch
Fabrice Fontaine [Sun, 20 Nov 2022 10:25:31 +0000 (11:25 +0100)]
package/sysstat: security bump to version 12.6.1
Fix CVE-2022-39377: sysstat is a set of system performance tools for the
Linux operating system. On 32 bit systems, in versions 9.1.16 and newer
but prior to 12.7.1, allocate_structures contains a size_t overflow in
sa_common.c. The allocate_structures function insufficiently checks
bounds before arithmetic multiplication, allowing for an overflow in the
size allocated for the buffer representing system activities. This issue
may lead to Remote Code Execution (RCE).
Despite what is written above in the CVE announcement, and as written in
the Changelog, the fix is also included in version 12.6.1 (12.7.1 is a
development version):
https://github.com/sysstat/sysstat/commit/c1e631eddc50c04e4dcea169ba396bee2bd6b0ab
As a consequence, 12.6.1 is still reported as being affected. Until the
NVD is updated appropriately, we mark the CVE as ignored with a comment
that explains why.
Note: that commit is not reachable from any branch in the sysstat
repository, and Github warns about that, but the commit does belong to
the upstream repository and is reachable from the 12.6.1 tag (it looks
like sysstat only pushes tags-with-history for fix releases).
openpgm-5-3-128 has assembly code for x86 that is not guarded by
architecture defines. A patch to fix that has been merged upstream
some time ago, and the next release will have it. This includes
that patch for the time being.
Fixes: http://autobuild.buildroot.net/results/338291e5bf0671cb7ed7a32cc10e546c7a521acc Fixes: http://autobuild.buildroot.net/results/3ab6d7f9ee841fa18c1c220d722b1c06ca1fff30 Fixes: http://autobuild.buildroot.net/results/68e840b1fec8f14775cef0b6a14d9b847337324b Signed-off-by: Alexander Lukichev <[email protected]> Signed-off-by: Yann E. MORIN <[email protected]>
Peter Korsgaard [Sat, 19 Nov 2022 13:45:10 +0000 (14:45 +0100)]
package/xterm: security bump to patch 376
Fixes the following security issue:
CVE-2022-45063: xterm before 375 allows code execution via font ops, e.g.,
because an OSC 50 response may have Ctrl-g and therefore lead to command
execution within the vi line-editing mode of Zsh:
Peter Korsgaard [Sat, 19 Nov 2022 10:50:34 +0000 (11:50 +0100)]
package/xen: security bump to version 4.14.5
Includes a number of bugfixes and the security fixes up to xsa-400:
https://xenproject.org/downloads/xen-project-archives/xen-project-4-14-series/xen-project-4-14-5/
Peter Korsgaard [Sat, 19 Nov 2022 10:19:03 +0000 (11:19 +0100)]
package/nodejs: security bump to version 16.18.1
Fixes the following security issue:
DNS rebinding in --inspect via invalid octal IP address (Medium) (CVE-2022-43548)
The Node.js rebinding protector for --inspect still allows invalid IP
address, specifically, the octal format. An example of an octal IP address
is 1.09.0.0, the 09 octet is invalid because 9 is not a number in the base 8
number system. Browsers such as Firefox (tested on latest version m105)
will still attempt to resolve this invalid octal address via DNS. When
combined with an active --inspect session, such as when using VSCode, an
attacker can perform DNS rebinding and execute arbitrary code
Update license hash for an update of base64 (MIT license) and a change in
copyright year:
Michael Fischer [Tue, 15 Nov 2022 16:27:05 +0000 (17:27 +0100)]
package/libksba: security bump to version 1.6.2
A severe bug has been found in Libksba , the library used by GnuPG for parsing
the ASN.1 structures as used by S/MIME. The bug affects all versions of Libksba
before 1.6.2 and may be used for remote code execution.
./simd-checksum-x86_64.cpp: In function 'uint32_t get_checksum1_cpp(char*, int32_t)':
./simd-checksum-x86_64.cpp:89:52: error: multiversioning needs 'ifunc' which is not supported on this target
89 | __attribute__ ((target("default"))) MVSTATIC int32 get_checksum1_avx2_64(schar* buf, int32 len, int32 i, uint32* ps1, uint32* ps2) { return i; }
| ^~~~~~~~~~~~~~~~~~~~~
./simd-checksum-x86_64.cpp:480:1: error: use of multiversioned function without a default
480 | }
| ^
If you can't fix the issue, re-run ./configure with --disable-roll-simd.
Neal Frager [Mon, 14 Nov 2022 13:51:26 +0000 (06:51 -0700)]
board/zynqmp/kria/kv260/kv260.sh: fix u-boot.itb without CONFIG_MULTI_DTB_FIT option
This patch fixes the kv260.sh to generate a working u-boot.itb
now that the CONFIG_MULTI_DTB_FIT u-boot option is no longer used.
This is a follow-up fix of 515319b86f17ea5a2ce3e51c9063bac9f9e00a01 ("board/zynqmp/kria/kv260/uboot.fragment:
remove unnecessary CONFIG_MULTI_DTB_FIT option") to fix the build of:
- Refresh patch
- Drop -lz from Makefile with libressl as this is the only solution for
now: https://github.com/radiator-software/p5-net-ssleay/issues/399
- License has been clarified to be Artistic-2.0 since version 1.86.11:
https://github.com/radiator-software/p5-net-ssleay/commit/aa4a0206d6d2a5ac2998dd9d6a8c5b88902c04de
- This bump will fix the following build failure with libressl:
In file included from /home/autobuild/autobuild/instance-11/output-1/host/armeb-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/perl5/5.34.1/armeb-linux/CORE/perl.h:5748,
from SSLeay.xs:141:
SSLeay.xs: In function 'XS_Net__SSLeay_SESSION_get_master_key':
SSLeay.xs:5569:37: error: invalid use of incomplete typedef 'SSL_SESSION' {aka 'struct ssl_session_st'}
5569 | sv_setpvn(ST(0), (const char*)s->master_key, s->master_key_length);
| ^~
Thomas Petazzoni [Fri, 11 Nov 2022 21:57:59 +0000 (22:57 +0100)]
utils/genrandconfig: disallow configs with BR2_XTENSA_CUSTOM=y
When BR2_XTENSA_CUSTOM=y is used with the internal toolchain, an
overlay file is mandatory, which genrandconfig can't provide. So we
simply disallow such configurations.
Thomas Petazzoni [Fri, 11 Nov 2022 21:57:58 +0000 (22:57 +0100)]
arch/arch.mk.xtensa: relax check on overlay file to apply only to internal toolchains
Commit 4cbf7336914f25478aea943456ba7dc3c892c21a ("arch/xtensa: custom
configuration requires an overlay") added a check in
arch/arch.mk.xtensa to bail out if a custom Xtensa core is selected
but not overlay file is provided. While this is indeed a perfectly
valid check to make when building an internal toolchain, with an
external toolchain it's entirely possible to build with no overlay
file: the toolchain already exists, and there's no overlay to be
applied in the context of the Buildroot build.
And indeed commit 4cbf7336914f25478aea943456ba7dc3c892c21a broke some
of the runtime test cases that use a custom Xtensa core configuration,
with no overlay, to test the toolchains.bootlin.com Xtensa external
toolchain. By relaxing the check to only apply to internal toolchain
configurations, we fix those test cases.
It is to be noted that this still allows a configuration where gdb gets
built for a custom core, but with no overlay, so basically that means
the fsf variant, which can lead to build or run failures that 4cbf7336914f attempted to fix to begin with. This still covers the
most common cases.
Finally, it also means being able to build a kernel with no overlay, but
this is offset by the fact that the kernel may be already patched with
an overlay (as it is possible to specify a custom kernel), which is most
probably what people using a custom core would have.
Fabrice Fontaine [Sat, 12 Nov 2022 21:36:55 +0000 (22:36 +0100)]
package/ntfs-3g: security bump to version 2022.10.3
Fix CVE-2022-40284: A buffer overflow was discovered in NTFS-3G before
2022.10.3. Crafted metadata in an NTFS image can cause code execution. A
local attacker can exploit this if the ntfs-3g binary is setuid root. A
physically proximate attacker can exploit this if NTFS-3G software is
configured to execute upon attachment of an external storage device.
Yann E. MORIN [Sat, 12 Nov 2022 13:37:07 +0000 (14:37 +0100)]
package/dracut: workaround breakage on non-merged-usr hosts
dracut is not really ready to be installed with a non-/ prefix, and it
has a lot of hard-coded assumptions that it is going to run on the host
for which it is goign to generate an initramfs; for example, it
hard-codes calls to /lib/dracut/some-file in some of its modules. It
also uses the host system layout to decide whether it needs a
merged-usr or not.
Furthermore, dracut populates the temporary directory which content will
be used to generate the cpio, with a bunch of files, even before calling
any of the dracut modules.
The name for that temporary directory is not predictable (looks like the
output of 'mktemp -d dracut.XXXXXX', with names like dracut.1Vfn9F seen
while debugging).
As a consequence, we can't prepare the temporary directory with the
proper symlinks beforehand.
So, we provide a very-early module of our own, that will (hopefully) run
before any other module, to fixup the messed-up layout prepared by
dracut. This module moves the content of /lib, /bin, and /sbin, out and
into their counterparts in /usr, and creates the usual symlinks.
When we do not require a merged-usr, then we have nothing to do, so the
module checks for /lib being a symlink, as the hint that we want a
merged-usr or not.
Note: currently, we've seen nothing that dracut installed in /bin or
/sbin, but for trying to be future-proof, we also handle them; this
causes a spurious warning:
mv: cannot stat '..../build/buildroot-fs/cpio/tmp/dracut.YQnzNP/initramfs/bin/*': No such file or directory
Since there are already quite a bunch of similar failures in the
official modules bundled in dracut, an extra such issue or two should
not be too scary...
Yann E. MORIN [Sun, 13 Nov 2022 11:09:01 +0000 (12:09 +0100)]
package/systemd: fix build with -Ofast
systemd does not build with -Ofast (at least with gcc-12), leading to
build errors like:
../src/shared/condition.c: In function ‘condition_dump_list’:
../src/shared/condition.c:1227:33: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
1227 | "%s\t%s: %s%s%s %s\n",
| ^~
cc1: some warnings being treated as errors
It is not really clear what the reason is, but it smells like a compiler
error.
Indeed, the failing format is passed to an fprintf, and the parameter
corresponding to the failing %s directive is a call to a function
which prototype is defined but the implementation only comes later in
the same compilation unit, but is the result of macro expansion, which
yields a function definition like:
const char foo_to_string(foo_type i) {
if (i < 0 || i >= (foo_type) ELEMENTSOF(foo_table))
return NULL;
return foo_table[i]
}
(where ELEMENTSOF(x) is a macros arounf sizeof(x) to determine the
number of elements in the array foo_table).
However, in the failing case, foo_table is a static const array indexed
with constants from an enum, and foo_to_string() is only ever called
with variables that are only ever set to one of those enum values.
Since -Ofast is also explicitly documented as breaking otehrwise
conformant programs, we're not going to debug further the reason for the
build failure.
Instead, just revert to the best alternate optimisation level. We chose
-O3, as -Ofast is based on -O3 with breaking optimisation flags.
Yann E. MORIN [Sat, 12 Nov 2022 22:05:37 +0000 (23:05 +0100)]
package/matchbox-starup-monitor: fix build without C++
matchbox-startup-monitor is an ageing package, and uses an old
configure.ac with archaic constructs. This had generated a configure
script that incorrectly tries to look for and validate a C++ compiler:
checking for powerpc64le-buildroot-linux-gnu-g++... no
checking whether we are using the GNU C++ compiler... no
checking whether no accepts -g... no
checking dependency style of no... none
checking how to run the C++ preprocessor... /lib/cpp
configure: error: C++ preprocessor "/lib/cpp" fails sanity check
Calling autoreconf fixes the issue, as the generated configure no longer
tries to look for a C++ compiler at all anymore. Running autoreconf does
not add any new dependency, as they are already in the dependency chain
via other packages.
See also similar changes: 9993a36f5e12 package/pamtester: fix build without C++ c05cc5de868c package/madplay: needs autoreconf eae18d01abc7 libmad: needs autoreconf 43274dd3e0da package/libid3tag: needs autoreconf
This patch removes the CONFIG_MULTI_DTB_FIT u-boot option for the
zynqmp_kria_kv260_defconfig as it is not necessary. The post build
kv260.sh creates the proper u-boot.itb without needing this option.
Baruch Siach [Sun, 13 Nov 2022 19:09:54 +0000 (21:09 +0200)]
boot/arm-trusted-firmware: fix SSP disable in v2.2
ATF version 2.2 and older does not disable SSP when
ENABLE_STACK_PROTECTOR is not set. This is because the compiler enables
SSP by default, and ATF does not pass -fno-stack-protector to the
compiler. Upstream commit 7af195e29a42 ("Disable stack protection
explicitly") fixed the issue for v2.3 and newer.
Add -fno-stack-protector in CFLAGS when
BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP is not set to fix older ATF
versions.
mdio.c: In function 'mdio_modprobe':
mdio.c:738:15: error: implicit declaration of function 'fork' [-Werror=implicit-function-declaration]
738 | pid = fork();
| ^~~~
Thomas Petazzoni [Fri, 11 Nov 2022 22:40:10 +0000 (23:40 +0100)]
package/imagemagick: utilities now need C++ support
Since upstream commit
https://github.com/ImageMagick/ImageMagick/commit/07f3b487f9860fd4eb9422f1a906d0fe83b6fd1c
(which first appeared in version 7.1.0-47), ImageMagick forces the
need of a C++ compiler to build its utilities. Despite the request of
Bernd Kuhls to revert this change, upstream declined.
Since this change is causing build failures in our autobuilders, our
only choice is to follow the choice of upstream, and disable building
the utilities when C++ support is not available.
Nuno Gonçalves [Thu, 10 Nov 2022 14:00:54 +0000 (14:00 +0000)]
packages/sudo: explicitly set enable-tmpfiles.d
sudo's configure script looks up on the host to determine the path where
to install its systemd tmpfiles. That is incorrect in cross-compilation.
We can explicitly tell sudo where to install its tmpfiles, which we do
when systemd is enabled (in Buildroot, systemd-tmpfiles is always
enabled when systemd is), or we can tell it not to install tmpfiles at
all, which we do otherwise.
Nuno Gonçalves [Thu, 10 Nov 2022 14:00:53 +0000 (14:00 +0000)]
packages/sudo: explicitly set with-tzdir
sudo's configure script looks up on the host to determine the path to
the timezone data location. That fails in cross-compilation.
This is used to sanitise the TZ envirnment variable at runtime, and is
not used at buildtime (except to be stored as a string in the program).
We can tell sudo where the tz data will be, which we do when the tzdata
package is enabled, and we can tell it not to use it at all (to not pass
TZ down to sudo-ed executions) othwerwise.
Heiko Thiery [Tue, 8 Nov 2022 07:36:07 +0000 (08:36 +0100)]
configs/kontron_bl_imx8mm_defconfig: bump U-boot to 2022.10
Commit 223516b51e1a (configs/kontron_bl_imx8mm: U-Boot needs util-linux)
added the needed dependency against host-util-linux, but missed an
earlier comment about u-boot still failing [0]
The U-Boot makefile for the host tools does not handle the
compiler/linker options properly. There are some patches [1][2] that fixes
that issue already applied in the newer U-Boot version 2022.10. So we have to
bump U-Boot to fix an autobuilder failure.
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/3267233833
[0] https://lore.kernel.org/buildroot/CAEyMn7Y3UgT-8dYY5rbnzcPfbGmqRVXG=joWx1fSSCC=WiFzbg@mail.gmail.com/
[1] U-Boot: a638bd349ea43825 (kbuild: add KBUILD_HOSTLDFLAGS to cmd_host-csingle)
[2] U-Boot: 31a7688cbe0ed5ed (tools: mkeficapsule: use pkg-config to get -luuid and -lgnutls)
Erico Nunes [Tue, 11 Oct 2022 08:49:46 +0000 (10:49 +0200)]
package/efivar: fix build with musl libc
Backport upstream patch to fix build with musl libc.
This patch is only a requirement since efivar 38 and was applied
upstream shortly after the 38 version tag.
In file included from iw_if.h:26:0,
from conf.c:19:
/home/buildroot/autobuild/instance-1/output-1/host/mips-buildroot-linux-gnu/sysroot/usr/include/linux/if.h:71:2: error: redeclaration of enumerator 'IFF_UP'
IFF_UP = 1<<0, /* sysfs */
^
/home/buildroot/autobuild/instance-1/output-1/host/mips-buildroot-linux-gnu/sysroot/usr/include/net/if.h:44:5: note: previous definition of 'IFF_UP' was here
IFF_UP = 0x1, /* Interface is up. */
^
Bernd Kuhls [Fri, 11 Nov 2022 20:29:21 +0000 (21:29 +0100)]
package/alsa-utils: update dependency for topology support
This is a follow-up patch for
https://git.busybox.net/buildroot/commit/?id=28497102e1788df3628bd3324a3304a03c7942d0
which created a new option for topology support in alsa-lib, this
dependency was not ported over to alsa-utils.
../src/lxc/cgroups/cgfsng.c: In function 'unpriv_systemd_create_scope':
../src/lxc/cgroups/cgfsng.c:1234:104: error: incompatible type for argument 10 of 'sd_bus_call_method_asyncv'
r = sd_bus_call_method_asyncv(bus, NULL, DESTINATION, PATH, INTERFACE, "Subscribe", NULL, NULL, NULL, NULL);
^~~~
Thomas Petazzoni [Fri, 11 Nov 2022 21:58:42 +0000 (22:58 +0100)]
DEVELOPERS: drop entry related to inexisting directory
Commit 4e7dfe20bb8cf0cccfbd177321eff73e82c8d940 ("configs/friendlyarm_nanopi_m4:
remove defconfig") forgot to fully reflect the removal of the
defconfig in the DEVELOPERS file, causing a get-developers warning:
WARNING: 'board/friendlyarm/nanopi-m4' doesn't match any file
Commit ea38acd17d88b9eaf853313398c772b94338ad47 ("package/boost:
backport development branch changes to fix MIPS64 build failure")
introduced a patch formatting issue detected by check-package. This
commit fixes this issue.
Fixes:
package/boost/0001-Improve-modfunc-performance.patch:4: generate your patches with 'git format-patch -N'
Fix the following musl build failure (disabling -Werror seems to be the
only "solution": https://github.com/smuellerDD/libkcapi/issues/136):
lib/kcapi-kernel-if.c: In function '_kcapi_common_send_meta':
lib/kcapi-kernel-if.c:212:12: error: unsigned conversion from 'long int' to 'long unsigned int' changes value from '-4' to '4294967292' [-Werror=sign-conversion]
212 | header = CMSG_NXTHDR(&msg, header);
| ^~~~~~~~~~~
In file included from src/shutdown/hpr_shutdown.c:8:
src/shutdown/hpr.h:20:40: error: unknown type name 'tain_t'; did you mean 'tain'?
20 | extern int hpr_shutdown (unsigned int, tain_t const *, unsigned int) ;
| ^~~~~~
| tain
lib/kcapi-kernel-if.c: In function '_kcapi_common_send_meta':
lib/kcapi-kernel-if.c:196:26: error: conversion to 'int' from 'size_t' {aka 'unsigned int'} may change the sign of the result [-Werror=sign-conversion]
196 | msg.msg_iovlen = kcapi_downcast_int(iovlen);
| ^~~~~~~~~~~~~~~~~~
configure.ac:44: error: possibly undefined macro: AC_SEARCH_LIBS
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.
Pass TARGET_LDFLAGS (which contains -static) to fix the following static
build failures with gpio, iio and pci:
LINK lsgpio
/home/autobuild/autobuild/instance-8/output-1/host/lib/gcc/arm-buildroot-linux-musleabi/10.4.0/../../../../arm-buildroot-linux-musleabi/bin/ld: /home/autobuild/autobuild/instance-8/output-1/host/lib/gcc/arm-buildroot-linux-musleabi/10.4.0/libgcc.a(_dvmd_lnx.o): in function `__aeabi_ldiv0':
/home/autobuild/autobuild/instance-8/output-1/build/host-gcc-final-10.4.0/build/arm-buildroot-linux-musleabi/libgcc/../../../libgcc/config/arm/lib1funcs.S:1499: undefined reference to `raise'
[...]
LINK iio_event_monitor
/home/thomas/autobuild/instance-2/output-1/host/lib/gcc/microblazeel-buildroot-linux-musl/11.3.0/../../../../microblazeel-buildroot-linux-musl/bin/ld: /home/thomas/autobuild/instance-2/output-1/host/lib/gcc/microblazeel-buildroot-linux-musl/11.3.0/libgcc.a(unwind-dw2.o): in function `size_of_encoded_value':
/home/thomas/autobuild/instance-2/output-1/build/host-gcc-final-11.3.0/build/microblazeel-buildroot-linux-musl/libgcc/../../../libgcc/unwind-pe.h:88: undefined reference to `abort'